[gptalk] Re: Remote Policy

  • From: "Nelson, Jamie R Contr 72 CS/SCBAF" <Jamie.Nelson.ctr@xxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 19 Sep 2007 14:39:17 -0500

I don't think any of that will actually work because the client isn't
really authenticating to the DC, therefore it has no idea of what
policies are in place on the domain.

Regards,
Jamie



-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Delaney, Doug
Sent: Wednesday, September 19, 2007 2:33 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Remote Policy

We are using Nortel VPN 4.65_18, and a rolm (spelling?) server.  We are
investigating the ability to perform a post VPN logon script.  We are
also testing if gpupdate actually applies all the required settings as
well as the normal refresh interval.  Our standard and domain firewall
policies are identical, for the very reason you stated, the
determination process is unreliable.
 
Doug

Doug Delaney
EDS - Integration Engineering-GM
GM Desktop Engineering
1075 W. Entrance Dr., MS 2B, Cube 2130
Auburn Hills, MI 48326
Lab: 248-365-9187
Tel: 248-754-7917
Pg: 248-870-0306 pager
Mail: Doug.Delaney@xxxxxxx <mailto:Doug.Delaney@xxxxxxx>  
Note: The information in this email is intended solely for the
addressee. Access to this email by anyone else is unauthorized. If you
are not the intended recipient, any disclosure, copying, distribution or
any action taken or omitted to be taken in reliance on it is prohibited.

 


________________________________

        From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Omar Droubi
        Sent: Wednesday, September 19, 2007 3:19 PM
        To: gptalk@xxxxxxxxxxxxx
        Subject: [gptalk] Re: Remote Policy
        
        

        What are you using for VPN client configuration and for the VPN
server? You may be able to force these users to download a new custom
VPN client, that you create using CMAK or whatever product your
organization uses- and configure it with a Post connection script that
runs GPUpdate.exe /force.

         

        Now that may or may not work completely depending on which
settings you are pushing out via GPO but it should work for Firewall
policies-BUT just because the remote system is connected via VPN- it
still may not recognize that it is connected to the corporate LAN and
apply the domain based Firewall Settings. 

         

        On the GPOguy.com website Darren has some quality info on how
clients determine if they should apply the domain vs. standard firewall
policy but in short it uses ICMP and is not very reliable. Sorry I do
not have the link-maybe if the GPO Guy himself reads this post he will
send the link J

         

        Omar

         

        From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Delaney, Doug
        Sent: Wednesday, September 19, 2007 12:07 PM
        To: gptalk@xxxxxxxxxxxxx
        Subject: [gptalk] Remote Policy

         

        Hi all, 

        Is anyone aware of any free tools available for the remote
distribution of a GPO policy? 

        Here is our situation.  We have a couple thousand users who
connect via VPN only.  They connect after boot-up and cached credential
logon to windows.  Therefore, policies never apply during startup or
logon.  We have a need to administer the XP firewall (among other
things), and are having a very difficult time finding a solution.  Many
of these users are 8 hours away from a building where they can connect
via a local LAN to get policies.

        Any guidance is greatly appreciated. 

        Doug Delaney
        EDS - Integration Engineering-GM
        GM Desktop Engineering
        1075 W. Entrance Dr., MS 2B, Cube 2130
        Auburn Hills, MI 48326
        Lab: 248-365-9187
        Tel: 248-754-7917
        Pg: 248-870-0306 pager
        Mail: Doug.Delaney@xxxxxxx <mailto:Doug.Delaney@xxxxxxx>  
        Note: The information in this email is intended solely for the
addressee. Access to this email by anyone else is unauthorized. If you
are not the intended recipient, any disclosure, copying, distribution or
any action taken or omitted to be taken in reliance on it is prohibited.

         

***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: