DNS client - DNS Servers Group Policy

  • Thread starter Thread starter Rick
  • Start date Start date
R

Rick

have Windows 2003 with two DC/DNS, I want to use the GPO DNS client -
DNS Servers Group Policy to point some users to one DNS server. If I
enable this policy for Laptop users, will this still be enforced when
they go off site?.Also does the DNS setting in DHCP override setting
for DNS client - DNS Servers Group Policy?

Thanks
Rick.
 
Rick,
refer tohttp://support.microsoft.com/kb/294785for the listing of the DNS
settings which are manageable via Group Policies - ability to point clients
to a specific DNS Server is not one of them...

hth
Marcin
Click to expand...

Marcin,

in the KB article it is saying the following. If I'm using this GPO
settings then all DNS queries "should" go out that DNS server? Or am
missing something.

thanks
Rick.

DNS Servers
This setting defines the DNS servers to which a computer sends queries
when it attempts to resolve names.

WARNING: The list of the DNS servers that are defined in this setting
supersedes DNS servers that are configured locally and those that are
configured using DHCP. The list of DNS servers is applied to all
network connections of multihomed computers to which this setting is
applied.

To use this setting, click Enable, and then type a space-delimited
list of IP addresses (in dotted decimal format) in the available box.
If you enable this setting, you must enter at least one IP address.

If this setting is not configured, then it is not applied to any
computers and computers use their local or DHCP-configured parameters.
Valid values are a space-delimited list of dotted decimal IP
addresses. The list must contain at least one IP address.
 
Rick,
obviously my response should've stated "is one of them" - as you correctly
pointed out based on the content of the article I referenced. As the article
states, the GPO configuration takes precedence over the DHCP assigned
settings - and will remain in effect when clients are roaming. Apologies for
the confusion...

hth
Marcin

Rick,
refer tohttp://support.microsoft.com/kb/294785for the listing of the DNS
settings which are manageable via Group Policies - ability to point
clients
to a specific DNS Server is not one of them...

hth
Marcin
Click to expand...

Marcin,

in the KB article it is saying the following. If I'm using this GPO
settings then all DNS queries "should" go out that DNS server? Or am
missing something.

thanks
Rick.

DNS Servers
This setting defines the DNS servers to which a computer sends queries
when it attempts to resolve names.

WARNING: The list of the DNS servers that are defined in this setting
supersedes DNS servers that are configured locally and those that are
configured using DHCP. The list of DNS servers is applied to all
network connections of multihomed computers to which this setting is
applied.

To use this setting, click Enable, and then type a space-delimited
list of IP addresses (in dotted decimal format) in the available box.
If you enable this setting, you must enter at least one IP address.

If this setting is not configured, then it is not applied to any
computers and computers use their local or DHCP-configured parameters.
Valid values are a space-delimited list of dotted decimal IP
addresses. The list must contain at least one IP address.
 
Rick said:
have Windows 2003 with two DC/DNS, I want to use the GPO DNS client -
DNS Servers Group Policy to point some users to one DNS server. If I
enable this policy for Laptop users, will this still be enforced when
they go off site?.Also does the DNS setting in DHCP override setting
for DNS client - DNS Servers Group Policy?

Thanks
Rick.
Click to expand...

The answer to the question is yes, the policy will be enforced on Laptops
when they go offsite.

You'll need to do some creative Organizational units to prevent the policy
from applying to mobile computers.

Possibly by creating and linking a new GPO, moving Laptops to their own OU,
then block policy inheritance of the GPO with the DNS server policy.


--
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
You might consider this alternative for laptops. Use DHCP reservations to
assign specific ip addresses from your scope by Mac address. Then specify
your dns options on each reservation. This would have no impact on the
machine when it is outside your network but it may require more initial
configuration on your end.
 
Back
Top