Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Appling active directory foreground policy when user is loged in

Posted on 2009-04-29
3
Medium Priority
?
476 Views
Last Modified: 2012-05-06
We have a SSL VPN for our remote users. Is there a way we can have the group policy foreground policy run after the user is connected to the vpn. We use group policy to map printers and drives.

We are using the OpenVPN client on XP SP3 machines to make the connection, if we can not refresh the foreground policy can we authenticate before logon just like a L2TP VPN would

We do not want to use L2TP VPN as we may have issues with NAT traversal on some routers.
0
Comment
Question by:travispalm
  • 2
3 Comments
 
LVL 23

Accepted Solution

by:
debuggerau earned 1500 total points
ID: 24265815
Group policy is nice and convenient, however, for remote users, group policy only runs if
500K of bandwidth is available..

http://technet.microsoft.com/en-us/library/cc978243.aspx


Group policy will keep retrying according to the refresh interval.
http://technet.microsoft.com/en-us/library/cc978270.aspx

I wont go into this solution except to say the only reason I can see for choosing this would be for firewall bypass..

How about runing 'gpupdate /sync' after the vpn connected?

P.S. Windows 2008 and Vista support ssl vpns.. (SSTP remote)
http://www.microsoft.com/downloads/details.aspx?FamilyID=fc4d7d3f-0376-45bf-9544-ec35329a2fc1&DisplayLang=en


0
 

Author Comment

by:travispalm
ID: 24270049
Thanks debuggerau

From what you have said and other KB articles we have been reading we have decided to implement a batch file that the vpn users will run that will execute the map printer batch file and map the appropriate drives.  We will put it on a server share so we can edit it and the resulting vpn users can be updated each time they run it.

I will look into executing    'gpupdate /force'   when this script is run to pull the other group policy items down, if needed.

I believe the 'gpupdate /sync' will only do a restart or log off of the machine. I dont think it actually forces the foreground policy of group policy.
0
 

Author Closing Comment

by:travispalm
ID: 31576230
Forcing foreground policy does not look possible with this setup. Will be using a custom batch file for VPN users to execute after logon to map printers and drives.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question