Re: Can a GPO apply after a cached login?
- From: "Mark Heitbrink [MVP]" <spam-only@xxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 29 May 2007 15:57:27 +0200
Hi,
Aidan schrieb:
I am trying to discover whether a user who logs into their computer offline
(no network cable attached) should be able to later connect to the network
(without a logoff) and have group policies updated.
I am looking at this from the prespective of Remote Access as the VPN client
that we are using (Checkpoint) does not give us an option to sign into the
VPN prior to login. The clients get a message stating that the user polcies
cannot be found.
Some CSE can´t be processed in background (scripts, software) and some
are not processed because of a detected slowlink (scripts, software,
folder redirection per default).
Some can be manipulated NOT to run in background and some to run
even on detected slow link. Registry + Security CSE are always processed,
even if slowlink is detected.
Take a look in
Compconf\Adm TEmpl\System\Group Policy
"Name of Client Side Extension"
Another problem: Fragmented ICMP pakets are blocked by some Firewalls.
Behavior:
After logging in, ping to the DC always works, but no GPO, because the
ICMP package to detect a slow link and to connect to a DC is 2KB.
If the package is fragmented and blocked by the firewall, the client
always diagnose it as "offline", because the DC does not answer ...
Simple Test, if your firewall blocks it:
ping yourserver -l 2048
Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy
Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
.
- Follow-Ups:
- Re: Can a GPO apply after a cached login?
- From: Aidan
- Re: Can a GPO apply after a cached login?
- Prev by Date: Re: Action needed
- Next by Date: windows banner to run every 60 days before login
- Previous by thread: Re: Audit policy problem (deleted file name)
- Next by thread: Re: Can a GPO apply after a cached login?
- Index(es):
Relevant Pages
|
