Group Policy Updater Test

Computers in a domain should be frequently updated with changes made to group policy settings. If a computer is not updated with changes made to Computer Configuration Settings and current User Configuration Settings in group policy, it can cause serious security lapses. To avoid this, administrators should manually update the computer and user policy settings on a target host at regular intervals. This is exactly what the Group Policy Updater test does.      

At configured intervals, this test runs the Gpudate command to force a group policy update on the target host. By default, this command attempts to refresh both the Computer Configuration Settings and current User Configuration Settings on the local computer. Based on the output returned by the command, the test then reports whether/not the command succeeded in updating the target host’s policy settings, and if so, whether both computer and user policy settings were updated in the process. This way, the test periodically alerts administrators to the use of obsolete policy settings. You can also use the detailed diagnosis of the test to determine why the update failed. This greatly aids troubleshooting efforts.

Target of the test : An Active Directory or Domain Controller on Windows

Agent deploying the test : An internal agent

Outputs of the test : One set of results for every Active Directory that is being monitored

Configurable parameters for the test
Parameters Description

Test period

This indicates how often should the test be executed.

Host

The IP address of the machine where the Active Directory is installed.

Port

The port number through which the Active Directory communicates. The default port number is 389.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

User policy status

Indicates whether/not the User policy settings were updated.

 

This measure reports the value Bad if the user policy update failed. The value Good is reported, if user policies were successfully updated.

The numeric values that correspond to these measure values are listed below:

Measure Value Numeric Value
Bad 0
Good 1

The detailed diagnosis of this measure will provide you with a status report. If the user policy update fails, you can use this report to figure out why the update failed.

Note:

By default, the test reports only the Measure Values listed in the table above to indicate the update status. In the graph of this measure however, the update status is represented using the numeric equivalents only. 

Computer policy status

Indicates whether/not the Computer policy settings were updated.

 

This measure reports the value Bad if the computer policy update failed. The value Good is reported, if computer policies were successfully updated.

The numeric values that correspond to these measure values are listed below:

Measure Value Numeric Value
Bad 0
Good 1

The detailed diagnosis of this measure will provide you with a status report. If the computer policy update fails, you can use this report to figure out why the update failed.

Note:

By default, the test reports only the Measure Values listed in the table above to indicate the update status. In the graph of this measure however, the update status is represented using the numeric equivalents only.