Specops Gpupdate

Download as pdf or txt
Download as pdf or txt
You are on page 1of 8

Specops Gpupdate

Setup and usage


Specops Gpupdate

Contents
Introduction 3
Setup 5
Requirements 5
Installation 5
Using Specops Gpupdate 6
Security 7
Support and troubleshooting 8

Document version: 1.3 2(8)


Specops Gpupdate

Introduction
Specops Gpupdate is a tool that lets the administrator perform tasks related to
remote Group Policy processing directly from Active Directory Users and
Computers (ADUC).

Figure 1: Remote Group Policy refresh from ADUC

There are four different commands that can be executed:


• Gpupdate – Makes the remote computer(s) perform a Group Policy
refresh interval for both the computer and any logged on users with an
optional parameter that will force all Group Policy Objects to be applied
regardless if they have changed or not.

Document version: 1.3 3(8)


Specops Gpupdate

• Restart – Reboots the remote computer(s) and thereby applies Group


Policy settings that can only be applied during boot.
• Shut Down – The same options as Reboot but the computer will not
restart after it has been shut down. This is especially useful in
combination with the Start command.
• Start – Sends a start command to the computer(s) using Wake-On-Lan
technology. This way a computer can start up, Group Policy applies and
then the computer can be shut down again, all done remotely.

The computers can be selected in a number of ways.


• Selecting any number of computer objects directly in ADUC, see Figure
1.
• Selecting any number of Organizational Units (OU), all selected OUs
will be recursively searched for all computer objects.
• Selecting any number of groups, this also works for nested groups.
• Selecting any number of domain objects, this will execute the commands
on all computers in the selected domains.
• Using the ADUC Find feature and search for computers and then select
computers from the result view.

Document version: 1.3 4(8)


Specops Gpupdate

Setup
Installation of Specops Gpupdate is straightforward and easy. This chapter
explains how it is done

Requirements
Specops Gpupdate has the following requirements on the computer where it is
installed.
• Windows XP with SP2 or Windows Server 2003
• .Net Framework 2.0
• Microsoft Active Directory Users and Computers

Installation

Installing Specops Gpupdate requires one or two steps depending if it is the first
time or not it is installed

1. Install the Windows Installer package SpecopsGpupdate.msi.


2. (Only once for each AD forest) Open a command prompt and run the
program SpecopsAducMenuExtensionInstaller.exe with the parameter /add .
The program can be found the folder
%CommonProgramFiles%\Specopssoft\Specops ADUC Extension. The
SpecopsAducMenuExtensionInstaller.exe registers the Specops Gpupdate
Display Specifiers in AD so that ADUC know that it is being extended.
Display Specifiers are stored in the AD Configuration Container; this
means that they only need to be registered once per AD forest and also
that the user running the command needs to be a member of the
Enterprise Admins. group, since only they can add Display Specifiers.
Important! Adding Display Specifiers is not a schema update and the
process is 100% reversible, just run
SpecopsAducMenuExtensionInstaller.exe with the parameter /remove and
the all the Specops Gpupdate Command Display Specifiers will be
removed.

Document version: 1.3 5(8)


Specops Gpupdate

Using Specops Gpupdate


As soon as Specops Gpupdate is installed on a computer with ADUC, select
computers by right clicking on one or more domains, OUs, Security Groups or
Computer objects and the context menu shown in Figure 1 will appear.
Depending on the command that is selected, a dialog will appear that contains
command specific options, see Figure 2 for an example of the option window.

Figure 2: Options for restart


When all options are selected, click on OK and the command will be executed
and the result displayed. See figure 3 for an example.

Document version: 1.3 6(8)


Specops Gpupdate

Figure 3: Result from the Start Computers command

Security
Specops Gpupdate utilizes the Windows Security model, meaning that any user
of Specops Gpupdate need appropriate permissions to perform the actions. For
example when shutting down computers the user need remote shutdown
permissions.
In general being a local administrator on the remote computer will satisfy all the
security requirements needed, but following sections describe the permissions
needed to perform the actions in more detail.

Gpupdate
• Permissions to run WMI on the remote computer and start processes.
• Any installed firewall must let WMI calls pass through.

Restart/Shut down
• Permission to shut down the remote computer remotely.

Document version: 1.3 7(8)


Specops Gpupdate

• Any installed firewall must let RPC calls pass through.

Start computers
• Read access to the DHCP servers in the enterprise. All domains have a
group named DHCP Users that fulfill this requirement for DHPC Servers
on Domain controller and all DHCP servers have the same local group
for member servers.
• The DHCP server must be a Microsoft DHCP server, 3rd party DHCP
servers are not supported.

Support and troubleshooting


Please visit our forums for support and help with troubleshooting. The forums
are located here:
http://www.specopssoft.com/forum

Document version: 1.3 8(8)

You might also like