Solved

Offline Files GPO

Posted on 2014-01-15
18
1,746 Views
Last Modified: 2014-01-17
For a lot of year we have had a 2003 domain and mostly XP workstations. Via a GPO on the server I have disabled offline files and it had been disabled forever. I didn't notice the problem over the last two years while replacing XP workstations with Windows 7 and the 2003 Servers with 2012 but today was an eye opened.

  On a Windows 7 x64 workstation (in Sync Center) the offline files were enabled and greyed out so you couldn't change the state. I went back and double checked the Default Domain GPO and verified that the offline files were disabled. Disabled yet they were enabled on this Windows 7 box. The fact that the button was greyed out would indicate that the domain GPO was in effect but the state of the offline files was incorrect.

I finally had to go in to gpedit on that workstation and disable offline files. It work which, to me, means the network GPO was not the reason the offline files button was greyed out.

Very, very strange. As a footnote I did replace two of the 2003 servers with 2012. Does anyone have any idea what is going on with the offline files GPO and these W7 workstations?
0
Comment
Question by:LockDown32
  • 10
  • 8
18 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 39783923
If the UAC is on, I think Win7 requires admin rights to make that change. Have you logged on to those Win7 workstations with administrative rights and tried to disable Offline Files?
0
 
LVL 15

Author Comment

by:LockDown32
ID: 39783960
Yes. UAC is off and although it is dangerous I make all users administrators of their computers. When I go in to Sync Center and Manage Offline Files it tell me offline files are enabled but the button to disable them is greyed out.

Now it get even weirder. I looked as a XP workstation on the domain. Same set of GPOs and offline files are not enabled and everything is greyed out. It is almost like the Windows 7 stations aren't effected by the GPO yet the XP workstations are.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 39785405
Did you upgrade your domain group policies to Windows 7 (admx)?
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 39785414
OOPs - your OP says you've upgraded to server 2012, which would mean that the GPO version is up to date.  Try running the group policy results tool on one of the Windows 7 workstations.  This will tell you if the policy is being applied or not, and if not will give you some indication of the reason.
0
 
LVL 15

Author Comment

by:LockDown32
ID: 39785682
I was trying to find that utility the other day. Do you know where I can get my hands on it?
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 39786680
You can run it from the command line on any workstation by typing gpresult.  If you're a bit lazy and GUI-dependent like me, on the server, open the group policy management console.  When you expand the Forest object, at the bottom of the list you should see Group Policy Results. Right-click on that and start the results wizard. This allows you to pick any workstation or server and user combination on the domain to test your group policy effectiveness. When the report has been generated, click on the Summary tab to see an overview, or the Settings tab to see the detailed report. You can also save and/or print the report from the console.
0
 
LVL 15

Author Comment

by:LockDown32
ID: 39786968
I am missing something. Attached it the gpresult from the one Windows 7 workstation. It looks like the Default Policy is in effect. I see a lot of things I set within it but I don't see the offline files settings in the Default Domain Policy. What am I missing?
results.txt
0
 
LVL 15

Author Comment

by:LockDown32
ID: 39787013
I just ran the gpresult on the XP workstation where offline files is disabled. I don't see the offline file settings under administrative templates either. It is attached.
XPresult.txt
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 39788608
These are the settings that are being controlled by your group policy:

GPO: Default Domain Policy
                KeyName:     Software\Policies\Microsoft\Windows\NetCache\Enabled
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Default Domain Policy
                KeyName:     Software\Policies\Microsoft\Windows\NetCache\SyncAtLogon
                Value:       0, 0, 0, 0
                State:       Enabled

 GPO: Default Domain Policy
                KeyName:     Software\Policies\Microsoft\Windows\NetCache\SyncAtLogoff
                Value:       0, 0, 0, 0
                State:       Enabled

Those are the offline files entries in the registry.  Look in your default domain policy for the following settings:

Computer Configuration/Policies/Administrative Templates/Network/Offline files:

Allow or Disallow use of Offline Files Feature
Synchronize all offline files when logging off
Synchronize all offline files when logging on

Also there are other settings in that part of group policy that you can look at an use if necessary to control the operation of offline files.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 15

Author Comment

by:LockDown32
ID: 39788628
That is what is throwing me. I figured out that NetCache is Offline files but looking through the results they don't give you any detail on which netcache options they are. There are about 6 offline files options set. The ones you mention above:

Allow or Disallow use of Offline Files Feature
Synchronize all offline files when logging off
Synchronize all offline files when logging on

Are configured. Allow/Disallow is disables and sync at logoff and logon are disabled along with about 4 other offline files options. Why doesn't gpresult reflect those? or does it? Those result logs have 5 or 6 netcache entries. They just don't specify what they are in detail.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 39788691
It looks like you ran gpresult from the workstation.  You get a different viewpoint if you run it from the GPMC.  The GPMC will show you which group policies themselves (rather than the reg entries) are being applied successfully or unsuccessfully.  It looks to me like the reg entries show that offline files are enabled, and sync at logon and logoff are also enabled, on the Win7 machine that you tested.  So, given the group policy settings you're saying you see in the default domain policy, something in the application of your group policy settings is definitely not working, or some other policy is interfering.

Let's start with running the group policy results tool from the GPMC on the server and post the resulting report.
0
 
LVL 15

Author Comment

by:LockDown32
ID: 39789126
The GPMC method is much more "readable". It does show that the Offline Files are disabled along with some other offline file settings that I have been told I need to set to disable offline files on Windows 7. The GPMC result is attached.

   It is almost as if on XP all you have to do is Disable or Enable the user of Offline Files where Windows 7 required that and about 6-7 addition settings including disabling the cscservice.

   I am curious... at the top of this report I see a warning {10831910-5A33-47E2-8321-87711B577337} Computer Configuration Disabled,Enforced

What does that signify?
HEALTH-04.htm
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 39789166
You need to look in your sysvol on the DC. There may be an existing group policy object with the GUID that is shown at the top of your report. This may be the remnant of some old group policy that existed in the 2003 domain.  Is there any object in your GPMC named "Classic Administrative Templates (ADM)" or any other active policy other than the default domain one?  Or this may just be some sort of orphaned object.
0
 
LVL 15

Author Comment

by:LockDown32
ID: 39789196
There is a policy in the sysvol with that GUID. I don't see anything by the name "Classic" in GPMC. I only have 5 total objects:

Default Domain Controller Policy
Default Domain Policy
Enable Offline Files
Local Printers
Redirection to GovCtrDC

I do still have two 2003 Domain Controllers. Soon to be only one.
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 39789410
Then it could really be any of those policies.  I would examine all of those policies to see if any of them has the Computer Configuration section of the policy disabled.  There may be a reason that it's disabled, but if you can find it then you can determine whether it needs to be disabled.  In the GPMC, it's easy to find this setting. Just click on the policy name and then click the Details tab in the right-hand pane.  This also shows the GUID of the policy in case you want to check to make sure it's the same one.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 39789415
OH - forgot to say that you want to look at the GPO Status; this will tell you if everything is Enabled or if part of the GPO - user config or computer config - is disabled.
0
 
LVL 15

Author Comment

by:LockDown32
ID: 39789572
Thanks for all your help on this hypercat. That particular GPO was put in long ago but the copier people to install their page count software. I had forgotten all about it but I don't think the computer configuration should have been disabled. I think I am OK. Disabling offline files seems to be different between XP and Windows 7. Windows 7 needs the extra step of disabling the offline files service. Once I did that in the GPO the offline files did disable.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 39789596
Great - glad to be of help!
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now