Solved

group policy configuration - offline files

Posted on 2007-11-29
8
404 Views
Last Modified: 2010-05-18
i want to enable offline files for laptops.  i have the default domain policy set to disable offline files, this is link enabled and enforced at domain level.  i have created a OU called laptops which hold the laptop computer accounts.  i have created and linked a new group policy with the offline files option enabled, this policy is also enforced.  this does not seem to be working though,offline files are disabled on the laptops.  when i run rsop the laptop is getting the setting from the default domain policy.  please help!  i tried to block inheritancy on the laptops OU but this did not work either.  i want to disable offline files for the computers which are in the computers container and enable them for laptops which are in the laptops OU.
0
Comment
Question by:brad2000smith
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 15

Expert Comment

by:JimboEfx
ID: 20375244
Well here is the processing order:

http://technet2.microsoft.com/windowsserver/en/library/274e614e-f515-4b80-b794-fe09b5c21bad1033.mspx?mfr=true

OU GPOs should be processed last.

I don't recommend changing the default domain gpo, as it can be difficult to troubleshoot things later. I rather create seperate gpos and link where required.

First things first.

When you run GPRESULT from the command prompt on the laptop - what is the output? Doe it should the OU GPOs, does it *think* it is in the laptops OU for that matter.

Paste the output here if you are not sure.
0
 

Author Comment

by:brad2000smith
ID: 20375444
GPRESULT output

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 29/11/2007 at 17:30:55



RSOP results for CSPLONDON\testl on LT002 : Logging Mode
---------------------------------------------------------

OS Type:                     Microsoft Windows XP Professional
OS Configuration:            Member Workstation
OS Version:                  5.1.2600
Domain Name:                 CSPLONDON
Domain Type:                 Windows 2000
Site Name:                   Default-First-Site-Name
Roaming Profile:            
Local Profile:               C:\Documents and Settings\testl
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=LT002,OU=Laptops,DC=csplondon,DC=local
    Last time Group Policy was applied: 29/11/2007 at 17:25:11
    Group Policy was applied from:      cspserver01.csplondon.local
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy
        offline folders
        Small Business Server Remote Assistance Policy
        Small Business Server Lockout Policy
        Small Business Server Domain Password Policy
        Small Business Server Client Computer

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

        Small Business Server Folder Redirection
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        LT002$
        Domain Computers
       

USER SETTINGS
--------------
    CN=Test Laptop,CN=Users,DC=csplondon,DC=local
    Last time Group Policy was applied: 29/11/2007 at 17:25:52
    Group Policy was applied from:      cspserver01.csplondon.local
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy
        Small Business Server Folder Redirection

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

        Small Business Server Remote Assistance Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Lockout Policy
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Domain Password Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Client Computer
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        Debugger Users
        BUILTIN\Users
        BUILTIN\Administrators
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL
        Engineers
        All Staff
       

RSOP result says that offline files are being inherited from Default domain policy
0
 
LVL 15

Expert Comment

by:JimboEfx
ID: 20376290
I assume the policy "offline files" is intended to enable offline files?

I suspect the block inheritance is not blocking the default domain policy:

http://technet2.microsoft.com/windowsserver/en/library/ad530161-02ad-4433-9b64-2d4b1fd3e2e11033.mspx?mfr=true

Block Inheritance does not deflect Group Policy settings from GPOs that are linked directly to the domain or organizational unit that has Block Inheritance enabled.

To Test:
Create seperate policy - called enable offline files. Configure appropriately and link to the OU which contains your computer accounts.
Remove the offline file settings from the default domain policy
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 
LVL 15

Expert Comment

by:JimboEfx
ID: 20376295
typo:
"Create seperate policy - called enable offline files"
should read

Create seperate policy - called disable offline files
0
 

Author Comment

by:brad2000smith
ID: 20377679
yes, the policy called offline files is the one i have set up that has offline files enabled - this is linked to the laptops OU that contain the laptop accounts.  this policy is link enabled and enforced.

the domain default policy is linked to the domain and has offline files disabled.  this policy is link enabled and enforced.

so what you are saying is set offline files to "not configured" on the default domain policy.  and leave the offline files policy as it is.  or create a disabled offline files and link to domain. then have the default domain policy as not configured. leave offline files policy as it is?
0
 
LVL 15

Expert Comment

by:JimboEfx
ID: 20377773
Yes edit the default domain policy back to not configured.
run gpupdate /force and reboot the laptop - offline files in theory should be enabled.

If successful then create a new policy for non-laptops called disable offline files. Link this to the OU where your non laptop computers are.
0
 

Author Comment

by:brad2000smith
ID: 20378133
ok thank you i will try,

"If successful then create a new policy for non-laptops called disable offline files. Link this to the OU where your non laptop computers are." - my non laptop computers are just in the container called computers they are not in an OU.  i cant apply Group policy to these can i?  or do they pick up domain policies?  would you recommend having one OU for computers and another for laptops?
0
 
LVL 15

Accepted Solution

by:
JimboEfx earned 500 total points
ID: 20380485
Yes create another OU for computers as you cannot manage them in that container.

The simplest OU design would be

Computers OU
Link Common GPOs e.g. Windows Updates, or look and feel etc etc
-->Laptops OU
     Link Enable Offline files GPO
-->Workstations OU
     Link Disable Offline files GPO
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question