Group Policy - Managing Restricted Groups

Soldato
Joined
19 Jul 2004
Posts
4,087
Location
Shoreham by Sea
Just been doing some testing on using restricted groups to control the membership of local security groups.

Ive been using a couple of VM machines running Win XP and this is joined to a domain running a Server 2003 DC.

It seems to work fine although it doesnt seem to refresh very often. Initially I did a gpupdate /force and this cleared any extra membership of the local admin account like it was supposed to but as a test I added another account in there manually. This account wasnt removed when I logged out and back in and wasnt even removed when I did a reboot. It was only removed when I did another gpupdate /force :(

I know these updates are periodic and it would have probably updated by itself eventually and cleared out this extra group but is there any way to control how often it refreshes a policy like this?
 
Soldato
Joined
9 Oct 2008
Posts
2,993
Location
London, England
It's been a while since I've had to deal with this, but if my memory serves me correctly, the default refresh interval is 90 minutes. It is possible to change the interval, however; check out this article for more information.
 
Top Bottom