This switch will force the application of all GPO settings without considering the GPO version number or updates to the GPO. If you have NOT made any changes to the GPO that contains your security settings, but still want the settings to apply manually, you can use the /force switch with the GPUPDATE command. For computers that are joined to a domain, this will apply all new settings from the local and Active Directory based GPOs. In order to refresh Group Policy (which will include the security settings), you will run GPUPDATE from a command prompt. In this case, Group Policy refresh can be triggered by a simple command, which is very helpful during times when you are testing or wanting to get a setting to a computer immediately.
Group Policy has an automatic background refresh, but in some cases the interval is not fast enough for the settings that you want to deploy. We will see that the Security CSE can be controlled separately from the other CSEs and behaves a bit different than the others as well. The reason that all of these settings fall under this category is because they are all controlled by the Security Client Side Extension (CSE). If you open up a standard GPO on a Windows Server 2008 computer, you would need to expand the Computer Configuration|Policies|Windows Settings|Security Settings node to see all of the security related settings that I am referring to for this article (There are a few settings that fall under User Configuration|Policies|Windows Settings|Security Settings, but they are not used often, but do also fit into this category), as shown in Figure 1.įigure 1: Security settings in a standard Group Policy object To make sure that we are all on the same page, I wanted to make sure that everyone knew exactly what fell under “security settings” within a Group Policy object. This article will go into the different methods that are available for controlling how security settings refresh and apply from Group Policy. The question becomes how to maintain and control the application of the security settings, as well as the refresh of settings that you make in a Group Policy object (GPO)? There are many ways to control how security settings are refreshed and controlled, some of which are already occurring on your network now and can be tweaked if you want to go down that path.
There is no question that Group Policy inside Active Directory is the most efficient and logical way to configure and maintain security for all of your domain controllers, servers, and desktops.
0 kommentar(er)
