1

On a Win2008 Domain Controller, I've changed an user account property "Account is sensitive..."

Of course, I want that GPO to apply immediately

So I try gpupdate (or gpupdate /force), but it doesn't seem to work !?

I have to reboot my domain computer, then logon again with the user account to make it work !?

Another way ?

The solution is here Is there a way to refresh computer group membership without rebooting?

Community
  • 1

1 Answers1

4

As already commented, the "Account is sensitive and cannot be delegated" flag is a user account attribute, not a GPO setting.

If you've checked this box and want to make sure that the change is immediately replicated everywhere, you can use repadmin to force it:

repadmin /replsingleobj * source-dc01.domain.tld CN=SensitiveUser,OU=Users,DC=domain,DC=tld
Mathias R. Jessen
  • 26,351