Add Test Computers to the Membership Group for a Zone

Applies To: Windows 7, Windows Essential Business Server, Windows SBS 2003, Windows SBS 2008, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Before you deploy your rules to large numbers of computers, you must thoroughly test the rules to make sure that communications are working as expected. A misplaced WMI filter or an incorrectly typed IP address in a filter list can easily block communications between computers. Although we recommend that you set your rules to request mode until testing and deployment is complete, we also recommend that you initially deploy the rules to a small number of computers only to be sure that the correct GPOs are being processed by each computer.

Add at least one computer of each supported operating system type to each membership group. Make sure every GPO for a specific version of Windows and membership group has a computer among the test group. After Group Policy has been refreshed on each test computer, check the output of the gpresult command to confirm that each computer is receiving only the GPOs it is supposed to receive.

Administrative credentials

To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the membership of the group for the GPO.

In this topic:

  • Add the test computers to the GPO membership groups

  • Refresh Group Policy on the computers in each membership group

  • Check which GPOs apply to a computer

To add test computers to the GPO membership groups

  1. On a computer that has the Active Directory management tools installed, click Start, click Administrative Tools, and then click Active Directory Users and Computers.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

  3. In the navigation pane, expand Active Directory Users and Computers, expand YourDomainName, and then expand the container that holds your membership group account.

  4. In the details pane, double-click the GPO membership group to which you want to add computers.

  5. Select the Members tab, and then click Add.

  6. Type the name of the computer in the text box, and then click OK.

  7. Repeat steps 5 and 6 for each additional computer account or group that you want to add.

  8. Click OK to close the group properties dialog box.

After a computer is a member of the group, you can force a Group Policy refresh on the computer.

To refresh Group Policy on a computer

  • For a computer that is running Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2, start a command prompt as an administrator, and then type the following command:

    gpupdate /target:computer /force
    
  • For a computer that is running Windows XP or Windows Server 2003, open a command prompt, and then type the following command:

    gpupdate /target:computer /force
    
  • For a computer that is running Windows 2000, open a command prompt, and then type the following command:

    secedit /refreshpolicy machine_policy
    

After Group Policy is refreshed, you can see which GPOs are currently applied to the computer.

To see which GPOs are applied to a computer

  • For a computer that is running Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2, start a command prompt as an administrator, and then type the following command:

    gpresult /r /scope:computer
    
  • For a computer that is running Windows XP or Windows Server 2003, open a command prompt, and then type the following command:

    gpresult /scope:computer
    
  • For a computer that is running Windows 2000, open a command prompt, and then type the following command:

    gpresult /c