none
Computer Configuration not refreshing on WiFi clients

    Question

  • Morning folks!

    I've got one, that is likely very easy, but I'm unable to find anything via Bing or Google to suggest anyone else is doing this.

    In my environment I've rolled out GPO settings to configure WiFi for Windows 7 (and some XP clients) automatically. These clients connect to the WiFi SSID just before logon (SSO) without issue and as long as the device is already present and active in AD, there's no problem with new users using the devices - in other words, they log on with their credentials and the User Configuration(s) in any GPOs are refreshed without issue.

    My problem is with the Computer Configuration. I change settings when required (who doesn't) and the wired clients are 100%, they update without issue. However, the WiFi clients Computer Configuration will not update - due to there being no WiFi (or network in general) available until the user attempts log on. I've attempted to get this going using only Computer Authentication, but I'll be honest, I'm stumped and I'm not ashamed to ask for advice on this one.

    All I'm looking to achieve is update any/all GPO Computer Configuration settings from boot, when not physically cabled into the LAN. Although major changes to the current environment won't be possible if there is (any) cost to be incurred :(

    I'm looking into this due to the introduction or tablet/hybrid devices, some of which don't have a wired NIC on them. I could provide the users with USB GB adapters, but to be honest, and I'm going to be nasty here, but the user that have wired and WiFi NICs on the laptops had trouble comprehending the my words of "once a month, plug into the network to keep the trust between your computer and the server." Bloody idiots >:|

    Any help would be greatly appreciated.

    Cheers!


    Wednesday, January 21, 2015 11:41 AM

Answers

  • Hi,

    >>However, the WiFi clients Computer Configuration will not update - due to there being no WiFi (or network in general) available until the user attempts log on.

    Based on the description, the behavior can be caused by a race condition between network initialization, locating a Domain Controller and processing Group Policy. If the network is not available, a Domain Controller will not be located, and Group Policy processing will fail.

    To workaround the issue, we can set a registry value to delay the application of Group Policy. Here, we can follow the procedure described in the following article to do this.

    Windows 7 Clients intermittently fail to apply group policy at startup

    http://support.microsoft.com/kb/2421599

    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

    Best regards,
    Frank Shen


    Thursday, January 22, 2015 2:38 AM
    Moderator

All replies

  • my first guess is that the GPOS don't have time to apply and they are foreground Gpos

    try this and link to the root of the domain if i were you

    https://technet.microsoft.com/en-us/magazine/gg486839.aspx

    Wednesday, January 21, 2015 7:53 PM
  • Hi,

    >>However, the WiFi clients Computer Configuration will not update - due to there being no WiFi (or network in general) available until the user attempts log on.

    Based on the description, the behavior can be caused by a race condition between network initialization, locating a Domain Controller and processing Group Policy. If the network is not available, a Domain Controller will not be located, and Group Policy processing will fail.

    To workaround the issue, we can set a registry value to delay the application of Group Policy. Here, we can follow the procedure described in the following article to do this.

    Windows 7 Clients intermittently fail to apply group policy at startup

    http://support.microsoft.com/kb/2421599

    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

    Best regards,
    Frank Shen


    Thursday, January 22, 2015 2:38 AM
    Moderator
  • Thanks for the replies folks.

    I've made the change and can see the updated GPO setting (the GP application delay reg item) being pushed to the mobile devices without issue (via group membership and item level targeting). So far, all my GPO settings apply (computer and user) without issue, EXCEPT for the assigned software.

    I've a few applications I've been able to test with and regardless, the software refuses to install or uninstall when unlinked. But all other settings come and go as I require.I've been doing a bit of reading on this one, do I need an additional layer of security, like certs or tweak my currently rolled out WiFi settings? I'll be the first to admit that I hate dealing with certs as most of the time the science of them goes over my head, so if that's my problem, then I'm in for a fairly steep learning curve, lol.

    Cheers!


    Friday, January 23, 2015 4:13 PM

  •  the software refuses to install or uninstall when unlinked.

    unless I've read this wrong (maybe) nothing will apply with an unlinked GPO
    Saturday, January 24, 2015 6:37 PM

  •  the software refuses to install or uninstall when unlinked.

    unless I've read this wrong (maybe) nothing will apply with an unlinked GPO

    Should have worded it as "the software refuses to install when linked, or uninstall when unlinked.

    Sorry for the confusion.

    Monday, January 26, 2015 11:40 AM
  • Hi,

    Before going further, sorry for the late response.

    >>So far, all my GPO settings apply (computer and user) without issue, EXCEPT for the assigned software.

    What about our network link? Some group policy settings like Software Installation Policy and Folder Redirection are not processed if slow network link is detected.

    To tackle this, we can try to navigate to the following policy setting:

    Computer Configuration \Administrative Templates\System\Group Policy\Configure Software Installation Policy Processing

    and then we Enable the setting and check the option: Allow processing across a slow network connection

    Regarding slow link, the following articles can be referred to for more information.

    Group Policy slow link detection

    https://technet.microsoft.com/en-us/library/cc978717.aspx

    Group Policy does not apply when connecting remotely over a slow link

    https://technet.microsoft.com/en-us/library/cc759191(v=ws.10).aspx

    Best regards,
    Frank Shen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 02, 2015 9:53 AM
    Moderator