Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

group policy configuration - offline files

Posted on 2007-11-29
8
Medium Priority
?
414 Views
Last Modified: 2010-05-18
i want to enable offline files for laptops.  i have the default domain policy set to disable offline files, this is link enabled and enforced at domain level.  i have created a OU called laptops which hold the laptop computer accounts.  i have created and linked a new group policy with the offline files option enabled, this policy is also enforced.  this does not seem to be working though,offline files are disabled on the laptops.  when i run rsop the laptop is getting the setting from the default domain policy.  please help!  i tried to block inheritancy on the laptops OU but this did not work either.  i want to disable offline files for the computers which are in the computers container and enable them for laptops which are in the laptops OU.
0
Comment
Question by:brad2000smith
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 15

Expert Comment

by:JimboEfx
ID: 20375244
Well here is the processing order:

http://technet2.microsoft.com/windowsserver/en/library/274e614e-f515-4b80-b794-fe09b5c21bad1033.mspx?mfr=true

OU GPOs should be processed last.

I don't recommend changing the default domain gpo, as it can be difficult to troubleshoot things later. I rather create seperate gpos and link where required.

First things first.

When you run GPRESULT from the command prompt on the laptop - what is the output? Doe it should the OU GPOs, does it *think* it is in the laptops OU for that matter.

Paste the output here if you are not sure.
0
 

Author Comment

by:brad2000smith
ID: 20375444
GPRESULT output

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 29/11/2007 at 17:30:55



RSOP results for CSPLONDON\testl on LT002 : Logging Mode
---------------------------------------------------------

OS Type:                     Microsoft Windows XP Professional
OS Configuration:            Member Workstation
OS Version:                  5.1.2600
Domain Name:                 CSPLONDON
Domain Type:                 Windows 2000
Site Name:                   Default-First-Site-Name
Roaming Profile:            
Local Profile:               C:\Documents and Settings\testl
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=LT002,OU=Laptops,DC=csplondon,DC=local
    Last time Group Policy was applied: 29/11/2007 at 17:25:11
    Group Policy was applied from:      cspserver01.csplondon.local
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy
        offline folders
        Small Business Server Remote Assistance Policy
        Small Business Server Lockout Policy
        Small Business Server Domain Password Policy
        Small Business Server Client Computer

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

        Small Business Server Folder Redirection
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        LT002$
        Domain Computers
       

USER SETTINGS
--------------
    CN=Test Laptop,CN=Users,DC=csplondon,DC=local
    Last time Group Policy was applied: 29/11/2007 at 17:25:52
    Group Policy was applied from:      cspserver01.csplondon.local
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy
        Small Business Server Folder Redirection

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

        Small Business Server Remote Assistance Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Lockout Policy
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Domain Password Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Client Computer
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        Debugger Users
        BUILTIN\Users
        BUILTIN\Administrators
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL
        Engineers
        All Staff
       

RSOP result says that offline files are being inherited from Default domain policy
0
 
LVL 15

Expert Comment

by:JimboEfx
ID: 20376290
I assume the policy "offline files" is intended to enable offline files?

I suspect the block inheritance is not blocking the default domain policy:

http://technet2.microsoft.com/windowsserver/en/library/ad530161-02ad-4433-9b64-2d4b1fd3e2e11033.mspx?mfr=true

Block Inheritance does not deflect Group Policy settings from GPOs that are linked directly to the domain or organizational unit that has Block Inheritance enabled.

To Test:
Create seperate policy - called enable offline files. Configure appropriately and link to the OU which contains your computer accounts.
Remove the offline file settings from the default domain policy
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 15

Expert Comment

by:JimboEfx
ID: 20376295
typo:
"Create seperate policy - called enable offline files"
should read

Create seperate policy - called disable offline files
0
 

Author Comment

by:brad2000smith
ID: 20377679
yes, the policy called offline files is the one i have set up that has offline files enabled - this is linked to the laptops OU that contain the laptop accounts.  this policy is link enabled and enforced.

the domain default policy is linked to the domain and has offline files disabled.  this policy is link enabled and enforced.

so what you are saying is set offline files to "not configured" on the default domain policy.  and leave the offline files policy as it is.  or create a disabled offline files and link to domain. then have the default domain policy as not configured. leave offline files policy as it is?
0
 
LVL 15

Expert Comment

by:JimboEfx
ID: 20377773
Yes edit the default domain policy back to not configured.
run gpupdate /force and reboot the laptop - offline files in theory should be enabled.

If successful then create a new policy for non-laptops called disable offline files. Link this to the OU where your non laptop computers are.
0
 

Author Comment

by:brad2000smith
ID: 20378133
ok thank you i will try,

"If successful then create a new policy for non-laptops called disable offline files. Link this to the OU where your non laptop computers are." - my non laptop computers are just in the container called computers they are not in an OU.  i cant apply Group policy to these can i?  or do they pick up domain policies?  would you recommend having one OU for computers and another for laptops?
0
 
LVL 15

Accepted Solution

by:
JimboEfx earned 2000 total points
ID: 20380485
Yes create another OU for computers as you cannot manage them in that container.

The simplest OU design would be

Computers OU
Link Common GPOs e.g. Windows Updates, or look and feel etc etc
-->Laptops OU
     Link Enable Offline files GPO
-->Workstations OU
     Link Disable Offline files GPO
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question