Problem: Users logging on to an Active Directory domain across a relatively slow VPN link will unreliably apply group policies. This article deals with user policies specifically, not computer policies.
Solution: Although the ultimate solution to this problem would be to cure the root cause of the group policies not being applied, my reason for writing this was to get the policies to apply immediately so that I could fix the root cause later.
To get the policies to apply immediately, first try this:
Ensure proper communication with the domain and domain controller.
- From a command prompt at the remote computer:
- Run
ipconfig /flushdns
- Run
ipconfig /registerdns
- Ping the domain and the domain controller that hold the policy in question.
Try to force the policy.
- From a command prompt at the remote computer:
- Run
gpupdate /force
- Log the user off without restarting the computer.
- Log back on and check if the policy has been applied.
Try to apply the policy synchronously.
Sometimes over a slow link, target computers will time out before applying policies at logon. This is especially true of large logon scripts. This gets into a separate discussion on synchronous vs. asynchronous group policies, but for the purposes of this article we will force a one-time synchronous logon.
- From a command prompt at the remote computer:
- Run
gpupdate /sync
. - You will be prompted to reboot.
- Reboot and log back in to check if the policy has been applied.
In most cases these steps will get your policy applied so that you can spend your time figuring out the root cause of the situation. If the policy still will not apply, consider clearing out all cached and local policies and following the above steps again.
-n
Leave a Reply