Microsoft KB Archive/227619

= Remote Access Clients May Not Receive Domain-Based Policy in Windows 2000 =

Article ID: 227619

Article Last Modified on 2/23/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q227619



SUMMARY
When a properly configured member of a domain logs on to a domain in which a Group Policy Object (GPO) is present, the user receives the policy. The policy can include such items as shell settings, environment settings, scripts, and so on. GPOs are synonymous with System Policies in Microsoft Windows NT 4.0.

However, the user does not receive the policy if the user connects with a RAS connection that does not require the user to press CTRL+ALT+DELETE and use the "Log On to Windows" dialog box with the "Log on using dial-up connection" option.



MORE INFORMATION
To receive a group policy, the user must select the "Log on using dial-up connection" option in the "Log On to Windows" dialog box and choose an appropriate connection to gain access to a network through which the computer's domain controller and account are reachable. Or, the user must explicitly request a domain group policy to be updated after a RAS connection is established.

You can use Secedit.exe with the /REFRESHPOLICY switch to impose GPO settings upon a target workstation as described below:
 * SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE: Immediately imposes GPO settings located within the "machine" node of relevant GPOs.
 * SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE: Immediate imposes GPO settings located within the "user" node of the relevant GPOs.

Keywords: kbenv kbinfo KB227619

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.