• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.



█▄█ ▀█▄ █
Political User
If there are remote users who may not be connected during the randomized 90 minute interval to update GPO, what is the best way to ensure it isn't "luck of the draw" that the Policies update during each session, or each time they connect?

Obviously I want something seamless, as forcing the clients to do a gpudate /force would be out of the question since the user would have to manually click a file once connected.
Last edited:


█▄█ ▀█▄ █
Political User
Easy solution but won't apply.

The problem exists for remote users who 50% or more aren't actually connected to the network, and their login scripts can't run at boot because they aren't connected.

They use cached domain credentials to login to their machines first, as our vpn software doesn't run as a service.
Last edited:


Woah.. I'm still here?
Staff member
Political User
hmm.. well, this would be a TOTAL kludge, but you could create a schedule task (or an "at" command) to run gpupdate ever hour or so..

Haven't really thought too much about it, but i'm tired and cranky with a headache and this just popped into my head.

edit: what VPN client are you using? Also: are these machines domain members?


█▄█ ▀█▄ █
Political User
Machines are domain members, VPN software varies between two different clients.

Scheduled task could be OK, but still no guarentee it will actually run when connected. I want to look at a way for it to run when the IP changes, as it does when VPN connection is established


Woah.. I'm still here?
Staff member
Political User
bah.. not easy to do.

In theory you could write a little program and install it as a service (srvany! gotta love it!) that polls the IP and/or connection status every 2 minutes/5 minutes/whatever minutes) and runs a gpupdate when it finds a link/change.

edit: i thought computers that were domain member were supposed to run their login scripts when they connect via VPN.. hmm.. gotta try to do research to remember how that all worked.

edit2: I don't suppose there is anything in the VPN Clients to tell it to execute a post-connection script?
This should help:


Check out the following parts of the article:

Application of Group Policy During a Remote Access Connection

When the logon is done with cached credentials, and then a remote access connection is established, Group Policy is not applied during logon. For example, if users connecting through a VPN connection are logging in via cached credentials, folder redirection settings will not be processed, because folder redirection policy can only be processed at user logon, not in the background refresh.
Near the top of the article they explain how you can change the interval in which the update is triggered. Perhaps adjust it - set it to 20 minutes.


█▄█ ▀█▄ █
Political User
The policy interval won't really help in our situation, as sometimes people only stay connected to replicate mail up (Lotus Notes). I'm actually close on something with our Patch Management tool - LanDesk - to force this kind of thing on the client side each time the IP changes.

Thanks though ;)

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
What a long strange trip it's been. =)

Forum statistics

Latest member