I don't think any of that will actually work because the client isn't really authenticating to the DC, therefore it has no idea of what policies are in place on the domain. Regards, Jamie -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Delaney, Doug Sent: Wednesday, September 19, 2007 2:33 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Remote Policy We are using Nortel VPN 4.65_18, and a rolm (spelling?) server. We are investigating the ability to perform a post VPN logon script. We are also testing if gpupdate actually applies all the required settings as well as the normal refresh interval. Our standard and domain firewall policies are identical, for the very reason you stated, the determination process is unreliable. Doug Doug Delaney EDS - Integration Engineering-GM GM Desktop Engineering 1075 W. Entrance Dr., MS 2B, Cube 2130 Auburn Hills, MI 48326 Lab: 248-365-9187 Tel: 248-754-7917 Pg: 248-870-0306 pager Mail: Doug.Delaney@xxxxxxx <mailto:Doug.Delaney@xxxxxxx> Note: The information in this email is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited. ________________________________ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Omar Droubi Sent: Wednesday, September 19, 2007 3:19 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Remote Policy What are you using for VPN client configuration and for the VPN server? You may be able to force these users to download a new custom VPN client, that you create using CMAK or whatever product your organization uses- and configure it with a Post connection script that runs GPUpdate.exe /force. Now that may or may not work completely depending on which settings you are pushing out via GPO but it should work for Firewall policies-BUT just because the remote system is connected via VPN- it still may not recognize that it is connected to the corporate LAN and apply the domain based Firewall Settings. On the GPOguy.com website Darren has some quality info on how clients determine if they should apply the domain vs. standard firewall policy but in short it uses ICMP and is not very reliable. Sorry I do not have the link-maybe if the GPO Guy himself reads this post he will send the link J Omar From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Delaney, Doug Sent: Wednesday, September 19, 2007 12:07 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Remote Policy Hi all, Is anyone aware of any free tools available for the remote distribution of a GPO policy? Here is our situation. We have a couple thousand users who connect via VPN only. They connect after boot-up and cached credential logon to windows. Therefore, policies never apply during startup or logon. We have a need to administer the XP firewall (among other things), and are having a very difficult time finding a solution. Many of these users are 8 hours away from a building where they can connect via a local LAN to get policies. Any guidance is greatly appreciated. Doug Delaney EDS - Integration Engineering-GM GM Desktop Engineering 1075 W. Entrance Dr., MS 2B, Cube 2130 Auburn Hills, MI 48326 Lab: 248-365-9187 Tel: 248-754-7917 Pg: 248-870-0306 pager Mail: Doug.Delaney@xxxxxxx <mailto:Doug.Delaney@xxxxxxx> Note: The information in this email is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited. *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************