cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

1222
Views
0
Helpful
0
Replies
Highlighted
Beginner

NAC OOB – Network Drive mapping w/GPO

Problem:

We’re facing issues with mapping network drives on our client pc’s (Windows-XP & Win-7). We’re mapping the drives with windows Group-Policy’s (GPO’s), this only works while the pc is in the login-phase – hence a gpupdate /force after login will not map the drives, nor the NAM setting under /clean-access/general setup/agent login/”Refresh Windows domain group policy after login” which executes the same command.

The untrusted net is not closed down completely yet, this gives us issues with our GPO, cause sometimes it gets the network drives mapped on the client, at other times (because of the ip change from untrusted to trusted vlan), which breaks the drive mapping.

Is there a way to introduce some kind of "delay" (I know this is possible if using traditional login-scripts), so we can control that the gpo first runs after the client pc has changed to the trusted vlan or maybe some Microsoft setting which will be able to get the drive mapping occur when forcing a gpupdate /force, which the NAC system can enforce after login.. ??

The map of network drive with GPO works fine, as long as there network connectivity from the untrusted net to the file-shares, but we want to close all down except AD validation.

Please advise, how this problem should be adressed..

NAC Setup:

NAC version 4.8.1 OOB L2 (&L3) with ip change.

Client PC's:

Windows 7 with UAC enabled and local admin rights.