I'm trying to add a service account to the "logon as a service" on a member server. Looking at the local security policy snap-in, that setting is being overridden by Group Policy. Looking at GPresult and Group Policy Management snap-in, I found where those settings were set, the "Default Domain Policy" . I deleted an account under Local Policies/User Rights Assignment/logon as a service and added the new one I needed. I replicated across all three DCs manually with AD Sites and Services. I ran gpupdate /force on my member server and then rebooted. However, I'm not getting the new settings??? The one I deleted is still there and my new one is not showing up.
I checked the other DCs and they updated with the change to that GPO. I ran repadmin /replsummary and replication between DCs seem to be working fine. I ran DCdiag on DC1 (2K3), everything passed, on DC2 (2K8) and DC3 (2K3), I got some failures (see attached). The frsevent failure looks like its because we rebooted our servers last night for windows updates. I tested with a Win7 box and got the same result as my member server.
I built the member server in January and the Win7 box has been rebuilt within the last 6 mos and they both still have the orgional settings. I checked event logs on DCs, member server and W7 box and nothing stood out. I'm not brand new with GP but not an expert by any means and have not messed with GP much since I've been working here (2 years).
Default Domain Policy is "Linked Enabled" (Not "Enforced") and the GPO Status is "Enabled". Is this a timing issue? Google has let me down, what say you my spicepeeps?