In Windows Server 2012, administrators can remote refresh group policy settings on a group of remote computers by Group Policy Management Console (GPMC). To remote refresh group policy settings by Group Policy Management Console (GPMC), the computers need to under OUs.
Goals
I will remote refresh the group policy for a workstation and a user in "Contoso.com" and test the result.
Prerequisites
- The server named "DC01", is installed Active Directory Domain Services server role.
- The server named "App01", is installed "Windows Server 2012", is under "Servers" OU. The GPO named "Servers GPO" has been linked on "Servers" OU.
Steps
1. On a domain controller, log in as Domain Administrator.
2. Launch "Group Policy Management Console".
3. Expand "Forest: contoso.com > Domains > contoso.com > Servers".
4. Right-click "Servers GPO", select "Edit".
5. Expand "Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security - LDAP://<Name> > Inbound Rules".
6. Right-click "Inbound Rules", select "New Rule".
7. Select "Predefined", select "Remote Scheduled Tasks Management".
8. Click "Next" twice.
9. Select "Allow the connection".
10. Click "Finish".
11. Right-click "Inbound Rules", select "New Rule".
12. Select "Predefined", select "Windows Management Instrumentation (WMI)".
13. Click "Next" twice.
14. Select "Allow the connection", click "Finish".
15. Right-click "Windows Management Instrumentation (ASync-In)", select "Properties".
16. Select "Advanced" tab.
17. Clear "Private" and "Public" check boxes.
18. Click "OK".
19. Repeat steps 15 -18 for other rules.
If you don't configure the above firewall rules for computers, you can't perform remote "Group Policy Update" successfully.
20. Close "Group Policy Management Editor".
Test result
1. On App01, log in as Domain Administrator.
2. Launch "Task Scheduler".
3. Expand "Task Scheduler Library > Microsoft > Windows > GroupPolicy".
4. Back to DC01, still in "Group Policy Management Console".
5. Right-click "Servers" OU, select "Group Policy Update".
6. On "Force Group Policy update" window, click "Yes".
It updates all the computers in the "Servers" OU.
7. Back to the "Task Scheduler" of "App01", right-click "GroupPolicy", select "Refresh".
The schedule jobs of Group Policy have been created by GPMC. It will force to update the computer and current log on user within 10 minutes. After updating the policy, the schedule jobs will be deleted automatically.
When the group policy is updating, the Command Prompt will be shows in the current user session.
Remark: "Remote Group Policy Update" supports Windows Vista, 7, 8, Windows Server 2008, 2008 R2 and Windows Server 2012.
If you would like to remote update group policy on a computer, you can perform PowerShell cmdlet to update it.
Prerequisites
The server installed "Group Policy Management" is joined domain.
1. On a domain controller, log in as Domain Administrator.
2. Launch "PowerShell" with "Run as Administrator".
3. Perform "Import-Module GroupPolicy".
4. Perform "Invoke-Gpupdate -Computer App01".
The schedule jobs of Group Policy have been created. It will force to update the computer and current log on user within 10 minutes. After updating the policy, the schedule jobs will be deleted automatically in App01.
Reference:
Group Policy Overview
How to configure and use "Group Policy Update" in Windows 8
This posting is provided “AS IS” with no warranties, and confers no rights!
No comments:
Post a Comment