GROUP POLICY COMPUTER SETTINGS NOT APPLIED DURING WIRELESS LOGON

Discussion in 'Wireless Networking' started by p.squance@alexsys.co.uk, Nov 30, 2006.

  1. Guest

    I have a Windows Server 2003 Domain in which I have implemented
    wireless netowrking which is secured WPA and 802.1X certificate
    authentication of computers and users, as per Microsoft best practise.

    So long as wireless configuration is manually configured, networking
    and logons work fine. However when group policy has been used to
    deliver wireless configuration to client, wirless settings a are lost
    after three logons.

    It transpires that when the logon is processed wirelessly, the computer
    settings of policies are not applied, policies are filtered from the
    RSOP stating 'Denied ( Security)'. The computer is obviously not known
    at the time of processing since the SECURITY GROUP membership listing
    in GPRESULT indicates a NULL SID and does not list the groups to which
    the computer belongs.

    If a wired connection is used to logon, all policies are applied
    correctly and group memnerships are correctly identified.

    Authenticated users have read and apply rights to the policies. In
    desperatiuon I have added the domain workstaions to to ACL for test
    policies.

    The problem is obviuosly going to be overcome by ensuring the computer
    is known prior to attempting load the computer policies. Can anybody
    advise how this might be achieved.

    The following registry files are in place to try and overcome the
    problem:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    NT\CurrentVersion\Winlogon - GpNetworkStartTimeoutPolicyValue - set to
    60
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -
    GpNetworkStartTimeoutPolicyValue - set to 60
     
    , Nov 30, 2006
    #1
    1. Advertising

  2. MacAddict Guest

    I would check your default policy to make sure nothing strange is
    there.

    I had this working fine a couple of months ago.

    Also, make sure that the default policy is set so that Windows waits
    until the network connections are ready before logging in (I forget
    what the setting is called).



    On Nov 30, 11:45 am, wrote:
    > I have a Windows Server 2003 Domain in which I have implemented
    > wireless netowrking which is secured WPA and 802.1X certificate
    > authentication of computers and users, as per Microsoft best practise.
    >
    > So long as wireless configuration is manually configured, networking
    > and logons work fine. However when group policy has been used to
    > deliver wireless configuration to client, wirless settings a are lost
    > after three logons.
    >
    > It transpires that when the logon is processed wirelessly, the computer
    > settings of policies are not applied, policies are filtered from the
    > RSOP stating 'Denied ( Security)'. The computer is obviously not known
    > at the time of processing since the SECURITY GROUP membership listing
    > in GPRESULT indicates a NULL SID and does not list the groups to which
    > the computer belongs.
    >
    > If a wired connection is used to logon, all policies are applied
    > correctly and group memnerships are correctly identified.
    >
    > Authenticated users have read and apply rights to the policies. In
    > desperatiuon I have added the domain workstaions to to ACL for test
    > policies.
    >
    > The problem is obviuosly going to be overcome by ensuring the computer
    > is known prior to attempting load the computer policies. Can anybody
    > advise how this might be achieved.
    >
    > The following registry files are in place to try and overcome the
    > problem:
    >
    > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    > NT\CurrentVersion\Winlogon - GpNetworkStartTimeoutPolicyValue - set to
    > 60
    > HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -
    > GpNetworkStartTimeoutPolicyValue - set to 60
     
    MacAddict, Dec 6, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?amFtZXMuam9obnNvbg==?=

    Wireless signal drop during logon

    =?Utf-8?B?amFtZXMuam9obnNvbg==?=, Nov 11, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    649
    =?Utf-8?B?amFtZXMuam9obnNvbg==?=
    Nov 11, 2005
  2. Ben

    Wireless Policy Not Being Applied

    Ben, Jan 6, 2006, in forum: Wireless Networking
    Replies:
    0
    Views:
    532
  3. CJH
    Replies:
    0
    Views:
    1,992
  4. Replies:
    3
    Views:
    13,891
    shane0714
    Mar 30, 2007
  5. M D
    Replies:
    2
    Views:
    1,291
Loading...

Share This Page