Category Archives: Group Policy – GPO

Group policy related

Make sure that Group Policies can be updated over VPN

To make sure* that GPO´s are updated even for users that are connected over VPN you can disable the “Group Policy slow link detection”

GPO settings

In “User Configuration / Administrative Templates / System / Group Policy” **

open up the “Group Policy slow link detection”,

enable it and set the “Connections speed” to 0 (null). This  disables the slow link detection.

* For some GPO settings to update on a computer or a user (depending on what type of settings are used) the connection to the domain controller must be established before the computer boots or before the user are logged on to the computer.

** If the settings are Computer based then edit the  “Computer Configuration / Administrative Templates / System / Group Policy”, “Group Policy slow link detection”.

Outlook Anywhere settings from GPO

If you want to make sure all of your employees (ok, maybe not yours but you get it) have the right settings in their Outlook profile so that they can always use the mail client even when they are outside of the office, you should push these settings from a GPO.

Download Template

Download this file http://download.microsoft.com/download/F/B/C/FBC43645-89EA-4FB4-828C-DFE27C360233/article-961112.adm

Save the file temporary to your desktop or directly to %WinDir%inf

Set up the GPO

Open the GPMC and create a new group policy with an easy to understand name like “Outlook 2007 Anywhere”

Edit the GPO

Add the template to the “Outlook 2007 Anywhere” GPO

  1. Right click on “Administrative Templates” under User Configuration and chose “Add/remove Templates” from the drop down menu.
  2. Click “Add”

    and select the file named “article-961112.adm” (if you saved the file to the desktop just drag it in to this window) and Click “Open”
  3. Now that the template is added click “Close”

Configure the Outlook Anywhere template

Now open the added template and change the configuration to meet your needs.

  1. RPC/HTTP Connection Flags
    Enable the setting and pick the flags you need
    Flag1: Enables the ‘Connect to Microsoft Exchange using HTTP checkbox’ on the Connection tab.
    Flag2: Enables the ‘Connect using SSL only’ checkbox
    Flag3: Enables the ‘Only connect to proxy servers that have this principal name in their certificate’ checkbox
    Flag4: Enables the ‘On fast networks, connect using HTTP first, then connect using TCP/IP’ checkbox
    Flag5: is not implemented as an option in Outlook 2007 so it is not included in any policy settings.
    Flag6: Enables the ‘On slow networks, connect using HTTP first, then connect using TCP/IP’ checkbox
  2. Proxy Server Name
    Enable the setting and specify the server name, this should be your DNS MX record.
  3. Only connect if Proxy Server certificate has principal name
    Enable the setting and enter your certificates common name, if you have a wildcard certificate it will look like on the image but if you have a single server certificate it is probably the same as the DNS MX record.
  4. Proxy authentication setting
    Enable the setting and choose authentication type. This should be set to “NTLM authentiction”.

Now all you have to do is to link the GPO to the domain and wait for the replication and policy update times.
If you have users that are connected to the domain via VPN make sure that the GPO “Slow link detection” is configured to your meet needs.