Remote Access Clients May Not Receive Domain-Based Policy in Windows 2000 (227619)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
This article was previously published under Q227619

SUMMARY

When a properly configured member of a domain logs on to a domain in which a Group Policy Object (GPO) is present, the user receives the policy. The policy can include such items as shell settings, environment settings, scripts, and so on. GPOs are synonymous with System Policies in Microsoft Windows NT 4.0.

However, the user does not receive the policy if the user connects with a RAS connection that does not require the user to press CTRL+ALT+DELETE and use the "Log On to Windows" dialog box with the "Log on using dial-up connection" option.

MORE INFORMATION

To receive a group policy, the user must select the "Log on using dial-up connection" option in the "Log On to Windows" dialog box and choose an appropriate connection to gain access to a network through which the computer's domain controller and account are reachable. Or, the user must explicitly request a domain group policy to be updated after a RAS connection is established.

You can use Secedit.exe with the /REFRESHPOLICY switch to impose GPO settings upon a target workstation as described below:
  • SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE: Immediately imposes GPO settings located within the "machine" node of relevant GPOs.
  • SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE: Immediate imposes GPO settings located within the "user" node of the relevant GPOs.
Modification Type:MajorLast Reviewed:11/13/2003
Keywords:kbenv kbinfo KB227619
©2003 Microsoft Corporation. All rights reserved.