Solved

group policy configuration - offline files

Posted on 2007-11-29
8
399 Views
Last Modified: 2010-05-18
i want to enable offline files for laptops.  i have the default domain policy set to disable offline files, this is link enabled and enforced at domain level.  i have created a OU called laptops which hold the laptop computer accounts.  i have created and linked a new group policy with the offline files option enabled, this policy is also enforced.  this does not seem to be working though,offline files are disabled on the laptops.  when i run rsop the laptop is getting the setting from the default domain policy.  please help!  i tried to block inheritancy on the laptops OU but this did not work either.  i want to disable offline files for the computers which are in the computers container and enable them for laptops which are in the laptops OU.
0
Comment
Question by:brad2000smith
  • 5
  • 3
8 Comments
 
LVL 15

Expert Comment

by:JimboEfx
ID: 20375244
Well here is the processing order:

http://technet2.microsoft.com/windowsserver/en/library/274e614e-f515-4b80-b794-fe09b5c21bad1033.mspx?mfr=true

OU GPOs should be processed last.

I don't recommend changing the default domain gpo, as it can be difficult to troubleshoot things later. I rather create seperate gpos and link where required.

First things first.

When you run GPRESULT from the command prompt on the laptop - what is the output? Doe it should the OU GPOs, does it *think* it is in the laptops OU for that matter.

Paste the output here if you are not sure.
0
 

Author Comment

by:brad2000smith
ID: 20375444
GPRESULT output

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 29/11/2007 at 17:30:55



RSOP results for CSPLONDON\testl on LT002 : Logging Mode
---------------------------------------------------------

OS Type:                     Microsoft Windows XP Professional
OS Configuration:            Member Workstation
OS Version:                  5.1.2600
Domain Name:                 CSPLONDON
Domain Type:                 Windows 2000
Site Name:                   Default-First-Site-Name
Roaming Profile:            
Local Profile:               C:\Documents and Settings\testl
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=LT002,OU=Laptops,DC=csplondon,DC=local
    Last time Group Policy was applied: 29/11/2007 at 17:25:11
    Group Policy was applied from:      cspserver01.csplondon.local
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy
        offline folders
        Small Business Server Remote Assistance Policy
        Small Business Server Lockout Policy
        Small Business Server Domain Password Policy
        Small Business Server Client Computer

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

        Small Business Server Folder Redirection
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        LT002$
        Domain Computers
       

USER SETTINGS
--------------
    CN=Test Laptop,CN=Users,DC=csplondon,DC=local
    Last time Group Policy was applied: 29/11/2007 at 17:25:52
    Group Policy was applied from:      cspserver01.csplondon.local
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy
        Small Business Server Folder Redirection

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

        Small Business Server Remote Assistance Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Lockout Policy
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Domain Password Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Client Computer
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        Debugger Users
        BUILTIN\Users
        BUILTIN\Administrators
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL
        Engineers
        All Staff
       

RSOP result says that offline files are being inherited from Default domain policy
0
 
LVL 15

Expert Comment

by:JimboEfx
ID: 20376290
I assume the policy "offline files" is intended to enable offline files?

I suspect the block inheritance is not blocking the default domain policy:

http://technet2.microsoft.com/windowsserver/en/library/ad530161-02ad-4433-9b64-2d4b1fd3e2e11033.mspx?mfr=true

Block Inheritance does not deflect Group Policy settings from GPOs that are linked directly to the domain or organizational unit that has Block Inheritance enabled.

To Test:
Create seperate policy - called enable offline files. Configure appropriately and link to the OU which contains your computer accounts.
Remove the offline file settings from the default domain policy
0
 
LVL 15

Expert Comment

by:JimboEfx
ID: 20376295
typo:
"Create seperate policy - called enable offline files"
should read

Create seperate policy - called disable offline files
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:brad2000smith
ID: 20377679
yes, the policy called offline files is the one i have set up that has offline files enabled - this is linked to the laptops OU that contain the laptop accounts.  this policy is link enabled and enforced.

the domain default policy is linked to the domain and has offline files disabled.  this policy is link enabled and enforced.

so what you are saying is set offline files to "not configured" on the default domain policy.  and leave the offline files policy as it is.  or create a disabled offline files and link to domain. then have the default domain policy as not configured. leave offline files policy as it is?
0
 
LVL 15

Expert Comment

by:JimboEfx
ID: 20377773
Yes edit the default domain policy back to not configured.
run gpupdate /force and reboot the laptop - offline files in theory should be enabled.

If successful then create a new policy for non-laptops called disable offline files. Link this to the OU where your non laptop computers are.
0
 

Author Comment

by:brad2000smith
ID: 20378133
ok thank you i will try,

"If successful then create a new policy for non-laptops called disable offline files. Link this to the OU where your non laptop computers are." - my non laptop computers are just in the container called computers they are not in an OU.  i cant apply Group policy to these can i?  or do they pick up domain policies?  would you recommend having one OU for computers and another for laptops?
0
 
LVL 15

Accepted Solution

by:
JimboEfx earned 500 total points
ID: 20380485
Yes create another OU for computers as you cannot manage them in that container.

The simplest OU design would be

Computers OU
Link Common GPOs e.g. Windows Updates, or look and feel etc etc
-->Laptops OU
     Link Enable Offline files GPO
-->Workstations OU
     Link Disable Offline files GPO
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now