[gptalk] Re: Remote Policy

  • From: "Omar Droubi" <omar@xxxxxxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 19 Sep 2007 12:18:44 -0700

What are you using for VPN client configuration and for the VPN server?
You may be able to force these users to download a new custom VPN
client, that you create using CMAK or whatever product your organization
uses- and configure it with a Post connection script that runs
GPUpdate.exe /force.


Now that may or may not work completely depending on which settings you
are pushing out via GPO but it should work for Firewall policies-BUT
just because the remote system is connected via VPN- it still may not
recognize that it is connected to the corporate LAN and apply the domain
based Firewall Settings. 


On the GPOguy.com website Darren has some quality info on how clients
determine if they should apply the domain vs. standard firewall policy
but in short it uses ICMP and is not very reliable. Sorry I do not have
the link-maybe if the GPO Guy himself reads this post he will send the
link J




From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Delaney, Doug
Sent: Wednesday, September 19, 2007 12:07 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Remote Policy


Hi all, 

Is anyone aware of any free tools available for the remote distribution
of a GPO policy? 

Here is our situation.  We have a couple thousand users who connect via
VPN only.  They connect after boot-up and cached credential logon to
windows.  Therefore, policies never apply during startup or logon.  We
have a need to administer the XP firewall (among other things), and are
having a very difficult time finding a solution.  Many of these users
are 8 hours away from a building where they can connect via a local LAN
to get policies.

Any guidance is greatly appreciated. 

Doug Delaney
EDS - Integration Engineering-GM
GM Desktop Engineering
1075 W. Entrance Dr., MS 2B, Cube 2130
Auburn Hills, MI 48326
Lab: 248-365-9187
Tel: 248-754-7917
Pg: 248-870-0306 pager
Mail: Doug.Delaney@xxxxxxx <mailto:Doug.Delaney@xxxxxxx>  
Note: The information in this email is intended solely for the
addressee. Access to this email by anyone else is unauthorized. If you
are not the intended recipient, any disclosure, copying, distribution or
any action taken or omitted to be taken in reliance on it is prohibited.


Other related posts: