Solved

group policy configuration - offline files

Posted on 2007-11-29
8
406 Views
Last Modified: 2010-05-18
i want to enable offline files for laptops.  i have the default domain policy set to disable offline files, this is link enabled and enforced at domain level.  i have created a OU called laptops which hold the laptop computer accounts.  i have created and linked a new group policy with the offline files option enabled, this policy is also enforced.  this does not seem to be working though,offline files are disabled on the laptops.  when i run rsop the laptop is getting the setting from the default domain policy.  please help!  i tried to block inheritancy on the laptops OU but this did not work either.  i want to disable offline files for the computers which are in the computers container and enable them for laptops which are in the laptops OU.
0
Comment
Question by:brad2000smith
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 15

Expert Comment

by:JimboEfx
ID: 20375244
Well here is the processing order:

http://technet2.microsoft.com/windowsserver/en/library/274e614e-f515-4b80-b794-fe09b5c21bad1033.mspx?mfr=true

OU GPOs should be processed last.

I don't recommend changing the default domain gpo, as it can be difficult to troubleshoot things later. I rather create seperate gpos and link where required.

First things first.

When you run GPRESULT from the command prompt on the laptop - what is the output? Doe it should the OU GPOs, does it *think* it is in the laptops OU for that matter.

Paste the output here if you are not sure.
0
 

Author Comment

by:brad2000smith
ID: 20375444
GPRESULT output

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 29/11/2007 at 17:30:55



RSOP results for CSPLONDON\testl on LT002 : Logging Mode
---------------------------------------------------------

OS Type:                     Microsoft Windows XP Professional
OS Configuration:            Member Workstation
OS Version:                  5.1.2600
Domain Name:                 CSPLONDON
Domain Type:                 Windows 2000
Site Name:                   Default-First-Site-Name
Roaming Profile:            
Local Profile:               C:\Documents and Settings\testl
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=LT002,OU=Laptops,DC=csplondon,DC=local
    Last time Group Policy was applied: 29/11/2007 at 17:25:11
    Group Policy was applied from:      cspserver01.csplondon.local
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy
        offline folders
        Small Business Server Remote Assistance Policy
        Small Business Server Lockout Policy
        Small Business Server Domain Password Policy
        Small Business Server Client Computer

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

        Small Business Server Folder Redirection
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        LT002$
        Domain Computers
       

USER SETTINGS
--------------
    CN=Test Laptop,CN=Users,DC=csplondon,DC=local
    Last time Group Policy was applied: 29/11/2007 at 17:25:52
    Group Policy was applied from:      cspserver01.csplondon.local
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy
        Small Business Server Folder Redirection

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

        Small Business Server Remote Assistance Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Lockout Policy
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Domain Password Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Client Computer
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        Debugger Users
        BUILTIN\Users
        BUILTIN\Administrators
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL
        Engineers
        All Staff
       

RSOP result says that offline files are being inherited from Default domain policy
0
 
LVL 15

Expert Comment

by:JimboEfx
ID: 20376290
I assume the policy "offline files" is intended to enable offline files?

I suspect the block inheritance is not blocking the default domain policy:

http://technet2.microsoft.com/windowsserver/en/library/ad530161-02ad-4433-9b64-2d4b1fd3e2e11033.mspx?mfr=true

Block Inheritance does not deflect Group Policy settings from GPOs that are linked directly to the domain or organizational unit that has Block Inheritance enabled.

To Test:
Create seperate policy - called enable offline files. Configure appropriately and link to the OU which contains your computer accounts.
Remove the offline file settings from the default domain policy
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 15

Expert Comment

by:JimboEfx
ID: 20376295
typo:
"Create seperate policy - called enable offline files"
should read

Create seperate policy - called disable offline files
0
 

Author Comment

by:brad2000smith
ID: 20377679
yes, the policy called offline files is the one i have set up that has offline files enabled - this is linked to the laptops OU that contain the laptop accounts.  this policy is link enabled and enforced.

the domain default policy is linked to the domain and has offline files disabled.  this policy is link enabled and enforced.

so what you are saying is set offline files to "not configured" on the default domain policy.  and leave the offline files policy as it is.  or create a disabled offline files and link to domain. then have the default domain policy as not configured. leave offline files policy as it is?
0
 
LVL 15

Expert Comment

by:JimboEfx
ID: 20377773
Yes edit the default domain policy back to not configured.
run gpupdate /force and reboot the laptop - offline files in theory should be enabled.

If successful then create a new policy for non-laptops called disable offline files. Link this to the OU where your non laptop computers are.
0
 

Author Comment

by:brad2000smith
ID: 20378133
ok thank you i will try,

"If successful then create a new policy for non-laptops called disable offline files. Link this to the OU where your non laptop computers are." - my non laptop computers are just in the container called computers they are not in an OU.  i cant apply Group policy to these can i?  or do they pick up domain policies?  would you recommend having one OU for computers and another for laptops?
0
 
LVL 15

Accepted Solution

by:
JimboEfx earned 500 total points
ID: 20380485
Yes create another OU for computers as you cannot manage them in that container.

The simplest OU design would be

Computers OU
Link Common GPOs e.g. Windows Updates, or look and feel etc etc
-->Laptops OU
     Link Enable Offline files GPO
-->Workstations OU
     Link Disable Offline files GPO
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question