Microsoft’s official Group Policy blog
I was thinking about my next blog entry a few weeks back. My research took me through various Web sites, message threads, and articles. Naturally, I wanted something not only pertinent to Group Policy, but also exciting and new (to quote the Love Boat theme song) to many in GP Land. It then came to me in e-mail: How do I dial a VPN connection before logging on? Okay, the question was actually more Group Policy focused. I'm translating to widen the audience (and the search engine <grin>).
The scenario in question is common. You have a large deployment of laptop users, most of whom log on to their computers using cached credentials. One problem in this scenario is Windows does not apply Group Policy at logon because it cannot contact a domain controller. Also, it prevents Group Policy from foreground processing. Foreground processing is important to an environment because Group Policy can only process scripts, software installation, and folder redirection during foreground processing of Group Policy. Other Group Policy extensions apply settings without the foreground processing requirement (see the Core Group Policy Technical Reference for more informaiton on foreground and background processing http://go.microsoft.com/fwlink/?LinkId=55492). So, how can you force foreground processing for remote users? Windows XP provided an answer to this problem in the form of a check box on the logon dialog box named Log on using dial-up connections.
Selecting this check box allows Windows XP to establish a network connection to a remote network before performing the user logon. This is a common solution used to allow remote computers to process Group Policy (assuming the network connection dialed allows the remote computer to find a domain controller for the domain). But where is the check box in Windows Vista? It's not there, but the feature is. Here is how to achieve the same results in Windows Vista that you can achieve in Windows XP.
For starters, the computer must be a member of the domain. Next, you'll want to log on to the computer with a user account equivalent to the local administrator.
Create a system dial-up connection in Windows Vista
Finding the equivalent of "Log on using dial-up connections"
That's how you log on using dial-up connections and how to force foreground processing of Group Policy using Windows Vista. Now, your remote clients can authenticate with your domain when they are on the road, and you can expect foreground Group Policy to occur-- unlike cached logons.
Mike Stephens, Technical Writer, Group Policy
That's so funny--I just converged on this "solution" as well--the only problem is now all users need to have access to an account with local admin privileges. In my case I just needed to join a domain remotely--so not too bad, but not sustainable going forward. That was a really useful check box.
Mike Stephens from the Group Policy Team Blog explains how to get "Log on using dial-up connections"
I have a question,
I want to dial into my Vista desktop from an XP box.
This setup is easy with XP but despite the many pages on dial, dialup, area codes, xdsl, broadband etc in my Vista administrators book, there is nothing about a modem connected to my Vista which I can use for dial in... in fact I can't find any info on a dial in connection for Vista.
I do admit I have only been looking for part of 24 hours
Any help would be good..