Appling active directory foreground policy when user is loged in

Posted on 2009-04-29
Last Modified: 2012-05-06
We have a SSL VPN for our remote users. Is there a way we can have the group policy foreground policy run after the user is connected to the vpn. We use group policy to map printers and drives.

We are using the OpenVPN client on XP SP3 machines to make the connection, if we can not refresh the foreground policy can we authenticate before logon just like a L2TP VPN would

We do not want to use L2TP VPN as we may have issues with NAT traversal on some routers.
Question by:travispalm
    LVL 23

    Accepted Solution

    Group policy is nice and convenient, however, for remote users, group policy only runs if
    500K of bandwidth is available..

    Group policy will keep retrying according to the refresh interval.

    I wont go into this solution except to say the only reason I can see for choosing this would be for firewall bypass..

    How about runing 'gpupdate /sync' after the vpn connected?

    P.S. Windows 2008 and Vista support ssl vpns.. (SSTP remote)


    Author Comment

    Thanks debuggerau

    From what you have said and other KB articles we have been reading we have decided to implement a batch file that the vpn users will run that will execute the map printer batch file and map the appropriate drives.  We will put it on a server share so we can edit it and the resulting vpn users can be updated each time they run it.

    I will look into executing    'gpupdate /force'   when this script is run to pull the other group policy items down, if needed.

    I believe the 'gpupdate /sync' will only do a restart or log off of the machine. I dont think it actually forces the foreground policy of group policy.

    Author Closing Comment

    Forcing foreground policy does not look possible with this setup. Will be using a custom batch file for VPN users to execute after logon to map printers and drives.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Let’s list some of the technologies that enable smooth teleworking. 
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now