After enabling GPO, client pc needs synchronization

[Guest]

Hello All,

I recently enabled group policies for my network Win XP comptuers from a Win
2003 DC. After this, I realized when "some" users try to log on to their
comptuers, the computers have to synchrize the users' mapped network drives,
and then when users try to log off from their accounts, the comptuers have to
go through the synchronization process again. Users don't want to work
offline at all time, and don't want to see the synchronization message.
Sometimes when they open their network drives, the drive is completely blank.
I will have to do a manual synchronization before all contents to show up.

I have checked my group policy report a couple times, but I don't see any
settings related to synchronization. Could you shed some lights on this
issue? Thank you.

-David

 

[Steven L Umbach]

It sounds like you have offline files available for users. There are several
Group Policy settings for offline files for user and computer including
three for synchronize that you need to review under administrative
templates/network/offline files but make sure you read the full explanation
of each setting before configuring it. The links below explain more.

Steve

http://technet2.microsoft.com/Windo...0359-4fa4-bdcf-dd6ae5ca345e1033.mspx?mfr=true
http://technet2.microsoft.com/Windo...cc7e-46c9-b00f-1f926506435c1033.mspx?mfr=true
http://www.jsifaq.com/SUBQ/TIP8400/rh8473.htm

 

[Guest]

Steve,

thanks for the reply. The links are very helpful. Also, I forgot to mention
I also set up roaming profiles for these users. I wonder if that's why I
will receive the synchronization message. But on some other users that I set
up roaming profiles, these users don't see the synchronization message. It
also seems my group policies not applied successfully to all machines. I
will look into the problem futher.

Regards,

-David

 

[Steven L Umbach]

I have not used offline files enough to know how well it works or does not
work with roaming profiles but I would say you may want to consider trying
to use redirected folders instead of roaming profiles unless you have a
particular need for roaming profiles. With redirected folder's the users
entire My Documents folders, etc does not need to be downloaded locally to
the computer they logon to. If you want more info on that compared to
roaming profiles you may want to post in the setup_deployment newsgroup.
The links below explain redirected folders more.

As far as Group Policy troubleshooting you can use rsop.msc on the client
computer or run the mmc snapin for Resultant Set of Policy on a Windows 2003
domain controller to see what Group Policy settings are being applied to the
computer and user and from what Group Policy. Group Policy problems are
often a result of incorrect DNS configuration in the domain in that domain
controllers are not pointing only to themselves and possibly another domain
controller as their DNS servers and that domain computers are not pointing
to domain controllers ONLY as their DNS servers. Running the support tool
netdiag on domain controllers and domain computers will often reveal
problems, if they exist, that can affect Group Policy as can looking in the
application log via Event Viewer for events such as userenv related that
indicate a domain controller can not be located.

Another common problem with Group Policy application is that the computer or
user in question is not in a container/OU that the Group Policy is applied
to. The support tool gpresult when run on a domain computer will display
what Group Policies are being applied to the user and computer and from what
domain controller. When testing Group Policy changes remember it can take up
to two hours for Group Policy changes to propagate to a domain computer. To
speed that up run the command gpupdate /force on the domain controller and
then do the same on the domain computer or reboot it. --- Steve

http://www.windowsdevcenter.com/pub/a/windows/2004/08/24/folder_redirect.html
http://www.windowsnetworking.com/ar...e-Folder-Redirection-Windows-Server-2003.html
http://www.microsoft.com/technet/community/newsgroups/upfrfaq.mspx
http://technet2.microsoft.com/Windo...aa5b-44f2-b045-b74d2fd1bf701033.mspx?mfr=true

 

[Guest]

Steve,

Thanks again for the reply. The reason I use roaming profile is that I like
its feature to cache user settings, such as Outlook cached email addresses.

One of the key points in your email indicates "GP problems are often a
result of incorrect DNS configuration - that domain pcs are not pointing to
DCs ONLY as their DNS servers." Unfortunately, this is exactly the case for
our network. Do you have any web articles to support your idea? such as
from Microsoft? (I am sorry to say that. It's not that I don't trust you
but I would like to do more research on this). I am reading the links you
are sending me and I am sure I will get more info out of them. Thanks you!

-David

 

[Steven L Umbach]

Sure David. Read the KB article below and it will explain the importance of
correct DNS configuration. In an Active Directory domain DNS is used as a
resource locator such as to find domain controllers, etc in addition to host
name resolution.

Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382

DNS is the backbone of Active Directory and the primary name resolution
mechanism of Windows 2000 and Windows Server 2003. Windows 2000 and Windows
Server 2003 domain controllers dynamically register information about
themselves and about Active Directory in DNS. Other Windows 2000 and Windows
Server 2003 domain controllers, servers, and workstations that are part of
the domain query DNS to find Active Directory-related information. If DNS is
not set up correctly, domain-wide issues can occur such as replication
between domain controllers. You may also be unable to log on to the domain
or to join the domain from a workstation or server.

Question: What are the common mistakes that are made when administrators set
up DNS on network that contains a single Windows 2000 or Windows Server 2003
domain controller?

Answer: The most common mistakes are: . The domain controller is not
pointing to itself for DNS resolution on all network interfaces.
. The "." zone exists under forward lookup zones in DNS.
. Other computers on the local area network (LAN) do not point to the
Windows 2000 or Windows Server 2003 DNS server

 

[Guest]

Wow, this is very interesting and important!! completely new for me. Thank
you Steve for all the helps! By the way, I read all the links you send me
and they are all helpful. I was using folder redirection and roaming profile
together but got some concepts unclear. Now I understand more and I will
also implement DFS as one of the article advise.

Best Regards,

-David