GPO Replication
All of our DC's are Windows 2003 servers. The machine that we create all of our GPO's on is a Windows 2008 server. When we create a new GPO how is the changed replicated to all other servers and can you force this to happen with a command? I have read it takes 90-120 min to replicate the changes out to other servers and I wanted to know if you can do it asap?
Or, do you have to push out a script that runs GPUPDATE /Force command to all of your workstations? This would also be time consuming so we wanted to know if there was a quick way to do this.
Also, when a GPO is applied do they do any logging and if so where are the logs stored? We would like to be able to query a log or DB to see which machines actually have which GPO's applied.
Or, do you have to push out a script that runs GPUPDATE /Force command to all of your workstations? This would also be time consuming so we wanted to know if there was a quick way to do this.
Also, when a GPO is applied do they do any logging and if so where are the logs stored? We would like to be able to query a log or DB to see which machines actually have which GPO's applied.
0 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
anonymous_9363
15 years ago
GP replication: http://www.lmgtfy.com/?q=domain+controller+force+group+policy+replication
Remember, though, that workstations don't pick up GP until they restart so a GPUPDATE /FORCE /BOOT is the only way to apply a policy "right now", other than following a forced DC replication with a command-line reboot.
As for logging, there's a policy which will turn that on. Logs get stored in %SystemRoot%\TEMP, prefixed "MSI", followed by 4-6 random alphanumeric characters and with a .LOG extension. That isn't the best way to determine installation state, however. You could use the WindowsInstaller.Installer object's ProductState property or simply interrogate the registry looking for the ProductCode. The location for machine-based installs is 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\<UserSID>\Installer\Products\<Packed_ProductCode>
To save time, here's some code to convert packed GUIDs back and forth:
Remember, though, that workstations don't pick up GP until they restart so a GPUPDATE /FORCE /BOOT is the only way to apply a policy "right now", other than following a forced DC replication with a command-line reboot.
As for logging, there's a policy which will turn that on. Logs get stored in %SystemRoot%\TEMP, prefixed "MSI", followed by 4-6 random alphanumeric characters and with a .LOG extension. That isn't the best way to determine installation state, however. You could use the WindowsInstaller.Installer object's ProductState property or simply interrogate the registry looking for the ProductCode. The location for machine-based installs is 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\<UserSID>\Installer\Products\<Packed_ProductCode>
To save time, here's some code to convert packed GUIDs back and forth:
'strCode = "{DF160407-881B-4AE1-B75C-730BD77C424B}"
strMungedCode = "704061FDB1881EA47BC537B07DC724B4"
Call UnMungeProductCode(strMungedCode, strCode)
WScript.Echo strMungedCode & " unmunged becomes " & strCode
strCode = "{7699B723-9718-41DE-8C18-549F341C02CE}"
Call MungeProductCode(strCode, strMungedCode)
WScript.Echo strCode & " munged becomes " & strMungedCode
Sub MungeProductCode(ByVal strProductCode, ByRef strMungedCode)
'// This routine munges the ProductCode into the munged format
'// used by various registry entries for Windows Installer
'// For example: {D650B8A9-C547-42D3-A7DF-0FAD0AC6E9ED}
'// becomes
'// 9A8B056D745C3D247AFDF0DAA06C9EDE
Dim arrSortOrder
Dim strNewCode
Dim intIndex
arrSortOrder = Array(9,8,7,6,5,4,3,2,14,13,12,11,19,18,17,16,22,21,24,23,27,26,29,28,31,30,33,32,35,34,37,36)
'// Generate the munged code
For intIndex = 0 To UBound(arrSortOrder)
strNewCode = strNewCode & Mid(strProductCode,arrSortOrder(intIndex),1)
Next
strMungedCode = strNewCode
End Sub
Sub UnMungeProductCode(ByVal strMungedCode, ByRef strProductCode)
'// This routine reconstructs a ProductCode from the munged format
'// used by various registry entries for Windows Installer
'// For example: 9A8B056D745C3D247AFDF0DAA06C9EDE
'// becomes
'// {D650B8A9-C547-42D3-A7DF-0FAD0AC6E9ED}
Dim arrSortOrder
Dim intIndex
Dim strPartTemp
Dim strPart1
Dim strPart2
Dim strPart3
Dim strPart4
Dim strPart5
'// Part 1
strPartTemp = Left(strMungedCode, 8)
strPart1 = StrReverse(strPartTemp)
'// Part 2
strPartTemp = Mid(strMungedCode, 9, 4)
strPart2 = StrReverse(strPartTemp)
'// Part 3
strPartTemp = Mid(strMungedCode, 13, 4)
'// Excuse me! May I borrow these variables for a moment?
strPart3 = Left(strPartTemp, 2)
strPart4 = Right(strPartTemp, 2)
strPart3 = StrReverse(strPart4) & StrReverse(strPart3)
'// Now deal with part 4 properly
strPartTemp = Mid(strMungedCode, 17, 2)
strPart4 = Mid(strMungedCode, 19, 2)
strPart4 = StrReverse(strPartTemp) & StrReverse(strPart4)
strPartTemp = Mid(strMungedCode, 21, 12)
arrSortOrder = Array(2,1,4,3,6,5,8,7,10,9,12,11)
'// Generate the product code
For intIndex = 0 To UBound(arrSortOrder)
strPart5 = strPart5 & Mid(strPartTemp,arrSortOrder(intIndex),1)
Next
strProductCode = ""
strProductCode = strProductCode & "{"
strProductCode = strProductCode & strPart1
strProductCode = strProductCode & "-"
strProductCode = strProductCode & strPart2
strProductCode = strProductCode & "-"
strProductCode = strProductCode & strPart3
strProductCode = strProductCode & "-"
strProductCode = strProductCode & strPart4
strProductCode = strProductCode & "-"
strProductCode = strProductCode & strPart5
strProductCode = strProductCode & "}"
End Sub
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.
