Group Policy on work at home users

I have a remote PC that need Group policy updated to change a software setting.,   they use a xenn app environment to perform their work.

Group policy on this pc  has not been connected to the network since its deployment so gp has not updated.  how do i import current group policy without having the user return the pc.  


Thanks  ahead of time.
Alain LaverdureSystems AdminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Group policy on this pc  has not been connected to the network since its deployment so gp has not updated.  how do i import current group policy without having the user return the pc.  

I am not sure if i understand the above statement correctly. If this is a domain machine (which i am assuming it is) Group Policies ARE applied to this machine. You have Default Domain Policies at a minimum (unless of course you are using Blocked Inheritance)

If policies are not getting applied then it is usually due to incorrectly configured Security Filtering on the GPO and or improper placement of a GPO.

If you are applying User Policies to these XenApp Servers and the users are not in the same OU as the XenApp servers then the user policies will only apply from where the user is located in the AD OU.

If you want User Policies to apply on the Xenapp servers to your users that connect to these servers then you need to configure Loopback Policy processing with replace mode.

Loopback policy
https://support.microsoft.com/en-us/kb/231287

Also what you might want to do is run RSOP.msc from the server itself and see what Computer and User Polciies are being applied.

Will.
0
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
I assume the computer in question is a machine which was joined to the domain, but was then taken to the user's home and has been unable to connect to the domain since it was taken out of the building.  It is now used to connect and use remote applications via Citrix/XenApps, but from the point of view of Active Directory, the computer is no longer authenticated, etc.

Assuming my assumptions are correct, what you have is a Remote Access user, and the DirectAccess solution is the one built precisely to support this.  Unfortunately it tends to have a bit more in the way of Infrastructure and support requirements.  I suspect you'd be able to get away with installing RRAS, and configuring a VPN to allow the client to connect, then log into the domain and update their GPOs.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alain LaverdureSystems AdminAuthor Commented:
Yes  the PC was imaged and deployed to the remote user -  there is no vpn connection, users just use a web browser to connect to xenapps that they use to perform their duties.

This way our work at home users can BYOD  if they like or we can issue them equipment.

I will check Will's suggestion ,  but i think i may go a different route for the next upgrade.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
There isn't a VPN connection now... but that is the 'easy' way to have the user connect into your network remotely.  You'd need to have an RRAS server in your environment, and have the user configure a VPN on their side.  
Be aware that to get the computer correctly logged into the domain using the VPN (so that it will process Group Policy), the domain logon needs to occur during the user logon process.  These instructions, originally written for Vista, are current for Windows 7 as well.

If you perform an upgrade to your environment to more completely support remote users, I'd encourage you to investigate DirectAccess.
1
LeeTutorretiredCommented:
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
Question asked for a way to apply Group Policies to a remote machine that was not brought inside the company network,  The two Microsoft supported solutions to solve that problem were suggested.  What additional information would be needed to confirm the answers?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.