Re: Can a GPO apply after a cached login?

Mi Mark,

The group policies which are missing/not applying are user policies. Most
notable is the omission of the Folder redirection / proxy settings and our
'locked down' user settings. They are all part of our 'standard user policy'.

I have tried the ICMP test and the client passed without any issues. A
steady reply from a DC.

Often our machines are built with the user not moved to the OU at which the
policy applies until the machine is fully deployed. I would have hoped that
the policies would apply upon their next login after the policy refresh.

I have tried the disable slow link just incase although I did try this before.

Is there anything else you could suggest that I try?

Thanks

Aidan

"Mark Heitbrink [MVP]" wrote:

Hi,

Aidan schrieb:
I am trying to discover whether a user who logs into their computer offline
(no network cable attached) should be able to later connect to the network
(without a logoff) and have group policies updated.

I am looking at this from the prespective of Remote Access as the VPN client
that we are using (Checkpoint) does not give us an option to sign into the
VPN prior to login. The clients get a message stating that the user polcies
cannot be found.

Some CSE can´t be processed in background (scripts, software) and some
are not processed because of a detected slowlink (scripts, software,
folder redirection per default).

Some can be manipulated NOT to run in background and some to run
even on detected slow link. Registry + Security CSE are always processed,
even if slowlink is detected.

Take a look in
Compconf\Adm TEmpl\System\Group Policy
"Name of Client Side Extension"

Another problem: Fragmented ICMP pakets are blocked by some Firewalls.

Behavior:
After logging in, ping to the DC always works, but no GPO, because the
ICMP package to detect a slow link and to connect to a DC is 2KB.
If the package is fragmented and blocked by the firewall, the client
always diagnose it as "offline", because the DC does not answer ...

Simple Test, if your firewall blocks it:
ping yourserver -l 2048

Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy

Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english

.

Relevant Pages

  • Not all GPO settings not applied to client
    ... environment with an XP client. ... I have not created any OUs yet and modified the Default Domain Policy ... It appears that the settings under "Windows Settings\Security ... The following group policies were not applied because they have been ...
    (microsoft.public.windows.server.security)
  • Re: Message Text in Group policy still showing after disabling it.
    ... > So I disabled the policy and now it is 'not defined'. ... XP is the client and 2000 is the Server. ... > I remember someone telling me that group policies are like that ...
    (microsoft.public.win2000.group_policy)
  • Message Text in Group policy still showing after disabling it.
    ... So I disabled the policy and now it is 'not defined'. ... XP is the client and 2000 is the Server. ... I remember someone telling me that group policies are like that ... reason and you jsut have to deal with it? ...
    (microsoft.public.win2000.group_policy)
  • Re: Local policy per-user on XP client
    ... That's the purpose of Local Policy - if you want customized Policies, ... domain, use Group Policies or even better, Active Directory. ... > specific XP client by setting local group policies. ...
    (microsoft.public.windowsxp.customize)
  • Re: GPO causing client security logs to fill?
    ... a virus in play. ... settings to be applied on your client workstations. ... Group Policy is a complex and often misunderstood beast. ... I modified the account ...
    (microsoft.public.windows.server.sbs)