GP and remote site without DC. Client not applying settings properly

N

Nathan

Hi,

We have a couple of sites with users running XP SP2 and 2K Pro and these
sites do not have a DC installed.

I am having problems with GP being loaded on these machines. Some settings
are being applied and others applied incorrectly.

I read one item about removing and adding the PC back into the domain which
I did to one PC and it kind of worked. Now the GP is being applied but the
Firewall policy is being applied wrongly. Our GP firewall policy is setup to
OFF when logged onto the Domain and ON when not. This machine now thinks
that it is not running on the domain so it is setting the firewall to ON. It
seems to be a remote site/slow link problem.

I have setup the remote subnet to use a site with a DC.

The DNS on the client also point to Win2K3 servers.

Any idea how to fix?

TIA

Nathan
 
S

Steven L Umbach

You might want to tweak your slow link detection settings to see if that
makes a difference. As far as firewall policy, even if the Windows firewall
is enabled users can still access domain resources than are not using any
type of firewall protection and you can enable exceptions for the firewall
so that if it is enabled that services like file and print sharing, Remote
Desktop, and other services are available on those computers if need be.
Many are using the XP SP2 firewall for domain computers. Another problem if
the link is unreliable is that users are logging on with cached credentials
and then being authenticated when they can contact the domain controller.
The user may not even know it if they are not trying to access other domain
resources as there local machine access will seem fine, but that startup and
logon Group Policy will not be applied. The support tool gpresult will tell
the last time a Group Policy was applied to a user or computer and Event
Viewer may also tell when the policy was not able to be applied.. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;227369&sd=tech
http://support.microsoft.com/default.aspx?scid=kb;en-us;227260
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

GP do not take effect 4
Slow link over VPN not updating GP settings 4
How do you specify which DC the GP is replicated from? 1
server 2003 gp templates in 2000 domain 4
GP not applying when logging in to a workstation 4
GP not applying to new users/pc's ... 4
applying settings to clients forcefully 10
WXP GP setting not showing in Domain GP 4

Top