1. The status of the configurations is always in "Ready to Execute" state. Why?

Configurations when deployed, the actual deployment happens as below. The status of the configuration will remain in Ready to Execute state till it gets applied to one of the target computer/user.

Computer Configurations Deployment Period/Time

  • If the Computer is up at the time of deployment - witinin 90 minutes
  • If the Computer is down at the time of deployment - during the next computer startup.

User Configurations Deployment Period/Time

  • User has logged on to the domain at the time of deployment - within 90 minutes
  • User has not logged on to the domain at the time of deployment - When the user logs in to the domain

If the configuration do not get applied as expected, check the following:

  • Check whether the Endpoint Central agent has been installed in all the computers within the defined scope. To verify this, view the Agent Installation Summary by clicking Agent --> Scope of Management.
  • If an OU or a Group is specified as the target for a configuration, check whether that OU/Group has users and computers within it. You should login as that user or restart the computers within that OU/Group to get the configurations deployed.
  • To apply the configurations immediately, execute the "gpupdate" command in the client computers if the OS version is Windows XP/ 2003. For Windows 2000 clients, execute the "secedit /refreshpolicy" command.
  • When the machine running Endpoint Central has multiple IP Addresses, like a Virtual Adapter, two NICs, etc. Try disabling the virtual Adapters, if any.
  • When the Firewall running in the m/c running Endpoint Central Server blocks the data. Ensure that the Endpoint Central Port (default is 8020) is added to the exceptions list.
  • Check whether the local group policy is disabled in the target computers. Click here for the steps to enable local GPO.
  • When the Domain Controller is not reachable from the client computers. Check the Event Logs in the client computers for any errors. To open the Event Viewer, type eventvwr from Start--> Run and press Enter. Select Application from the left tree and look for Errors with Event IDs 1030, 1054, & 1058. Refer to Microsoft Knowledge Base articles to resolve these errors.

Questions

2. I have defined a configuration to execute a script in the client machines. But, it never seem to execute.

This could happen when any security software such as Symantec or Mcaffe running in the client system is blocking this. Try after stopping them.

Questions

 

Steps to Enable Local GPO

Downlad and run the enableLocalGPO script to enable Local GPO in computers other than Vista

Run the script in a single computer

  1. Download the script enableLocalGPO.txt
  2. Rename it to enableLocalGPO.vbs
  3. Run the script in each of the client computers from the command prompt: CSCRIPT enableLocalGPO.vbs

Run the script in multiple computers using the PsExec utility

  1. Create a network share (eg. \\MyServer\MyShare).
  2. Download the script enableLocalGPO.txt
  3. Rename it to enableLocalGPO.vbs. Save the vb script in the network share created in step 1
  4. Download the PsExec utility from http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx and save it in, for example, C:
  5. Run the script using the following command from the dos prompt

    C:\for /f %f in (c:\computernames.txt) do psexec \\%f -u <domain>\administrator -p <password> CSCRIPT \\MyServer\MyShare\enableLocalGPO.vbs

    where,
    computernames.txt contains a list of computers where you need to install the agent, which has to be specified with its complete path
    <domain> refers to the domain or the workgroup name
    <password> refers to the domain or the workgroup administrator password