A
am2o
I have "ownership" of 2000 computers. Recently, I discovered that many of them were not applying GPO (EG: We put in a WSUS GPO & found that it was not getting applied.). Further digging discovered that some of our base images have the registry.pol files (under \windows\system32\group policy\xxx) so locked down that the system account could not modify them.
At this time, I have created a SMS package that eases the permissions on the registry.pol files - but I have no way to test to see if group policy is being applied across all the computers. EG: If I could change the client-side targeting group is wsus, I could verify that GPOs are being applied, but this is not politically feasable.
I would like to know if anyone has found a way to use a group policy to verify that the Group policy was applied. Essentially, I would like to write/append a CSV on a network share to add the hostname and a datestamp to a repositiory. RunOnce was suggested, but appears to run each time a user logs in & not to be disabled if the entry is removed from GPO.
Thanks a lot,
Alex McDiarmid
PS: This is a 2003/xp environment.
Continue reading...
At this time, I have created a SMS package that eases the permissions on the registry.pol files - but I have no way to test to see if group policy is being applied across all the computers. EG: If I could change the client-side targeting group is wsus, I could verify that GPOs are being applied, but this is not politically feasable.
I would like to know if anyone has found a way to use a group policy to verify that the Group policy was applied. Essentially, I would like to write/append a CSV on a network share to add the hostname and a datestamp to a repositiory. RunOnce was suggested, but appears to run each time a user logs in & not to be disabled if the entry is removed from GPO.
Thanks a lot,
Alex McDiarmid
PS: This is a 2003/xp environment.
Continue reading...