Applying User GPO for Remote Users

  • Thread starter Thread starter gsarlas
  • Start date Start date
G

gsarlas

I was hoping somebody could help me with a Group Policy problem I am
having. I want to publish an application in AD. For users on my LAN,
everything works fine. But the application does not show up for my
remote users.

I have created a GPO with a Software Installation Publication under
"User Configuration". I've linked the GPO to an OU with the users I
want to apply this to. When a user on my LAN logs in and goes to
Add/Remove Programs, the application (Office 2003) appears in the "Add
Programs From Your Network" list. But it does not appear for my remote
users.

Remote users log in using cached credentials, and then connect to the
network via VPN. I have had them run "gpupdate" to force a refresh of
Group Policy. I then run "gpresult" to confirm that they have been
refreshed. Under the results for "gpresult" I see the linked GPO under
"Applied Group Policy Objects" for User Settings. I have waited the 90
+ 30 minutes just to see if it would show up by itself under normal
refresh intervals with no luck.

The clients are both Windows 2000 and XP Professional. The domain is
Windows 2003 running in mixed mode.

Does anyone out there have any ideas of what I'm doing wrong? I
appreciate any assitance that can be provided. Thank you.
 
You'll have to get them to log on to the domain - that is start up the VPN
prior to logging into their computer. In the logon screen there's a "dial
this connection" box and you can specify the VPN connection. Then your
connection should be established and your users should get logon scripts,
GPOs, etc.

....kurt
 
Thank you for the reply.

I guess that is part of my question. Is there any documentation as to
which policies get applied only on user logon and which policies can
get applied after logon either through normal refresh procedures and/or
"gpupdate" ?

Thanks again for your input.

-george
 
You really don't need a book, it's pretty straightforward. Computer policies
apply when the computer starts up, so I don't believe those policies can be
applied to remotes (you might check on that or maybe someone with more
remote experience will weigh in). User policies apply when the user logs
into the domain. Logging into a RRAS server, even with domain credentials,
is not the same as a domain logon. That's why the VPN must be up first
before the user logs in. Otherwise they're getting in with cached
credentials or logging into their local computer.

....kurt
 
If that is the case, why would you ever use "gpupdate" or "gpupdate
/force" to manually refresh policies? If they only truly get applied
at startup (computer policies) or logon (user policies), it would seem
that "gpupdate" is a tool that would never be used.

I appreciate your assistance in helping me understand this. Thanks
again.

-george
 
That's a good question, and group policies are updated at intervals as you
say (or can be forced with gpupdate). My reasoning is that the domain
controllers recognize the computers when they start up and policies like
software installations always seem to require a reboot of the workstation to
take place - now this is in my experience and I don't claim to be any kind
of expert on this - especially when it comes to remote computers. I'm still
waiting for someone with more remote users to add their 2 cents.

....kurt
 
Back
Top