Re: Always wait for the network at computer startup and logon

That is my understanding, that you could not log in until policy
had refreshed.
Hence you could have a fatal catch-22 if the VPN is doing an
IAS authentication based on windows identity (or Windows RRAS).

"Antti Järvinen" <anttijjj@xxxxxxxxxxx> wrote in message
news:upn6uKFRGHA.4920@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for your responses.

One question, just to make sure I understand correctly. If I need a 3rd
party VPN connection to access the domain controller and the VPN isn't
started at the point when Windows wants to check group policy, Windows
will wait until the VPN is up and running?

Best Regards, Antti

Roger Abell [MVP] wrote:
And then taking back the other way around.
You have a sensitive environment and want to make sure no one
ever logs in without the most recent group policy being checked
and used. So, you turn this on. If policy cannot be refreshed
and applied the wait on network continues and the machine does
not allow the login that might be a risk for the environment and
its sensitive access concerns.

"Florian Frommherz" <florian@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:OLWb$T2QGHA.2276@xxxxxxxxxxxxxxxxxxxxxxx

Howdy Antti!

Antti Järvinen wrote:

If the "Always wait for the network at computer startup and logon" group
policy setting is turned on, how does the Windows determine that the
network is ready?

The other way round: If you do *not* apply the policy "Always wait
for..." your windows client will perform "fast boot" what means that not
all drivers and services are loaded at the point a users can log onto the
system. If the users logs on now, no connection to the domain controller
can be established (since the network card drivers and network services
aren't loaded yet) and windows performs a "local" login with cached
credentials. As soon as the services are up, windows establishes the
connection to the domain controller. New or altered group policies will
be applied on background refreshes.

cheers,

Florian
--
Nachwuschsadmin aus dem Süddeutschen/Germany.
eMail: Vorname [bei] frickelsoft [Punkt] net.



.

Relevant Pages

  • IP Security Policies Not Applied / Not Working
    ... Security Policy set up on my Windows 2000 machine to connect to my company's ... VPN, which works perfectly. ... Windows XP Pro machine where this very same policy does not work. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: IP Security Policies Not Applied / Not Working
    ... Do you initiate your vpn connections via the Neware Connections folder? ... If so can you check the Windows 2000 machine for the regkey ProhibitIpsec - ... I have set up the identical policy on the ...
    (microsoft.public.windowsxp.security_admin)
  • Windows Shortcut Keys and "ALT+TAB" not working because of GPO
    ... We've got an issue with a machine policy which prohibits us of using Windows ... Deny access to this computer from the network Support_388945a0, ... Policy Setting ...
    (microsoft.public.de.german.windowsxp.gruppen.richtlinien)
  • Re: VPN with SBS Premuim
    ... CEICW (which got Vista working with VPN), but I had not re-run the Remote ... Access Wizard, after running the RAW, Windows XP connected fine. ... you are a credit to Microsoft. ... Extract all files to a folder on ISA server. ...
    (microsoft.public.windows.server.sbs)
  • RE: Sandboxing
    ... the 3Com Embedded Firewall would be extremely useful and enabling (in ... your case) when you look at it in a VPN context. ... This security policy will accomplish quite a few things: ... During the Policy Server installation, ...
    (Focus-IDS)
Loading