- It's the applications, stupid
- Will a whitelist save personal computing?
- Thousands of Web sites under attack
- To solve the unsolvable problem
- Re-thinking the security of virtual machines
- Security Development Lifecycle trumps code complexity
- Is your Web site FIPS compliant?
- Computer security: Why have least privilege?
- Strategic security: Get a handle on authentication
- Control user installs of software
January 01, 2007 | Comments: (0)
Force remote GPO updates NOW!
Must have GPO utility for Windows administrators
Don Jones in his Dec. 2006 Redmond Magazine column discusses Special Operations Software's free Gpupdate tool. You can download it here.
Specop's Gpupdate tool allows you to force remote Windows domain computers to pull down the most up to date GPOs. It's very cool and useful. Normally, GPOs are client-side pulled by the workstation every 45-90 minutes, by default, depending on the GPO re-apply interval setting, or you have to go to each computer and execute gpupdate /force. Wouldn't it be nice to make a GPO change and then push it out to everyone immediately? Now you can.
Download and install specop's Gpupdate tool. It can be installed on W2K3 or XP Pro SP2. It requires Microsoft's .NET Framework 2.0 (you can get it at here) and Active Directory Users and Computers. It doesn't work with the Group Policy Management Console (GPMC), but it's so cool that we can easily forgive this oversight. Also, after installing, you must run a one-time Forest scheme extension command (discussed in the accompanying documentation).
After that, simply right-click any OU, user, computer, etc. in Active Directory Users and Computers, and choose the Gpupdate option. It will query and look for all the active participating computers, and tell you which did and didn't take the push.
This latter feature is awesome. It lets you quickly identify computers that aren't working right with Group Policy for one reason or another (e.g. firewall, not joined to the domain, etc.). It displays a bar graph of success and failures, and individually identifies each computer. You can watch as a failure suddenly becomes a success in front of your eyes.
This reason alone is why you should have this utility.
It also lets you start (Wake-on-Lan stuff), restart, and shutdown computers.
Kudos to Specops and Don Jones for bringing this useful utility to my attention. I'll use it for all my clients.
Posted by Roger Grimes on January 1, 2007 05:33 AM
RATE THIS ARTICLE:
-
- COMMENTS
I also have a free tool on my site (www.gpoguy.com/rgprefresh.htm) for doing command-line-based remote GP refresh. Its been out there for a while and is the most popular download on the site. Check it out!
TOP STORIES
Top 10 stories of the weekA new place to hide rootkits
Sun exec on OpenSolaris, Linux
AT&T: No free iPhone Wi-Fi info
MS to appeal E.U. fine
XP SP3 causes endless reboots
Vista as insecure as Win 2000
Google grilled on human rights
Java ubiquity an edge in RIA battle
The InfoWorld news quiz
ADDITIONAL RESOURCES
- Application Security: Threats and How to Counter Them
- Why Linux Threats Mean Business
- Minding the Machines: PC Disaster Recovery for the Enterprise
- Protect Your Data with SSL
- Prevent Your Next Microsoft Exchange Outage
- 11 Myths About Microsoft Exchange Backup & Recovery
