We have an organization of approximately 1200 Windows PC clients on an Active Directory network. We have noticed that there seems to be random systems that don't get policies set.
For example, we have in our policies that the Windows system is to notify of updates but not apply them. We have a group of systems after upgrades over the summer that are downloading updates and rebooting, even without anyone logged in. The issue there is that these systems have Deep Freeze on them, so when they reboot, whatever fix is applied is then erased and so they restart their download/reboot cycle again, ad infinitum. Others, users log in, and it'll pop up a notice that it'll reboot in five minutes unless you click on "Later".
In the past we saw issues with things like blocking access to the C: drive in AD policies; usually systems hid the drives, on some systems, seemingly at random, users would log in and have access.
Policy refreshes from the command line didn't seem to fix the issue but sometimes a couple of reboots would. These systems seem to have network access at startup, so they should be able to communicate with the AD servers (plus users can log in to them, so they must be able to authenticate since frozen systems are frozen without cached profiles).
Is this normal for AD policies to not always "take" on clients, or is there something that should be checked? Do other people run into this as expected behavior? I know AD policies are supposed to randomly refresh on clients but when we ran the command to manually refresh policies it didn't seem to fix the issue.
Best Answer
The machine account's password is usually changed every 30 days by the machine. If DeepFreeze does not allow the new password to be stored on the computer, computer level GPO will probably fail as the computer cannot log on to AD.