![]() ![]() ![]()
Can’t hurt, right? I ran the following from an administrative command prompt: Is there anything else I can do to help it be more reliable? The only other idea I have at this point is to make the NLA service dependent on having an active network connection. Well, that worked two times out of three. Voila! After a reboot, the machine immediately came up on with a Domain profile: So I added the “mydomain.local” string to both IPv4 and IPv6 profiles of the adapter. I’d already seen (using ipconfig from a command prompt) that this machine is using both IPv4 and IPv6 to talk to the domain controller. However I did not have “DNS suffix for this connection” filled in. This is critical for all kinds of domain-based stuff (group policy, etc.). I had already set a fixed IP address for the primary DNS server, pointing to the domain controller. SHUTDOWN CLIENT PC FROM DOMAIN CONTROLLER UPDATEHowever the TechNet article cited above wants us to match Connection-specific adapter settings, hence the update above. The Primary DNS Suffix defaults, sensibly, to the domain name. You can also override that in group policy: Computer Configuration Administrative Templates > Network DNS Client > Primary DNS suffix. When you click the More button, you’ll see this dialog: When set in group policy, it overrides the value set in this dialog, but it is not displayed in this dialog.īy the way, the Primary DNS suffix for the computer is set in System Properties when you specify the computer name. Note that this can also be set in group policy: Computer Configuration > Administrative Templates > Network > DNS Client > Connection-specific DNS suffix. I checked that registry key and it in fact contained the correct value, let’s say “mydomain.local”.īut how/where is the Connection Specific DNS Name set? This article offers guidance: you can set it in the adapter’s DNS properties. The big news to me in that article is this: “If the Connection Specific DNS Name matches the HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\NetworkName registry key then the machine will attempt to contact a Domain Controller via LDAP.” Then I found this TechNet blog article on how the NLA service works. Today I decided to dig into this further to see if I could come up with a better solution. Using a script allows doing this even when connected remotely, but it’s awkward and you have to customize the interface name for each PC. Netsh interface set interface "Ethernet" enabled Netsh interface set interface "Ethernet" disabled ![]() In fact I have script a RestartNetworkAdapter.cmd on many computers to do just that: The only sure way that I have found to force the NLA service to re-detect the domain is to stop and restart the network adapter. That doesn’t work because the Network List Service depends on the NLA service, and the Network List Service, for some reason, can’t be stopped. That’s has not been enough in this environment.Īt least one article suggests restarting the NLA service. Several articles suggest changing the NLA service to “Automatic (Delayed Start)”. The problem, of course, is that the Network Location Awareness (NLA) service can’t determine that the machine is on a domain, so it falls back to Public: Some desktops, especially those that have are behind a couple switches, often have problems confirming that they are on the domain, so they come up on the Public network, which messes up RDP connections. SHUTDOWN CLIENT PC FROM DOMAIN CONTROLLER WINDOWS 7User Policy update has completed successfully.Ĭomputer Policy update has completed successfully.One small client has a Server 2012 R2 Essentials domain controller and a few Windows 7 desktops. If Windows accepts the request, it will display the following message: If nothing has changed since the last time the GPO was applied, then the GPO is skipped. This compares the currently applied GPO to the GPO that is located on the domain controllers. To force your Windows computer to check for group policy changes, you can use the gpupdate /force command to trigger the updating process. SHUTDOWN CLIENT PC FROM DOMAIN CONTROLLER SOFTWARESoftware installation and folder redirection settings in a GPO are processed only when a computer starts (computer-based policies) or when the user logs in (user-based policies), rather than at a particular time. You cannot schedule a specific time to apply a Group Policy Object (GPO) to a client computer. You can change the default values by modifying the settings in Administrative Templates. Even then, some changes will not take effect until after a reboot of the computer. SHUTDOWN CLIENT PC FROM DOMAIN CONTROLLER PLUSWhen you make a change to a group policy, you may need to wait two hours (90 minutes plus a 30 minute offset) before you see any changes on the client computers. On client computers, this is done by default every 90 minutes, with a randomized offset of plus or minus 30 minutes. Windows periodically refreshes group policy settings throughout the network. Why your Windows group policy doesn't take effect immediately ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |