Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251
GPO assignment over VPN connection
GPO assignment over VPN connection

GPO assignment over VPN connection
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
GPO assignment over VPN connection JCB 01-28-2007
Posted by =?Utf-8?B?SkNC?= on January 28, 2007, 11:30 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Is there a way to ensure all GPO settings are applied to a domain member
machine that uses a remote VPN connection to access network resources?

I have a VPN connection configured on an XPProSP2 laptop that connects to a
Win2003SP1 DC that is also the RAS server (VPN Endpoint). Routing is not
enabled for this connection - only RAS. If a GPO setting that requires a
reboot/logoff-logon to refresh (i.e., will not be refreshed with
gpupdate/force) is changed, how can the remote machine receive this change?
Policy processing applies to the machine on start-up, before the user
policies apply on login-in. But if the machine must first be started, before
the user logs in with cached domain credentials to establish the VPN, how
will GPO settings (I guess they are foreground settings) ever be updated?
Non-reboot settings will be applied in the background upon normal periodic
refresh, or with gpupdate/force, but what about those that won't???
--
JCB59

Posted by on January 30, 2007, 7:35 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> If a GPO setting that requires a reboot/logoff-logon to refresh (i.e., will
> not be refreshed with gpupdate/force) is changed, how can the remote machine
> receive this change?

It would be applied but not take effect until the next reboot or
logon. Put another way, the policy will be written to the registry but
certain keys -- those read on boot or logon -- will not be processed
until later.

Of course, you could always force this by running the following in the
logon script. This should not be necessary, however.

echo N | gpupdate /force

Regards,

J Wolfgang Goerlich


Posted by =?Utf-8?B?SkNC?= on January 30, 2007, 3:11 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
So if I understand you correctly, the subject machine would only be one
restart/logon behind, such that a second restart/logon will ensure complete
application of ALL GPOs? I should be able to verify this with RSOP.msc,
correct?

Thanks a bunch.
--
JCB59


"jwgoerlich@gmail.com" wrote:

> > If a GPO setting that requires a reboot/logoff-logon to refresh (i.e., will
> > not be refreshed with gpupdate/force) is changed, how can the remote machine
> > receive this change?
>
> It would be applied but not take effect until the next reboot or
> logon. Put another way, the policy will be written to the registry but
> certain keys -- those read on boot or logon -- will not be processed
> until later.
>
> Of course, you could always force this by running the following in the
> logon script. This should not be necessary, however.
>
> echo N | gpupdate /force
>
> Regards,
>
> J Wolfgang Goerlich
>
>

Posted by Johan Engdahl on February 8, 2007, 5:50 am
If you were  Registered and logged in, you could reply and use other advanced thread options
gpupdate /target:machinename

--
----------------------------------------------------------------------------------------------------------------------------
Johan Engdahl
CCSA, CCSE, CCA, MCP | johan AT firewall1 DOT nu | http://www.firewall1.nu

> Is there a way to ensure all GPO settings are applied to a domain member
> machine that uses a remote VPN connection to access network resources?
>
> I have a VPN connection configured on an XPProSP2 laptop that connects to
> a
> Win2003SP1 DC that is also the RAS server (VPN Endpoint). Routing is not
> enabled for this connection - only RAS. If a GPO setting that requires a
> reboot/logoff-logon to refresh (i.e., will not be refreshed with
> gpupdate/force) is changed, how can the remote machine receive this
> change?
> Policy processing applies to the machine on start-up, before the user
> policies apply on login-in. But if the machine must first be started,
> before
> the user logs in with cached domain credentials to establish the VPN, how
> will GPO settings (I guess they are foreground settings) ever be updated?
> Non-reboot settings will be applied in the background upon normal periodic
> refresh, or with gpupdate/force, but what about those that won't???
> --
> JCB59



Similar ThreadsPosted
VPN Connection Using RASDIAL.EXE July 25, 2005, 5:40 pm
How can I see if someone is using my wireless connection September 8, 2005, 10:55 pm
Internet Connection April 24, 2006, 11:17 am
Remote Connection in XP May 27, 2006, 10:31 pm
Help with internet connection please.... September 25, 2006, 3:09 pm
External LDAPS connection help January 26, 2006, 3:27 pm
losing share connection May 27, 2005, 8:15 am
Remote Desktop Connection June 13, 2005, 3:56 pm
Remote Desktop over VPN connection April 6, 2006, 4:42 pm
Leaving DSL Connection On while not using the Internet? July 25, 2006, 11:15 pm

The site map in XML format XML site map

Contact Us | Privacy Policy