[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to use Offline files for laptops and not for workstations

Posted on 2008-11-13
8
Medium Priority
?
383 Views
Last Modified: 2012-06-21
OK, my question is this, I have 2003 server R2, and windows xp pro workstations and laptops.

Now currently users have all offline files disabled (using group policy) as I did not want the workstations to sync with offline files. I did this by disabling all the offline files options I could find in group policy as when I first setup the environment, the offilne files kept syncing.  That works fine, user logs in, and nothing syncs. Now I have to get their laptops to work so that when the user is off the network at home, they can still work with their files and when they come back and connect it syncs up any changes. I have tried to create another policy for the laptops and moved the laptops into that container AD and then created a new GP and defined offline files is enabled. Currently though this is not working and the offline files options are greyed out when I login to the laptop as a user.

So have I done this right for using offline files on laptops. Currently the user GP will tell the computer no offline files, but I want only laptops to use offline files. HELP please.. thank you in advance.
0
Comment
Question by:moonlightallan
  • 4
  • 3
8 Comments
 
LVL 18

Expert Comment

by:Americom
ID: 22952776
You are doing the right thing I believe. You would create an OU and move your laptop there then apply the Offline-Enabled GPO to this laptop OU. To be sure the policy is applied to this OU, pick one machine and run a gpresult to see what GPOs actually being applied. My guess is you probably have both the User and Computer configuation configured. If so, then you need to disable the User configuration and only enable for Computer configuration as you are intending to apply to computer and not users.
0
 

Expert Comment

by:fingwong
ID: 22952781
Hi There

AS I uncerstand, you have moved all the laptops into a OU and applied a GPO to that OU allowing them access to ofline files.  However, as you have mentioned, Offline Files is a user configuration, so in order to enable the setting for just those users, the user accounts would have to reside in that same OU as well.

The option is greyed out because, the User accounts are having Group Plocies applied to them from either another OU, or its being cascaded down from a Domain Policy.

One way to resolve it would be to move users from their respective OU, to the same OU as the Laptops.  Or within Group Policy management console, set -up a filter on the security tab, so that these users didnt have the ability to read whichever GPO was stopping them having access to "Offline Files".

This, however has its down side, beacuse it would ignore every setting on the "ignored" Group Policy and not just the "Offline Files" setting.

Hope this helps.  

Fingwong
0
 
LVL 2

Author Comment

by:moonlightallan
ID: 22955014
In reply to Americom:  Well I will tell you more information. We are a school so currently I have OU's for Staff, Pupils, and the computers are in OU's for their area so that I can role out printers. Now the PC's i do not want offline file sync to take place. So in an effort to stop that I disabled all the offline file settings in the GP for Staff and Pupils and the computer. If I now enable those in the newly created Laptop OU will this override the existing settings I have disabled? Im not sure how the settings for a USER work in the Laptop OU, and so I  have currently only changed the GP for the COMPUTER in the Laptop OU not USER. .
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 2

Author Comment

by:moonlightallan
ID: 22955042
so basically the Staff or Pupils when they login will not have offline file enabled. I just want the laptops to have offline file sync working.
0
 
LVL 18

Expert Comment

by:Americom
ID: 22960410
If the newly created OU is under the OU where you applied the Offline-files disabled, and the new GPO for enabling the Offline-files is applied to the newly created OU, it will be the last to applied, thus enabled. Parent OU group policies are applied before child OU group policies. Policies applied later will overwrite policies applied earlier unless the No Override option is enabled on a GPO link.
You don't need to do anything with the Users configuration(assuming is is not configred) as it has less options than the Computer configuration.
0
 
LVL 2

Author Comment

by:moonlightallan
ID: 22962622
so are you saying to create the laptop OU inside the Staff OU ?
0
 
LVL 2

Author Comment

by:moonlightallan
ID: 22962708
if i put the Laptop OU inside the Staff OU then the Laptop OU would become a child of Staff. But if so I thought the child has lower priority and therfore offline would still be disabled ?
0
 
LVL 18

Accepted Solution

by:
Americom earned 500 total points
ID: 22962819
Again, parent OU group policies are applied before child OU group policies. Policies applied later will overwrite policies applied earlier unless the No Override option is enabled on a GPO link.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

865 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question