Hi All,

I have to enforce Group Policy [GP] for 700+ staff across 13 sites with
1-2Mb WAN links between sites. What I want is a Global GP that replicates
onto every site so that when there is a change, every user does not go and
download it from a single site (killing the network). The "Global" bit is
important as I really don't want to be updating 13 GP in ConsoleOne
everytime we lock down something else!

Now what I have been trying is :

* Create a master policy called Global_Master.
* Use a file sync program to sync the GP folder structure to 13 other
servers on 13 other sites.
* Create a ZFD user policy for each site, but point the GP at the
site's synched folder.
* Assign site users to the site policy

This nearly works ....

What seems to happen is that it works first time only; PCs successfully pick
up my globally created GP. Subsequent changes in the Global_Master ARE
synched down to the sites, but the clients are not picking them up.

If I use ConsoleOne to view a site policy, I can see that the new master
policy has synched OK; however this process of viewing the site policy seems
to trigger off something that makes the site PCs then use this policy. I
can also force PCs to pick up the site GP by deleting their local GP
(C:\Windows\System32\grouppolicy and
C:\Windows\System32\grouppolicy.UserCache) and logging in again.


Is there a timestamp in NDS that is checked when GP is updated, and checked
again when GP is read by the client ?
Or is there something in the GP folder structure that "messes up" when
replicated ?
Or is it something else completely ?
Or is there another way to do this ?


Peter Wainwright.