[gptalk] Re: Authentication

  • From: <bart.schillebeeks@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Mon, 25 Sep 2006 08:05:46 +0200

I suppose you'll need to filter in the script on a variable like "AD
site" or something. you can't change the logon script in ad when they
are logging on in a different site. 
 
IF site = home -> apply script
IF site = external --> skip. 
 
I'm not a scripter so i don't have that much experience with it. Here
they plant a lot of registry keys in the machine at staging like
"country, site, addomain, etc..."  
They are used then later in scripts. 
 
 
Bart
 
 
 

Vriendelijke groeten, 
Cordialement, 
Kind Regards, 

Schillebeeks Bart 
Active Directory Security Consultant 
Small and Departmental Systems - NT Systems Fortis Bank 
Bart.schillebeeks@xxxxxxxxxxxxxx 
AD Internet Consulting BVBA

Disclaimer:  
Any views expressed in this message are those of the individual sender,
except where the  message states otherwise and the sender is authorised
to state them to be the views of any  such entity.This Message is in no
way legally binding and has to be viewed as a personal  opinion of the
sender. This message reflects in no way the views of FORTIS BANK and its
associates and AD internet Consulting BVBA and its  associates. Unless
otherwise stated, any pricing information given in this message is
indicative only, is subject to change and does not constitute an offer
to deal at any price  quoted. Any reference to the terms of executed
transactions should be treated as preliminary  only and subject to our
formal written confirmation.

AD Internet Consulting BVBA, Hezemeer 7, 2430 Eindhout-Laakdal
ON:0470419019  www.adinternet.com  mailto:Sales@xxxxxxxxxxxxxx

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Attardo, Joe
Sent: Friday, September 22, 2006 2:31 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Authentication


Thanks Bart for you feedback. A little more information. We do not use
roaming profiles. Is there a way I can get the login script to stop
running so the users are not trying to map drives from remote locations?


-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of bart.schillebeeks@xxxxxxxxxx
Sent: Friday, September 22, 2006 5:57 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Authentication


Hi, 
 
Logging on to a domain controller in another site shouldn't make a
difference in GPO processing times as they are in that local site also
(DC/sysvol). 
The gpo processing will check the version and will not apply unless
there is a difference. 
 
What i'm suspecting is that you draw the roaming profile from their
"home office" share over the wan. 
Also folder redirection to home folders on their "native" file server
will slow it down cosiderably. 
 
The only way to solve this is to deploy DFS based file shares for home
folders and profiles. 
 
Also make sure you son't delete local cached copies of their profile as
this will also force GPO settings to reapply completely. 

Vriendelijke groeten, 
Cordialement, 
Kind Regards, 

Schillebeeks Bart 
Active Directory Security Consultant 
Small and Departmental Systems - NT Systems Fortis Bank 
Bart.schillebeeks@xxxxxxxxxxxxxx 
AD Internet Consulting BVBA

Disclaimer:  
Any views expressed in this message are those of the individual sender,
except where the  message states otherwise and the sender is authorised
to state them to be the views of any  such entity.This Message is in no
way legally binding and has to be viewed as a personal  opinion of the
sender. This message reflects in no way the views of FORTIS BANK and its
associates and AD internet Consulting BVBA and its  associates. Unless
otherwise stated, any pricing information given in this message is
indicative only, is subject to change and does not constitute an offer
to deal at any price  quoted. Any reference to the terms of executed
transactions should be treated as preliminary  only and subject to our
formal written confirmation.

AD Internet Consulting BVBA, Hezemeer 7, 2430 Eindhout-Laakdal
ON:0470419019  www.adinternet.com  mailto:Sales@xxxxxxxxxxxxxx

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Attardo, Joe
Sent: Friday, September 22, 2006 11:41 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Authentication



Good Morning, 

We have many people who travel to other offices as part of their jobs
and the logon experience when they get there is painfully slow. Is there
a way to set a policy so if a user authenticates to a domain controller
away from their "home office" that they will not receive any policies
such as a logon script or folder redirection.  Any suggestions would be
appreciated. 

 

Thanks, 

Joe

= = = = = = = = = = = = = = = = = = = = = = = = =
Fortis Bank disclaimer :
http://www.fortisbank.be/legal/disclaimer.htm

Fortis Bank privacy policy :
http://www.fortisbank.be/legal/privacy_policy.htm
= = = = = = = = = = = = = = = = = = = = = = = = =

Other related posts: