GROUP POLICY COMPUTER SETTINGS NOT APPLIED DURING WIRELESS LOGON

Discussion in 'Wireless Networking' started by p.squance, Nov 30, 2006.

  1. p.squance

    p.squance Guest

    I have a Windows Server 2003 Domain in which I have implemented
    wireless netowrking which is secured WPA and 802.1X certificate
    authentication of computers and users, as per Microsoft best practise.

    So long as wireless configuration is manually configured, networking
    and logons work fine. However when group policy has been used to
    deliver wireless configuration to client, wirless settings a are lost
    after three logons.

    It transpires that when the logon is processed wirelessly, the computer
    settings of policies are not applied, policies are filtered from the
    RSOP stating 'Denied ( Security)'. The computer is obviously not known
    at the time of processing since the SECURITY GROUP membership listing
    in GPRESULT indicates a NULL SID and does not list the groups to which
    the computer belongs.

    If a wired connection is used to logon, all policies are applied
    correctly and group memnerships are correctly identified.

    Authenticated users have read and apply rights to the policies. In
    desperatiuon I have added the domain workstaions to to ACL for test
    policies.

    The problem is obviuosly going to be overcome by ensuring the computer
    is known prior to attempting load the computer policies. Can anybody
    advise how this might be achieved.

    The following registry files are in place to try and overcome the
    problem:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    NT\CurrentVersion\Winlogon - GpNetworkStartTimeoutPolicyValue - set to
    60
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -
    GpNetworkStartTimeoutPolicyValue - set to 60
     
    p.squance, Nov 30, 2006
    #1
    1. Advertisements

  2. p.squance

    MacAddict Guest

    I would check your default policy to make sure nothing strange is
    there.

    I had this working fine a couple of months ago.

    Also, make sure that the default policy is set so that Windows waits
    until the network connections are ready before logging in (I forget
    what the setting is called).
     
    MacAddict, Dec 6, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.