0

Right so,

I'm trying to make a remote GPO script that from one of our management machines will push the GPUPDATE command to certain servers. After some googling I found a script that I tried to adapt / make run.

The problem however is that when I run it through the BATCH file it errors out on me when doing line 9 (to be fair it doesn't error it just exits the script)

Link to the Script through pastebin: http://pastebin.com/ugmC9uEr

script code:

@echo on

XPGPORef1=gpupdate.exe /Target:User /force
XPGPORef2=gpupdate.exe /Target:Computer /force

Win2kGPORef1=secedit.exe /refreshpolicy user_policy
Win2kGPORef2=secedit.exe /refreshpolicy machine_policy

For /f “Tokens=*” %%a in (ComputerList.txt) Do (
SET Comp_name=%%a

Ver.exe \\%comp_name% > Hostver.txt

Find /I “XP” < Hostver.txt > CheckCC.txt

IF %errorlevel% == 0 (
Psexec.exe \\%comp_name% Gpupdate.exe /Target:User /force
Psexec.exe \\%comp_name% Gpupdate.exe /Target:Computer /force
) ELSE (
Psexec.exe \\%comp_name% secedit.exe /refreshpolicy user_policy
Psexec.exe \\%comp_name% secedit.exe /refreshpolicy machine_policy
) 
pause

if I run the line 9 code through a DOS prompt window manually and for instance do the following:

For /f “Tokens=*” %a in (ComputerList.txt) Do ( echo %a)

it will run just fine and echo all the computersnames in the list.

Anyone mind giving me a hand ? :)

Cheers

PS: This script is going to try and GPUPDATE both Win2k8/Win2K3 and Win2K computers.

maweeras
  • 2,734
  • 2
  • 17
  • 23
Entity_Razer
  • 475
  • 1
  • 5
  • 17

2 Answers2

1

It may be more beneficial to you to lower the Group Policy Refresh Interval on these servers to 5-10 minutes rather than executing a remote gpupdate on all of your servers.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
0

I can see how the ability to remotely get a machine to update the settings it gets through group policies can be beneficial. But remotely doing gpupdate's for users wont work. You need to do it in the context of the user account. I suspect your primary interest is gpupdate for computer configuration.

Would a free tool like http://www.specopssoft.com/products/specops-gpupdate be of interest? disclaimer I haven't used it.

maweeras
  • 2,734
  • 2
  • 17
  • 23
  • I'm not trying to push GPupdates to users more trying to make sure all our servers get the updated GPO's as soon as we can. Sometimes we make (computer config indeed) changes and we want to make sure all of our servers get them instantly / "on demand" instead of waiting to reboot them sometime in the future. Although a 3rd Party solution COULD be used, we prefer not to simple because this seems like something so silly that it has to have been done before. and apparently it is possible except I'm overlooking something in the script's syntax... – Entity_Razer Aug 13 '11 at 18:14
  • Yes its simple. But I also believe in not re-inventing the wheel. Personally I would not do a /force as if GPOs have changed, gpupdate will process settings as long as they can be done in a background refresh. I would also find the OS details through querying AD or WMI before deciding to use gpupdate or secedit. Good luck with the script :) – maweeras Aug 14 '11 at 10:00