Force Group Policies after imaging
Hi
Got an issue with doing the GPUpdate /force as a post installation after an image has been installed.
The post install is: JoinDomain+Win7OU.ps1, Reg KMS, EnableUAC, reboot, gpupdate /force, reboot.
What happens is that the command GPUPdate /force doesn't work until after about five minutes, then it works fine.
Got a temporary solution which is "timeout 500" then "gpupdate /force" but that is doing the process a lot slower when imaging a lot of computers.
Do anyknow have any idea what the issue could be with the GPO?
I can send some logs tomorrow when I'm at the company.
Answers (1)
This is most likely due to AD replication among the DC's. When you join the machine a secure channel cert is issued and the added to the attached DC, this needs to replicate to the other DC's in the domain before this machine is fully recognized by the domain.
GPUPdate /force on a large number of computers can be a problem. This is because these machines will hit a domain controller and reevaluate every GPO applicable to them.
Comments:
-
GPUpdate: Applies any policies that is new or modified
GPUpdate /force: Reapplies every policy, new and old.
/LogOff: Certain GPOS, such as Folder Redirection, can’t apply in the background. If a logoff is required, this switch will initiate it.
/Boot: If a policy, such as software installation, needs to be applied – the boot command will reboot the machine.
/Sync: Useful for changing the foreground (startup/logon) processing to synchronous. - SMal.tmcc 11 years ago
