Results 1 to 9 of 9

Thread: Group Policy logon script not applied if connected by WiFi

  1. #1
    Alister Guest

    Group Policy logon script not applied if connected by WiFi

    I have an issue with a couple of Vista laptops not running a Group Policy
    logon script when they are connected by WiFi.
    If these same machines are connected to the domain by physical ethernet
    there is no problem.

    Some background:

    Mixed 2000 / 2003 AD domain with four DCs, one of which does all the DHCP
    and DNS for the domain.
    Clients are a mixture of 2000 / XP Pro / Vista Business desktops and
    laptops.

    WiFi is provided by three Cisco wireless access points, ALL DHCP is handled
    by the DC, not the WAP's.

    The logon script is a simple batch file to map network drives and is applied
    through Group Policy / User Configuration / Windows Settings / Scripts
    (Logon/Logoff)
    It works fine for all users except when a user logs on from one of two Dell
    XPS laptops running Vista and connected by WiFi. If the same machine is
    connected by ethernet then the script runs fine. The problem does not occur
    on XP Pro laptops on WiFi.

    Has anyone come across this issue before - or can anyone suggest a solution?

    Not quite sure if this a networking issue, or an AD issue, so crossposted to
    ..active directory and .networking

  2. #2
    Paul Bergson [MVP-DS] Guest

    Re: Group Policy logon script not applied if connected by WiFi

    You are using cached credentials when you log on via Wi-Fi. The wireless
    connection isn't processed until after you are logged into your local
    machine. Thereby you have to run the script manually to get it to work.

  3. #3
    Alister Guest

    Re: Group Policy logon script not applied if connected by WiFi

    Is this behaviour something that has changed with vista then?

    I don't have this issue logging on from XP Pro machines by wireless
    connection.

  4. #4
    Lanwench [MVP - Exchange] Guest

    Re: Group Policy logon script not applied if connected by WiFi

    I don't know Vista (thankfully) but in XP, are you using the native Wireless
    Zero Configuration and have you made group policy changes for it to work?

    In my experience, wireless+domain=pain in the ___ . Stick with wired
    wherever possible.

  5. #5
    Alister Guest

    Re: Group Policy logon script not applied if connected by WiFi

    I couldn't agree more. Unfortunately, some of our users require the mobility
    of wireless connectivity around the site.

    Yes, I always use WZC in preference to third party stuff, but as I say the
    issue I am having is not reproducable on XP machines, they login and run the
    scripts quite happily over a wireless connection, the only problem I have is
    with these two Vista machines, and only if they are using the wireless. If
    they are connected by ethernet then they login and run the scripts as
    normal.

  6. #6
    Paul Bergson [MVP-DS] Guest

    Re: Group Policy logon script not applied if connected by WiFi

    I have not seen it work on any o/s unless you configure a wmi type of
    scenario to monitor the connection and trigger a script launch. It has been
    to long to remeber to tell you how to do this now.

  7. #7
    Alister Guest
    As far as I know, using the windows native wireless Zero Configuration,
    it runs as a service and therefore the wifi connection (once set up) is
    established at boot without requiring a user to login. In practice this
    seems to be the case as it is possible to log in as a domain user
    without previously having a local copy of their profile created on a
    machine. It is also possible to remotely access shares on such a machine
    without a locally logged in user. I have never had to muck about (with
    XP) to get it to work - it just does - same as if there was a physical
    connection. The script is applied and run through Group Policy with no
    further intervention on my part.

    Maybe Vista (god bless it) does things differently. I just hope Windows
    7 is easier to administer!

    I will have to review it. It sounds like it could be of assistance for our
    pc support crew.

  8. #8
    Lanwench [MVP - Exchange] Guest

    Re: Group Policy logon script not applied if connected by WiFi

    I've done this with XP and the WZC as well - but it is not 100% reliable.
    when it doesn't work, it is a real problem. One option would be to put in a
    terminal server and have the laptops access it - so it doesn't matter what
    they run locally!

  9. #9
    Join Date
    Jan 2010
    Posts
    1

    Re: Group Policy logon script not applied if connected by WiFi

    You can configure wireless to authenticate to AP and have a network connection prior to user logon to the domain.

    We get wireless connection to network/domain prior to user domain logon by configuring the windows wireless profile to "connect as computer when computer information is available", in the properties of the connection.

    This allows users to run logon scripts, map drives, etc exactly as if wired.

    Our authentication scheme uses Cisco APs, MS Windows 2003 IAS RADIUS, PEAP, WPA2, trusted root certificates (self-signed, in our case).

    We use GPOs to configure the PKI policy for certificate deployment and a GPO to configure the WZC for the desired (non-ssid broadcasting) secure network.

    (The certificate is just an added security measure that helps ensure both the user and computer are in the domain before being authenticated on the wireless network)

    <> cheers

Similar Threads

  1. Replies: 3
    Last Post: 17-08-2010, 09:06 PM
  2. Replies: 1
    Last Post: 10-03-2010, 02:14 PM
  3. Group policy logon script doesn't run
    By CryptiniteDemon in forum Windows Server Help
    Replies: 5
    Last Post: 21-07-2009, 06:44 PM
  4. IE Maintenance Group Policy Settings not applied
    By Victor Kam in forum Active Directory
    Replies: 1
    Last Post: 15-01-2008, 01:26 PM
  5. Group Policy sometimes not being applied.
    By Cris Han in forum Active Directory
    Replies: 2
    Last Post: 13-01-2008, 10:47 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,662,564.03028 seconds with 17 queries