batch script with gpudate

[jeffmoss26]

having a weird problem here-
one of our shop floor computers has a need to access certain internal webpages which are allowed by the proxy in our group policy.
every week or two, it mysteriously stops working, and when I go a gpudate /force and reboot, it works again.
can someone point me in the right direction to create a batch script to automate this process?

thanks!

 

[AcidBurn]

Uh...
gpupdate.exe /force
shutdown -r -t 00

Put that in a .bat and set it as a scheduled task

 

[jeffmoss26]

thanks. stupid question but where do I put the file on this PC so it will run every night?

 

[AcidBurn]

Wherever you want basically

 

[jeffmoss26]

ok I will give it a shot.

 

[calvinj]

So any reason to just band aid the problem vs finding the root of it and fixing it? Not being rude or mean, just remember seeing something else like this a while back.

 

[jeffmoss26]

No offense taken, but I just want to get it working until I have time to tear apart the group policy and see if there is actually an issue. It's just a handful of sites that are in the list so they can access our drawing vault, sharepoint site, and salesforce.

 

[calvinj]

Toss it up when you get the chance. I have group policy on the mind. I'm in the process of finishing up xendesktop in my lab at home and am writing a few group policies specifically for it.

 

[jeffmoss26]

I know I posted about the proxy a while ago:

 

[renixinq]

Just a couple ideas for when you start to troubleshoot the root issue.

Shop floor immediately makes me think of slow connections. GPO has a allow slow connection option that you can set the threshold (kbs if I remember correctly). Slow connections can cause GPO's to flake out.

Shop floor also makes me think old computer. It works no need to upgrade as it does it's job. Old computer account in AD that isn't properly reporting authentications to AD can cause an issue with kerberos which can cause issues with GPO application. Might just drop this computer from AD, delete the account from AD, replicate to all DCs then re-add the computer using the FQDN so a new computer account is established.

Also if it's Win7 you might be able to skip the reboot since THANKFULLY GP can be updated now without a reboot. This has worked each time I've reapplied GP on a Win7 machine but knowing MS this will be somewhat hit and miss. XP definitely reboot.

GL

 

[jeffmoss26]

It is an older PC (Dell 330 with XP pro) but we are on gigabit connections with fairly new cabling throughout the facility.
We are using one generic login for the shop floor since guys often go one more than one PC so I can't delete the account (if I did it would not be fun)

 

[renixinq]

Not the user account, the computer account. The computer account also has to authenticate to the domain. Just dropping the computer to a work group "should" remove the computer account from AD but I suggest ensuring the computer account is removed by deleting it from ADUC and waiting/forcing replication between your DCs.

The generic login should be fine for this purpose. Does that login have issues on other computers not having the GPO applying properly? If no, then I would say it's the computer account instead of something with the GPO.

 

[calvinj]

I did have an issue with some VPN users not always getting complete group policies. I ended up making some changes to the slow link detection (I'll have to go in again and look what it was specifically) and I don't think we've had troubles yet. The network might be great, machine might be decent, but who knows. Something might be slowing down the processing.

Also what does the Group Poilcy Results wizards show when you run through it. Or the RSOP from the machine itself? I personally always run to group policy and troubleshoot there. Seems to be less intrusive for the end user.. And you don't have to leave your desk