Windows – GPO not setting security permissions on restart

group-policywindows

I have a GPO that is assigning permissions to a folder on the user's C drive (computer configuration\Policies\Windows settings\security settings\File System). The folder that this applies to doesn't exist until an software application is distributed to the computer. The computer restarts after the installation and the GPO should be applied to the folder so that adequate permissions for the folder are set. The GPO's permissions are not being applied on restart. If I subsequently run gpupdate /force and then reboot, the permissions are applied as they should be.

I guess I'm not understanding under what instances the GPO for file permissions will be applied on a reboot or something. Is there a setting somewhere I can set so that it will enforce this security GPO policy every time the computer is restarted?

Best Answer

There is no trigger for the GPO to be reapplied, so it won't be. You could:

  • Add gpupdate -force to the login script. This will support GPOs which apply to things that do not yet exist in general, but will slow up the login process.
  • Add gpupdate -force to the end of the installation script (or create an installation script if one doesn't already exist.
  • Add gpupdate -force as a repeating scheduled task using a time of @reboot to every computer

I suggest that the second option is likely the easiest.

Related Topic