Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Group Policy logon script not applied if connected by WiFi

572 views
Skip to first unread message

Alister

unread,
Jun 3, 2009, 6:09:08 AM6/3/09
to
Hi,

I have an issue with a couple of Vista laptops not running a Group Policy
logon script when they are connected by WiFi.
If these same machines are connected to the domain by physical ethernet
there is no problem.

Some background:

Mixed 2000 / 2003 AD domain with four DCs, one of which does all the DHCP
and DNS for the domain.
Clients are a mixture of 2000 / XP Pro / Vista Business desktops and
laptops.

WiFi is provided by three Cisco wireless access points, ALL DHCP is handled
by the DC, not the WAP's.

The logon script is a simple batch file to map network drives and is applied
through Group Policy / User Configuration / Windows Settings / Scripts
(Logon/Logoff)
It works fine for all users except when a user logs on from one of two Dell
XPS laptops running Vista and connected by WiFi. If the same machine is
connected by ethernet then the script runs fine. The problem does not occur
on XP Pro laptops on WiFi.

Has anyone come across this issue before - or can anyone suggest a solution?

Not quite sure if this a networking issue, or an AD issue, so crossposted to
.active directory and .networking

Thanks

Alister


Paul Bergson [MVP-DS]

unread,
Jun 3, 2009, 8:35:48 AM6/3/09
to
You are using cached credentials when you log on via Wi-Fi. The wireless
connection isn't processed until after you are logged into your local
machine. Thereby you have to run the script manually to get it to work.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Alister" <alist...@hotmail.co.uk> wrote in message
news:ucbdXND5...@TK2MSFTNGP04.phx.gbl...

Alister

unread,
Jun 3, 2009, 9:19:13 AM6/3/09
to
Thanks Paul,

Is this behaviour something that has changed with vista then?

I don't have this issue logging on from XP Pro machines by wireless
connection.

Alister

"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
news:eu0FUfE5...@TK2MSFTNGP05.phx.gbl...

Lanwench [MVP - Exchange]

unread,
Jun 3, 2009, 9:42:09 AM6/3/09
to
Alister <alist...@hotmail.co.uk> wrote:
> Thanks Paul,
>
> Is this behaviour something that has changed with vista then?
>
> I don't have this issue logging on from XP Pro machines by wireless
> connection.]]

I don't know Vista (thankfully) but in XP, are you using the native Wireless
Zero Configuration and have you made group policy changes for it to work?

In my experience, wireless+domain=pain in the ___ . Stick with wired
wherever possible.

Alister

unread,
Jun 3, 2009, 11:20:37 AM6/3/09
to

"Lanwench [MVP - Exchange]"
<lanw...@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message
news:OcILWuF5...@TK2MSFTNGP04.phx.gbl...

> I don't know Vista (thankfully) but in XP, are you using the native
> Wireless Zero Configuration and have you made group policy changes for it
> to work?
>
> In my experience, wireless+domain=pain in the ___ . Stick with wired
> wherever possible.

<grin>

I couldn't agree more. Unfortunately, some of our users require the mobility
of wireless connectivity around the site.

Yes, I always use WZC in preference to third party stuff, but as I say the
issue I am having is not reproducable on XP machines, they login and run the
scripts quite happily over a wireless connection, the only problem I have is
with these two Vista machines, and only if they are using the wireless. If
they are connected by ethernet then they login and run the scripts as
normal.

It is - as you say - a p-i-t-a.

Alister


Paul Bergson [MVP-DS]

unread,
Jun 3, 2009, 11:58:31 AM6/3/09
to
I have not seen it work on any o/s unless you configure a wmi type of
scenario to monitor the connection and trigger a script launch. It has been
to long to remeber to tell you how to do this now.


--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Alister" <alist...@hotmail.co.uk> wrote in message

news:ub7Ba7F5...@TK2MSFTNGP02.phx.gbl...

Alister

unread,
Jun 3, 2009, 1:13:54 PM6/3/09
to
Paul Bergson [MVP-DS] wrote:
> I have not seen it work on any o/s unless you configure a wmi type of
> scenario to monitor the connection and trigger a script launch. It has been
> to long to remeber to tell you how to do this now.
>
>
As far as I know, using the windows native wireless Zero Configuration,
it runs as a service and therefore the wifi connection (once set up) is
established at boot without requiring a user to login. In practice this
seems to be the case as it is possible to log in as a domain user
without previously having a local copy of their profile created on a
machine. It is also possible to remotely access shares on such a machine
without a locally logged in user. I have never had to muck about (with
XP) to get it to work - it just does - same as if there was a physical
connection. The script is applied and run through Group Policy with no
further intervention on my part.

Maybe Vista (god bless it) does things differently. I just hope Windows
7 is easier to administer!

Alister

Paul Bergson [MVP-DS]

unread,
Jun 4, 2009, 8:17:07 AM6/4/09
to
I will have to review it. It sounds like it could be of assistance for our
pc support crew.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Alister" <alist...@hotmail.co.uk> wrote in message

news:h06b0j$vtk$1...@news.eternal-september.org...

Lanwench [MVP - Exchange]

unread,
Jun 4, 2009, 8:53:06 AM6/4/09
to

I've done this with XP and the WZC as well - but it is not 100% reliable.
when it doesn't work, it is a real problem. One option would be to put in a
terminal server and have the laptops access it - so it doesn't matter what
they run locally!


baileyk9

unread,
Jan 8, 2010, 2:40:18 PM1/8/10
to

You can configure wireless to authenticate to AP and have a network
connection prior to user logon to the domain.

We get wireless connection to network/domain prior to user domain logon
by configuring the windows wireless profile to "connect as computer when
computer information is available", in the properties of the connection.


This allows users to run logon scripts, map drives, etc exactly as if
wired.

Our authentication scheme uses Cisco APs, MS Windows 2003 IAS RADIUS,
PEAP, WPA2, trusted root certificates (self-signed, in our case).

We use GPOs to configure the PKI policy for certificate deployment and
a GPO to configure the WZC for the desired (non-ssid broadcasting)
secure network.

(The certificate is just an added security measure that helps ensure
both the user and computer are in the domain before being authenticated
on the wireless network)

<> cheers


--
baileyk9
------------------------------------------------------------------------
baileyk9's Profile: http://forums.techarena.in/members/172180.htm
View this thread: http://forums.techarena.in/active-directory/1191180.htm

http://forums.techarena.in

0 new messages