?
Solved

group policy configuration - offline files

Posted on 2007-11-29
8
Medium Priority
?
410 Views
Last Modified: 2010-05-18
i want to enable offline files for laptops.  i have the default domain policy set to disable offline files, this is link enabled and enforced at domain level.  i have created a OU called laptops which hold the laptop computer accounts.  i have created and linked a new group policy with the offline files option enabled, this policy is also enforced.  this does not seem to be working though,offline files are disabled on the laptops.  when i run rsop the laptop is getting the setting from the default domain policy.  please help!  i tried to block inheritancy on the laptops OU but this did not work either.  i want to disable offline files for the computers which are in the computers container and enable them for laptops which are in the laptops OU.
0
Comment
Question by:brad2000smith
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 15

Expert Comment

by:JimboEfx
ID: 20375244
Well here is the processing order:

http://technet2.microsoft.com/windowsserver/en/library/274e614e-f515-4b80-b794-fe09b5c21bad1033.mspx?mfr=true

OU GPOs should be processed last.

I don't recommend changing the default domain gpo, as it can be difficult to troubleshoot things later. I rather create seperate gpos and link where required.

First things first.

When you run GPRESULT from the command prompt on the laptop - what is the output? Doe it should the OU GPOs, does it *think* it is in the laptops OU for that matter.

Paste the output here if you are not sure.
0
 

Author Comment

by:brad2000smith
ID: 20375444
GPRESULT output

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 29/11/2007 at 17:30:55



RSOP results for CSPLONDON\testl on LT002 : Logging Mode
---------------------------------------------------------

OS Type:                     Microsoft Windows XP Professional
OS Configuration:            Member Workstation
OS Version:                  5.1.2600
Domain Name:                 CSPLONDON
Domain Type:                 Windows 2000
Site Name:                   Default-First-Site-Name
Roaming Profile:            
Local Profile:               C:\Documents and Settings\testl
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=LT002,OU=Laptops,DC=csplondon,DC=local
    Last time Group Policy was applied: 29/11/2007 at 17:25:11
    Group Policy was applied from:      cspserver01.csplondon.local
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy
        offline folders
        Small Business Server Remote Assistance Policy
        Small Business Server Lockout Policy
        Small Business Server Domain Password Policy
        Small Business Server Client Computer

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

        Small Business Server Folder Redirection
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        LT002$
        Domain Computers
       

USER SETTINGS
--------------
    CN=Test Laptop,CN=Users,DC=csplondon,DC=local
    Last time Group Policy was applied: 29/11/2007 at 17:25:52
    Group Policy was applied from:      cspserver01.csplondon.local
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy
        Small Business Server Folder Redirection

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

        Small Business Server Remote Assistance Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Lockout Policy
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Domain Password Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Client Computer
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        Debugger Users
        BUILTIN\Users
        BUILTIN\Administrators
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL
        Engineers
        All Staff
       

RSOP result says that offline files are being inherited from Default domain policy
0
 
LVL 15

Expert Comment

by:JimboEfx
ID: 20376290
I assume the policy "offline files" is intended to enable offline files?

I suspect the block inheritance is not blocking the default domain policy:

http://technet2.microsoft.com/windowsserver/en/library/ad530161-02ad-4433-9b64-2d4b1fd3e2e11033.mspx?mfr=true

Block Inheritance does not deflect Group Policy settings from GPOs that are linked directly to the domain or organizational unit that has Block Inheritance enabled.

To Test:
Create seperate policy - called enable offline files. Configure appropriately and link to the OU which contains your computer accounts.
Remove the offline file settings from the default domain policy
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 15

Expert Comment

by:JimboEfx
ID: 20376295
typo:
"Create seperate policy - called enable offline files"
should read

Create seperate policy - called disable offline files
0
 

Author Comment

by:brad2000smith
ID: 20377679
yes, the policy called offline files is the one i have set up that has offline files enabled - this is linked to the laptops OU that contain the laptop accounts.  this policy is link enabled and enforced.

the domain default policy is linked to the domain and has offline files disabled.  this policy is link enabled and enforced.

so what you are saying is set offline files to "not configured" on the default domain policy.  and leave the offline files policy as it is.  or create a disabled offline files and link to domain. then have the default domain policy as not configured. leave offline files policy as it is?
0
 
LVL 15

Expert Comment

by:JimboEfx
ID: 20377773
Yes edit the default domain policy back to not configured.
run gpupdate /force and reboot the laptop - offline files in theory should be enabled.

If successful then create a new policy for non-laptops called disable offline files. Link this to the OU where your non laptop computers are.
0
 

Author Comment

by:brad2000smith
ID: 20378133
ok thank you i will try,

"If successful then create a new policy for non-laptops called disable offline files. Link this to the OU where your non laptop computers are." - my non laptop computers are just in the container called computers they are not in an OU.  i cant apply Group policy to these can i?  or do they pick up domain policies?  would you recommend having one OU for computers and another for laptops?
0
 
LVL 15

Accepted Solution

by:
JimboEfx earned 2000 total points
ID: 20380485
Yes create another OU for computers as you cannot manage them in that container.

The simplest OU design would be

Computers OU
Link Common GPOs e.g. Windows Updates, or look and feel etc etc
-->Laptops OU
     Link Enable Offline files GPO
-->Workstations OU
     Link Disable Offline files GPO
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question