Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«31 »
  • Locked thread
Cidrick
Jun 10, 2001

Praise the siamese


brc64 posted:

I could be way off base here, but would running gpupdate make registry changes take effect immediately?

It doesn't appear to, because gpedit.msc doesn't reflect the changes that have been made in the registry by hand.

Adbot
ADBOT LOVES YOU

TheFlyingDutchman
May 26, 2005
Skyway wanderer

Cidrick posted:

Is there a way to "save" a GPO file for local group policy processing and then switch between two different local group policies instantly?

What I'd like to do is lock down these workstations that we deploy at remote sites for ordinary usage, removing poo poo like internet explorer, windows explorer, the run prompt, and that kind of thing, but then be able to run a start menu program that will prompt for a password and then switch into "maintenance mode" which would basically unlock the workstation for anyone who knew the password.

I figure that I can pretty easily do this with .reg files that will immediately modify the registry for a regular user and an administrator, but I was unable to figure out how to make the changes apply immediately. If you open up gpedit.msc and enable/disable a policy, it takes effect immediately. However, if I manually add or edit the key in the registry, it doesn't. Anyone know if there's a way I can basically switch between to local group policy "profiles" so to speak?

Or am I going about this in completely the wrong way?

Switching like that would be pretty difficult, really. The easiest way to do it, would be to log in as a different user, but that's not what you're asking for...

What I would do for this would be to write a script that moves the computer account from one OU into another. Obviously you'd have your GPO at the second OU in where you'd be moving your computer account to.

Anyway, from there, have the script invoke gpupdate /force and your GPO will take in effect immediately.

If you want to make changes to the registry, there's about a dozen (that I know of) locations where you'd have to make changes just for a single policy. Even then, that doesn't always work.

Anyway, yeah. Your program at the client level would look something like this:
-Authenticate password (if you're using batch scripting, just authenticate against a service user account in AD and continue processing based on error codes).
-Invoke script to move current computer account from one OU to another
-Execute gpupdate /force
-Exit

There might be an easier way, but who knows...

Lacc
Jul 12, 2004

Install fist, problem solved.

So I have these perfectly working VBS logon scripts going on, and suddenly decided to try doing the printer bits in GP Preferences. Now there's a small problem with default printers and I'm lost.

Each printer is mapped according to the user's group, and each one is the default printer for at least one person. I figured, hey, let's just set "Set this printer as default printer" for all of them since security group filtering handles the rest. Of course this didn't work as planned on my account since I have multiple printers available, and the last one is now the default.
I can't change the printers' order even if there's a tempting "Order" heading and a number for each one on the list. What I'd like to know is if there's a way to reorder the printers, or even better, somehow make setting the default printer work according to users' group membership. That last one is what I'd actually need to start deploying printers this way.

It's so easy with VBS.

Cidrick
Jun 10, 2001

Praise the siamese


TheFlyingDutchman posted:

Switching like that would be pretty difficult, really. The easiest way to do it, would be to log in as a different user, but that's not what you're asking for...

What I would do for this would be to write a script that moves the computer account from one OU into another. Obviously you'd have your GPO at the second OU in where you'd be moving your computer account to.

Anyway, from there, have the script invoke gpupdate /force and your GPO will take in effect immediately.

If you want to make changes to the registry, there's about a dozen (that I know of) locations where you'd have to make changes just for a single policy. Even then, that doesn't always work.

Anyway, yeah. Your program at the client level would look something like this:
-Authenticate password (if you're using batch scripting, just authenticate against a service user account in AD and continue processing based on error codes).
-Invoke script to move current computer account from one OU to another
-Execute gpupdate /force
-Exit

There might be an easier way, but who knows...

Oh yeah, I forgot to mention that these computers are remote sites would be on a workgroup

Thanks though, this is actually a pretty good way to do it inside a domain.

kik2dagroin
Mar 23, 2007

Use the anger. Use it.

Ooh, I have a question. I understand that there is overhead for every GPO deployed to a computer. If I set the GPO to be disable User Configuration or Computer configuration, would that cut back on the overhead it takes to process the GPO since it would only be deploying certain settings?

EDIT: Sorry, hit post accidentally.

Sock on a Fish
Jul 17, 2004

What if that thing I said?

We recently linked our headquarters and a remote office with a dedicated intranet link. I disabled folder redirection for the users in the remote office, since that would've been quite painful over our 3.0Mbps link. However, I'm still getting some complaints of slowness in Office 2007 apps. Every now and then one of my users will have an Office app hang so long that she has to kill it, and this behavior coincided with her machine getting a route to our domain controllers.

Any theories on why this might be happening? I only had folder redirection setup on the My Documents folder, and I've verified that her My Docs is now local.

Slappy Pappy
Oct 15, 2003

Mighty, mighty eagle soaring free
Defender of our homes and liberty
Bravery, humility, and honesty...
Mighty, mighty eagle, rescue me!


Dinosaur Gum

Great thread - with XP, GPO's were great and powerful but not always the easiest way to accomplish something. For anyone who is familiar with the registry or with the old NT POLEDIT, but who might be intimidated by GPO's - try opening up some of the .adm templates in notepad. It will give you some great visibility into how these things actually work (they're basically just re-formatted .reg files).

No reason to be intimidated.

JackBoCracken
May 27, 2001


I don't really have anything relevant to say, but did you just say 'leveraging' because you could, or because it seems to be the next annoying trend in businesspeak?

Suspicious
Apr 30, 2005
You know he's the villain, because he's got shifty eyes.


Cohesively synergizing efficiency paradigms by leveraging group policies

Sock on a Fish
Jul 17, 2004

What if that thing I said?

What's the best way to exclude a set of users from a folder redirection policy? Right now I've got a folder redirection policy to redirect My Documents to the user's home directory on our fileserver applied to the OU that houses a user OU, and at the user OU level I've got a policy that redirects My Documents to the local user profile and only gets applied to users in a specified group.

TheFlyingDutchman
May 26, 2005
Skyway wanderer

Sock on a Fish posted:

What's the best way to exclude a set of users from a folder redirection policy? Right now I've got a folder redirection policy to redirect My Documents to the user's home directory on our fileserver applied to the OU that houses a user OU, and at the user OU level I've got a policy that redirects My Documents to the local user profile and only gets applied to users in a specified group.

You could move that group of users to a sub OU and then apply a GPO canceling out the folder redirection policy.

Or you could dump the users in a group, create the GPO to cancel the folder redirection policy, link it to the base users OU, then have only the group the users belong to in the security application section of the GPO.

Sock on a Fish
Jul 17, 2004

What if that thing I said?

So, I'm going to be deploying a domain controller at that remote office soon. Are there any drawbacks to just letting it operate as a domain controller for our current domain, or should it get its own domain in the forest?

Briantist
Dec 5, 2003

The Professor does not approve of your post.

Lipstick Apathy

Sock on a Fish posted:

So, I'm going to be deploying a domain controller at that remote office soon. Are there any drawbacks to just letting it operate as a domain controller for our current domain, or should it get its own domain in the forest?
I went through this back in May and I didn't set up a different domain. My situation might be different because we use SBS, and I probably couldn't create a new domain if I wanted to but this other office is a state away and only has 6 employees. I set up the domain controller over there and set up an IPSec VPN tunnel between the two sites.

Then I went into Active Directory Sites and Services to define a new site and made sure to set it up so that it knows that other domain controller is at the other site. This helps it conserve some bandwidth, so it's not treating it like it's on a LAN.

This is also about the time I started using DFS with replication which really helped, since there's now no direct opening of files across the VPN (automatically accessed the local copy and replicates later).

So yeah, after this experience, for us, I don't think I would create another domain even if that office was bigger.

Phearson
Aug 15, 2006

Have you seen my pants?

I looked through the thread for this; sorry if I missed it...

I started a new job as a SysAdmin at a small college earlier this year. We've got a bunch of group policies in place (a mix of things I've done, and things that were here when I got here). Is there a way (either with the Group Policy Management tool or some other tool) to see only the modified parts of a particular policy (filter out everything that's not configured)? Currently, if I want to know what a vaguely named policy does, I have to dig into every setting until I find what's been changed.

Slappy Pappy
Oct 15, 2003

Mighty, mighty eagle soaring free
Defender of our homes and liberty
Bravery, humility, and honesty...
Mighty, mighty eagle, rescue me!


Dinosaur Gum

Phearson posted:

I looked through the thread for this; sorry if I missed it...

I started a new job as a SysAdmin at a small college earlier this year. We've got a bunch of group policies in place (a mix of things I've done, and things that were here when I got here). Is there a way (either with the Group Policy Management tool or some other tool) to see only the modified parts of a particular policy (filter out everything that's not configured)? Currently, if I want to know what a vaguely named policy does, I have to dig into every setting until I find what's been changed.

I skipped work today but I'm pretty sure that the GPMC will show you only the non-default settings if you look on the "settings" tab from within the console (not from within the editor).

Phearson
Aug 15, 2006

Have you seen my pants?

Spamtron7000 posted:

I skipped work today but I'm pretty sure that the GPMC will show you only the non-default settings if you look on the "settings" tab from within the console (not from within the editor).

Wow, I feel dumb for not noticing that. Thanks!

taiyoko
Jan 10, 2008




I've got an issue that would be so much easier if it cold be solved through GPO...

We have about 400 laptops deployed in various schools throughout the school system. It turns out that we need to change the power settings on every one of them, but currently the only way to do so is to log on, disable Deep Freeze, log on as local Administrator, give the user admin rights, log into the student user account, and manually change the power settings to where they need to be before enabling Deep Freeze and shutting it back down.

Without changing the power settings, these computers won't boot into maintenance mode correctly to run updates.

Is there a way to push out these changes without having to grant student accounts admin rights and manually have to change every laptop?

Sock on a Fish
Jul 17, 2004

What if that thing I said?

If you're using the new group policy extensions you can just use group policy editor in Vista/Server 2008 to make a GPO for whatever power settings you want.

All of the power management settings are contained in the registry, so if you're not using the new extensions, you can push a registry change.

Serfer
Mar 10, 2003

The piss tape is real



Nap Ghost

Sock on a Fish posted:

If you're using the new group policy extensions you can just use group policy editor in Vista/Server 2008 to make a GPO for whatever power settings you want.

All of the power management settings are contained in the registry, so if you're not using the new extensions, you can push a registry change.
Something I discovered recently, if you want to push out a registry change, rather than using a batch file, you can use just group policy (even without the new extensions/a vista computer to set it up on). It involves building your own ADM templates though.

http://technet.microsoft.com/en-us/...y/bb742499.aspx

Here's an example of what I used to force file extensions to be shown (yeah it's stupid, but I was playing):
code:
CLASS USER
CATEGORY !!HideFileExt
 POLICY !!HideFileExt
  KEYNAME "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
   VALUENAME !!HiddenfileExt_Name
   VALUEON NUMERIC 1
   VALUEOFF NUMERIC 0
 END POLICY
END CATEGORY
[strings]
HideFileExt="Hide file extensions"
HiddenfileExt_Name="HideFileExt"
Using these, you can set whatever you want, without using a batch file or .reg files.

TheFlyingDutchman
May 26, 2005
Skyway wanderer

Serfer posted:

Something I discovered recently, if you want to push out a registry change, rather than using a batch file, you can use just group policy (even without the new extensions/a vista computer to set it up on). It involves building your own ADM templates though.

http://technet.microsoft.com/en-us/...y/bb742499.aspx

Here's an example of what I used to force file extensions to be shown (yeah it's stupid, but I was playing):
code:
CLASS USER
CATEGORY !!HideFileExt
 POLICY !!HideFileExt
  KEYNAME "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
   VALUENAME !!HiddenfileExt_Name
   VALUEON NUMERIC 1
   VALUEOFF NUMERIC 0
 END POLICY
END CATEGORY
[strings]
HideFileExt="Hide file extensions"
HiddenfileExt_Name="HideFileExt"
Using these, you can set whatever you want, without using a batch file or .reg files.

Out of curiosity, wouldn't a batch file run at logon do the exact same thing?

Serfer
Mar 10, 2003

The piss tape is real



Nap Ghost

TheFlyingDutchman posted:

Out of curiosity, wouldn't a batch file run at logon do the exact same thing?

You could make a batch file do the same thing, but this does it with group policy.

ozmunkeh
Feb 28, 2008

hey guys what is happening in this thread


Most of the software we use is now being controlled with Group Policy. I just set up a new workstation for one of the engineers here and aside from the few manual things like joining it to the domain and removing some of the pre-installed apps (no, Dell, I don't need 15 different Roxio apps, thanks), all my setup consisted of was figuring out what software is needed and just adding the computer account to about 15 security groups. One reboot later and everything is installed and working. So much easier than what I used to do, and much of it stemmed from stumbling onto this thread. Thanks!


One question. I've upgraded one of the apps by adding another package to the GPO and configuring it to upgrade the previous version. Do I have to leave the old package in the GPO? What's best practices with this situation? I've noticed that new computers just install the latest version which is nice.

TheFlyingDutchman
May 26, 2005
Skyway wanderer

ozmunkeh posted:

Most of the software we use is now being controlled with Group Policy. I just set up a new workstation for one of the engineers here and aside from the few manual things like joining it to the domain and removing some of the pre-installed apps (no, Dell, I don't need 15 different Roxio apps, thanks), all my setup consisted of was figuring out what software is needed and just adding the computer account to about 15 security groups. One reboot later and everything is installed and working. So much easier than what I used to do, and much of it stemmed from stumbling onto this thread. Thanks!


One question. I've upgraded one of the apps by adding another package to the GPO and configuring it to upgrade the previous version. Do I have to leave the old package in the GPO? What's best practices with this situation? I've noticed that new computers just install the latest version which is nice.

Personally, I would leave it in there just for legacy support. The newer package "should" be used now regardless, but you never know sometimes unless you can verify everything is using the new package. In that case, I'd remove it.

But yeah, check, check, check. If you're unsure, leave it.

Falcon2001
Oct 10, 2004

Eat your hamburgers, Apollo.

Pillbug

Voted 5 and bookmarked. I need to get more into using this at my workplace, awesome post

namol
Mar 21, 2007


Sock on a Fish posted:

So, I'm going to be deploying a domain controller at that remote office soon. Are there any drawbacks to just letting it operate as a domain controller for our current domain, or should it get its own domain in the forest?

What functionality level is your domain currently at? Server 2008, server 2003 etc? If the domain is at the 2008 functionality level and the DC will be server 2008 based you could deploy it as a read only dc or RODC. Here's a link about it http://technet.microsoft.com/en-us/...y/cc732801.aspx and step by step guide.

Briantist
Dec 5, 2003

The Professor does not approve of your post.

Lipstick Apathy

I'm so glad this thread hasn't died.

I would like get some discussion going on the special configuration needs for mobile/laptop users. Right now, I'm struggling with how to manage some of these systems. We've got techs who might never come into the office for a month or more, because they go directly to jobs from home, and go right back home afterward.

Since they aren't connected to the domain for long stretches of time they don't get group policy changes, software updates, etc. I am working on a way for them to get virus updates with NOD32 without them having to connect to he VPN, but it isn't fleshed out yet (I know you can have NOD32 mobile users update directly from the internet, but I'm trying to avoid that just to avoid embedding our credentials on portable computers).

I'd love to hear how some other administrators handle issues unique to mobile users.

TopShelfer
Feb 25, 2007
Me and my deaf girlfriend went out to dinner. All of a sudden all I could hear was "UUUHHHH HHHHUR RRRAA AAAGGGL LLLLLL NGGGG UHHHHRR RRRR" It was awkward and just weird.

I think you meant to say "using"

Zedlic
Mar 10, 2005

Ask me about being too much of a sperging idiot to understand what resisting arrest means.

I don't care if I'm replying to an old thread, this is too good information to go into archives. Helped me a lot.

Also, I have a problem that's related to Active Directory and Group Policy. Hopefully someone here has an idea towards a solution.

You see, when I was creating the domain for this AD (tiny company, first time administering Windows, learning as I go, etc.) I figured it would be a good idea to name the domain the same as the URL for the company. As in companyname.is. So the domain is called companyname.is and the url for the website (hosted elsewhere) is companyname.is.

This was all well and good until I realized that this meant that all users trying to access companyname.is from a browser on a domain computer were redirected to the web server on the domain controller, instead of accessing the actual website on the Internet.

After looking around I found an A Record in the DNS settings on the domain controller pointing companyname.is to the domain controller IP. Thinking I had found the problem, I deleted the record, but now no machine can even ping companyname.is.

Can I tell the DNS server to forward requests for companyname.is just like any other requests that get translated to an IP? Or do I need to rename the domain?

Suspicious
Apr 30, 2005
You know he's the villain, because he's got shifty eyes.


Don't mess with DNS records of domain controllers or anything created by active directory because you could break many things. AD is dependent on DNS to work.

What you could do is make a www. A record that points to the IP of the external site or turn on IIS on the DC and create a simple page that redirects to the external IP

LoKout
Apr 2, 2003

Professional Fetus Taster

taiyoko posted:

Is there a way to push out these changes without having to grant student accounts admin rights and manually have to change every laptop?

I realize this is an old question, but in case anyone else is interested, yes there is a way to push GPO settings remotely. XP doesn't have settings for GPO based power management, but Energy Star has released some packages to make this possible. I just pitched doing some power saving things at work yesterday, and they went over fairly well. Most everyone wanted to just disable sleep modes altogether but I was like save some green.

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles



JackBoCracken posted:

I don't really have anything relevant to say, but did you just say 'leveraging' because you could, or because it seems to be the next annoying trend in businesspeak?

Because I didn't want to name it "You could be using group policy for that you big idiot", which tends to be my initial reaction to a lot of the Windows domain admin questions that get posted here.

Suspicious posted:

Cohesively synergizing efficiency paradigms by leveraging group policies

Cidrick I need a thread rename over here

Briantist posted:

I'm so glad this thread hasn't died.

I would like get some discussion going on the special configuration needs for mobile/laptop users. Right now, I'm struggling with how to manage some of these systems. We've got techs who might never come into the office for a month or more, because they go directly to jobs from home, and go right back home afterward.

Since they aren't connected to the domain for long stretches of time they don't get group policy changes, software updates, etc. I am working on a way for them to get virus updates with NOD32 without them having to connect to he VPN, but it isn't fleshed out yet (I know you can have NOD32 mobile users update directly from the internet, but I'm trying to avoid that just to avoid embedding our credentials on portable computers).

I'd love to hear how some other administrators handle issues unique to mobile users.

Here is how I would handle it: Run your Nod32 RAS in a DMZ and have it publicly accessible on TCP 2221 and 2222 for updates and console reporting. Enable authentication on the mirror (basic will use an internal account, NTLM will use local windows credentials you set on the server) and set a password on console communication as well. Credentials as hashed out when saved to a client's registry, so the actual password getting stolen isn't a huge risk. What you need to worry about is someone exporting out the XML config and distributing that, but setting the client password takes care of that situation. Configure an update profile for every single computer you have to use your RAS as the primary source and then configure the secondary profile to ESET's servers with the EAV-whatever username/pass.

As for the laptops, I can see two viable ways of doing it. First would be is that you don't join the laptops to the domain, give users admin rights, and let them do whatever the hell they want. When they want access to internal resources, you force them to use VPN access through a product that does client integrity checking (patches, AV defs, running exploits, stuff like that), and once they pass they can get access either to a terminal server that gives them a standard desktop environment or just direct access to network shares or whatever they need. The other option would be join the machines to the domain by don't configure them to have the local users group be a member of domain users. Give them a local admin account on the laptop to use. That way, when they do get on the VPN or bring it in to the office you can push down configuration changes for whatever policy changes. Software installation would be tricky since you most likely don't want the computer creating a VPN link back to your network every time it boots up. In that situation, I would make it company policy that every 6 months laptops have to come in for maintenance and once they are on the local lan they can pull in the latest software packages, then send them back out in the field. You would want a seperate vlan set up for doing that, since it would be possible that the machine could be carrying a trojan that would get blasted out to the subnet it is on.

LoKout posted:

I realize this is an old question, but in case anyone else is interested, yes there is a way to push GPO settings remotely. XP doesn't have settings for GPO based power management, but Energy Star has released some packages to make this possible. I just pitched doing some power saving things at work yesterday, and they went over fairly well. Most everyone wanted to just disable sleep modes altogether but I was like save some green.

Install the group policy client-side extensions on your XP machines and use a Vista/2008 machine to create a policy that modifies your power profile. Your XP workstations can apply that policy and you should be all set.



Just a reminder that the default Home/Office power profile that XP uses disables speedstep on XP. I recommend setting it to Minimal Power Savings which, despite the name, does user speedstep and then tweaking the exact values from there.

brc64
Mar 21, 2008

I wear my sunglasses at night.

BangersInMyKnickers posted:

Install the group policy client-side extensions on your XP machines and use a Vista/2008 machine to create a policy that modifies your power profile. Your XP workstations can apply that policy and you should be all set.
I did the group policy preferences for the 2008 install I did a couple weeks ago, and by and large, everything worked out great. The INI and ODBC editors are a loving godsend!

But as far as I could tell, the preferences I set for power and local users and groups would never get applied. Everything else worked great, but those just never seemed to apply. I skimmed the event logs but nothing jumped out at me. Those were probably the two least important preferences I set, so I didn't spend much time looking into them, but I would like to know if I did something wrong.

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles



brc64 posted:

I did the group policy preferences for the 2008 install I did a couple weeks ago, and by and large, everything worked out great. The INI and ODBC editors are a loving godsend!

But as far as I could tell, the preferences I set for power and local users and groups would never get applied. Everything else worked great, but those just never seemed to apply. I skimmed the event logs but nothing jumped out at me. Those were probably the two least important preferences I set, so I didn't spend much time looking into them, but I would like to know if I did something wrong.

There are some weird bugs in them still. Like I had a scheduled startup task fail if I unchecked the "do not run on battery" option and the clients complained about the policy being malformed. There is also a known issue with the changes you make in some of the preferences not saving out until completely close out the mmc client. I would recommend playing around with it and going step by step when you have free time. I'm sure there are still more little gotchas sitting around that I'm not aware of.

Cidrick
Jun 10, 2001

Praise the siamese


You got it dude

Zedlic
Mar 10, 2005

Ask me about being too much of a sperging idiot to understand what resisting arrest means.

Suspicious posted:

Don't mess with DNS records of domain controllers or anything created by active directory because you could break many things. AD is dependent on DNS to work.

What you could do is make a https://www. A record that points to the IP of the external site or turn on IIS on the DC and create a simple page that redirects to the external IP

Thanks, this worked perfectly.

Now I'm having another problem: GPO-enabled drive maps don't map at all on laptops.

The setting is enabled under User Configuration -> Preferences -> Windows Settings -> Drive Maps and is set to Replace (that is, create if not there, else replace. I've also tried Update, and toggling the Reconnect switch) a drive map giving each user access to a central share. This GPO is linked to an OU containing all users. This works perfectly on all desktops in the domain. Drive gets mapped every time, no problems.

On the laptops it doesn't do anything. Nothing is mapped, no events are logged telling me why nothing did. It just doesn't work. Mapping it manually in Windows Explorer works fine.

Now, since the laptops and desktops are currently operating under the exact same GPOs, that is obviously not the issue. So it must be something related to some laptop-specific feature which brings us to the most likely culprit: Wireless.

With that in mind, I enabled "Always wait for the network before logging on" but still nothing. I'm completely empty and have no idea why the laptops can't just loving map this single drive. Help.

murk
Oct 31, 2003
Never argue with stupid people, they drag you down to their level and beat you with experience.

Are the laptops XP, and do they have group policy preference client side extensions update installed?

Zedlic
Mar 10, 2005

Ask me about being too much of a sperging idiot to understand what resisting arrest means.

murk posted:

Are the laptops XP, and do they have group policy preference client side extensions update installed?

The laptops are Vista, just like the desktops. Not sure about this update, but WSUS is running on the GP controller and all the clients are more or less up to date. (Edit: All other GPO's work perfectly fine on the laptops too).

Actually I'm also having a tiny problem with that, where I have a hundred approved updates and a GPO that tells all computers to auto-update at 03:00 even when asleep/in hibernation but then I log on the next day to see all hundred updates still needed for all the computers. Can I force feed updates?

Zedlic fucked around with this message at Mar 3, 2009 around 09:50

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles



What kind of security are you using with your wireless? I think the always wait for network before logging on will only work if it is an open AP, and you need to go through some hoops to get the wireless to pre-authenticate during system startup before you can get drive mappings to work over wireless.

meba rhodium
Aug 25, 2008


Yes, this sounds like authentication problems.

Adbot
ADBOT LOVES YOU

Zedlic
Mar 10, 2005

Ask me about being too much of a sperging idiot to understand what resisting arrest means.

BangersInMyKnickers posted:

What kind of security are you using with your wireless? I think the always wait for network before logging on will only work if it is an open AP, and you need to go through some hoops to get the wireless to pre-authenticate during system startup before you can get drive mappings to work over wireless.

I'm using WEP-PSK right now but I could switch to WPA if necessary. I actually tried setting up a GPO for only the laptops telling them to connect to the AP using WPA-PSK but it didn't give me the option of specifying the key itself. Maybe I'm missing something.

Do you know what hoops I need to jump through to fix this?

  • Locked thread
«31 »