I just had a bit of weirdness with a machine not updating its group policy the way I expected.
Yesterday I removed a machine (Vista) from a group using ADUC. Today when I ran gpresult on the machine, it still showed that it was a member of the group. The time stamp of the last policy update was recent, and I checked the DC the machine had gotten the update from and confirmed that that DC knew the machine was no longer a member of the group. Yet the machine still thought it was. So I ran gpupdate /force, then another gpresult after that. Same thing-the machine still showed as being a member of the group I had removed it from nearly 24 hours earlier. Lastly, I rebooted the machine. Logged back in, ran gpresult, and all was fine. The machine was no longer a member of the group. My question is, why didn't gpupdate /force accomplish this? If a reboot was necessary for the change to apply, normally gpupdate will tell me that. It didn't, though. Is this a bug, or by design? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
