[gptalk] Re: GPO Processing after adding computer object to security group
- From: David Cliffe <David.Cliffe@xxxxxxxxxxx>
- To: gptalk@xxxxxxxxxxxxx
- Date: Tue, 07 Nov 2006 17:15:47 -0500
Thanks as always Darren...
Have you ever heard of machines NOT picking up the new group even after
reboot UNLESS you first GPUPDATE with /force?
-DC
-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Tuesday, November 07, 2006 5:14 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO Processing after adding computer object to
security group
Dave-
Picking up the new computer group membership requires a reboot
unfortunately in all cases.
Sec grp. Membership is not recorded in userenv but it is returned by
gpresult or the GPMC GP results wizard.
Darren
-----Original Message-----
From: "David Cliffe" <David.Cliffe@xxxxxxxxxxx>
To: gptalk@xxxxxxxxxxxxx
Sent: 11/7/2006 1:58 PM
Subject: [gptalk] GPO Processing after adding computer object to
security group
Hi,
I have some questions about this scenario --> When delegation is
configured on a computer-based GPO [whereby only members of a specific
security group can read and apply the policy], and the computer object
is subsequently added to the necessary group:
Does the computer require a reboot to pick up the fact that it is
now a member of the new security group (similar to logoff/logon for a
user to get new token when added to a group)? Or does the next policy
refresh (or forced policy refresh) enable it to "realize" it is now a
member of that group without a reboot?
Also, does the enumeration of the computer's security groups get
logged in USERENV.LOG? I don't see anything about it, but then again I
have yet to enable the DEBUGGER flag (0x30002) - maybe it shows only
with that flag?
Thanks,
DaveC
This email was sent to you by Reuters, the global news and information
company.
To find out more about Reuters visit www.about.reuters.com
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of
Reuters Ltd.
[truncated by sender]
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************
This email was sent to you by Reuters, the global news and information company.
To find out more about Reuters visit www.about.reuters.com
Any views expressed in this message are those of the individual sender, except
where the sender specifically states them to be the views of Reuters Ltd.
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************
Other related posts:
