Sign in with
Sign up | Sign in
Your question

laptops connect at work but not at home?

Last response: in Windows 2000/NT
Share
Anonymous
a b D Laptop
July 29, 2005 7:23:01 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Firstly, I also posted this into the Broadband Networking and Group Policy
forums, as it might apply there too. The summary is that users' WinXP Pro
laptops work fine on our office network but not at home, whether they're
using dial-up or broadband.

Now here are the details: Initially these laptops belonged to an OU on our
W2K domain with other office PCs (which have static IPs) and the laptops
(using DHCP) were used successfully at their homes. Then I specified 2
internal DNS servers in the OU's GPO, and that's about when the laptops
started failing to connect at home. Cable-modem users were actually able to
ping IP addresses on the Internet, but not FQDNs. Convinced then it was
strictly a DNS issue, I removed the DNS servers from the laptops' Registries
(NameServer key under HKLM\software\policies\microsoft\WindowsNT\DNSclient)
and seemed to work on one laptop but, strangely, not the rest! So then I
moved these laptops into their own OU without any DNS servers set (since they
get DNS server settings via DHCP anyway), refreshed policy on DC and laptops,
but still didnt work! Now the cable-modem users can't even ping IP
addresses. I even removed one laptop from the OU altogether, refreshed, and
still doesnt work! Meanwhile, connectivity at work remains intact...

Other pertitent info: Users log into their laptops at home using the same
profile as at work (DC info apparently cached), but even logging in as
another profile (a local one) didnt work. Running ipconfig /all in either
profile shows FQDN still as 'computername.domainname.com', but as said
before, it worked at home like this before the GPO edit.

Thanks in advance.
Anonymous
a b D Laptop
July 30, 2005 2:40:00 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:5EB8F4DB-EF49-4E7F-A700-B0B7E9D606C6@microsoft.com,
mikeindo <mikeindo@discussions.microsoft.com> posted this:
> Firstly, I also posted this into the Broadband Networking and Group
> Policy forums, as it might apply there too. The summary is that
> users' WinXP Pro laptops work fine on our office network but not at
> home, whether they're using dial-up or broadband.
>
> Now here are the details: Initially these laptops belonged to an OU
> on our W2K domain with other office PCs (which have static IPs) and
> the laptops (using DHCP) were used successfully at their homes. Then
> I specified 2 internal DNS servers in the OU's GPO, and that's about
> when the laptops started failing to connect at home. Cable-modem
> users were actually able to ping IP addresses on the Internet, but
> not FQDNs. Convinced then it was strictly a DNS issue, I removed the
> DNS servers from the laptops' Registries (NameServer key under
> HKLM\software\policies\microsoft\WindowsNT\DNSclient) and seemed to
> work on one laptop but, strangely, not the rest! So then I moved
> these laptops into their own OU without any DNS servers set (since
> they get DNS server settings via DHCP anyway), refreshed policy on DC
> and laptops, but still didnt work! Now the cable-modem users can't
> even ping IP addresses. I even removed one laptop from the OU
> altogether, refreshed, and still doesnt work! Meanwhile,
> connectivity at work remains intact...
>
> Other pertitent info: Users log into their laptops at home using the
> same profile as at work (DC info apparently cached), but even logging
> in as another profile (a local one) didnt work. Running ipconfig
> /all in either profile shows FQDN still as
> 'computername.domainname.com', but as said before, it worked at home
> like this before the GPO edit.

In Help and support, Tools, Advanced system information, there is a tool for
checking applied policies.
Carefully look through the policy report for any entry that can cause this.



--?
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
a b D Laptop
July 30, 2005 2:40:01 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks, but if it's anything like what the gpresult tool does, then I've
already covered that base too. I ran it after I removed the laptop from the
OU altogether and saw that only the default domain policy was still applied
(as it was supposed to) which only includes info about password requirements.
What else might it be...?
Related resources
Anonymous
a b D Laptop
July 30, 2005 2:25:18 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:8108552A-3D6E-4946-8A3B-54EFE2232838@microsoft.com,
mikeindo <mikeindo@discussions.microsoft.com> posted this:
> Thanks, but if it's anything like what the gpresult tool does, then
> I've already covered that base too. I ran it after I removed the
> laptop from the OU altogether and saw that only the default domain
> policy was still applied (as it was supposed to) which only includes
> info about password requirements. What else might it be...?

After re-reading the original post to see if I missed anything in it, you
state user cannot ping IP addresses. Is there a manually configured Gateway?


--?
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
a b D Laptop
July 31, 2005 12:16:04 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

No.
Anonymous
a b D Laptop
August 1, 2005 5:06:56 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:FD0E30FB-DEBF-45DB-B6B3-313C8A60982E@microsoft.com,
mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
commented about below:
> No.

FYI, sometimes with GPO settings, you need to "disable" a setting to undo it
rather than just set them to 'not configured'. Not saying that this is the
case, but if you remember NT40 Sytem Policies, that was the only way to
'undo' them.

Also, what I've found with XP machines, a Computer Configuration GPO setting
will only work if the computer is in that specific GPO, even if you set the
Computer Configuration section for a specific user account. What I've did to
correct this is to put the XP machines into a sub-OU under the OU with the
GPO to get it to work. This is only for XP. Windows 2000 will accept the
Computer Configuration Policy if it's in the OU or not when set on GPO for a
user account.

Have you used the GPMC to run an RSOP or even a Modeling report? You would
need a Win2003 DC to run that tool.

One more thing, I am assuming you're saying the users cannot ping by IP or
FQDN when the users are using their laptops at home, they are directly
connected to their own network, e.g. Linksys router or directly on the cable
modem. How about whey they VPN into the corporate network, does it work for
them then?

Is there a Proxy or ISA setting on the laptops?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
Anonymous
a b D Laptop
August 1, 2005 5:06:57 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

i'll try to disable the DNS-related settings in the GPO and see what happens.
Even though the DNS Servers setting's explanation says, "If this setting is
not configured, it is not applied to any computers, and computers use their
local or DHCP-configured parameters."?

We were running W2K Server and ran into problems using GPMC from my XP box
so I abandoned its use. But now that server runs W2K3, so should be ok now I
think. So I'll try to run an RSOP and/or modeling report.

> What I've did to correct this is to put the XP machines into a sub-OU under the OU with the GPO to get it to work.

I suppose I could try this too.

You're right, they cannot ping from home, behind a Linksys router or
directly connected to cable modem. But they don't VPN in, so we can't test
that. There is no proxy or ISA in place.

To add to the mystery, one of the laptops that I've been messing with
concerning this issue has all of a sudden started working at home! Over the
weekend, the owner told me this - this was two days after I would have
changed anything. Is there a chance it was simply like a delayed applying of
settings? The owner said she'd only rebooted, but we'd been doing that along
the way already. Not to say this issue is totally resolved - there is at
least one laptop out there that cannot connect to the Internet when outside
this office, last I heard...
Anonymous
a b D Laptop
August 1, 2005 8:16:01 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:56BFC801-BC06-4A19-86FD-7CE9BB62102B@microsoft.com,
mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
commented about below:
> i'll try to disable the DNS-related settings in the GPO and see what
> happens. Even though the DNS Servers setting's explanation says, "If
> this setting is not configured, it is not applied to any computers,
> and computers use their local or DHCP-configured parameters."?

I've seen this in the past. It doesn't apply to XP and GPOs, but I just
thought to bring that across. I;ve seen it during a migration where a an XP
machine joined to the NT4 domain exhibited this behavior after the NT4
upgrade. What I had to do is set the NT4 style System Polices back to
disabled. Once I confirmed that, I then removed the System Policy and
proceeded to use GPOs.


> We were running W2K Server and ran into problems using GPMC from my
> XP box so I abandoned its use. But now that server runs W2K3, so
> should be ok now I think. So I'll try to run an RSOP and/or modeling
> report.

Ok, sounds good.


>> What I've did to correct this is to put the XP machines into a
>> sub-OU under the OU with the GPO to get it to work.
>
> I suppose I could try this too.
>
> You're right, they cannot ping from home, behind a Linksys router or
> directly connected to cable modem. But they don't VPN in, so we
> can't test that. There is no proxy or ISA in place.
>
> To add to the mystery, one of the laptops that I've been messing with
> concerning this issue has all of a sudden started working at home!
> Over the weekend, the owner told me this - this was two days after I
> would have changed anything. Is there a chance it was simply like a
> delayed applying of settings? The owner said she'd only rebooted,
> but we'd been doing that along the way already. Not to say this
> issue is totally resolved - there is at least one laptop out there
> that cannot connect to the Internet when outside this office, last I
> heard...

Can I assume the users at home performed an ipconfig /release and then
followed by a /renew? Did you have them confirm their ipconfig settings when
you were helping them tech support this?

Ace
Anonymous
a b D Laptop
August 1, 2005 8:16:02 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

> Can I assume the users at home performed an ipconfig /release and then
> followed by a /renew? Did you have them confirm their ipconfig settings when
> you were helping them tech support this?

yes we did all that. when we first started troubleshooting this, they could
ping Internet IP addreesses but no FQDNs, and were getting IP address from
ISP. later, when they couldnt ping anything at all, they werent getting one.
Anonymous
a b D Laptop
August 2, 2005 3:45:21 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:0D541A7A-C93C-4432-BD37-D28BEAC9D683@microsoft.com,
mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
commented about below:
>> Can I assume the users at home performed an ipconfig /release and
>> then followed by a /renew? Did you have them confirm their ipconfig
>> settings when you were helping them tech support this?
>
> yes we did all that. when we first started troubleshooting this,
> they could ping Internet IP addreesses but no FQDNs, and were getting
> IP address from ISP. later, when they couldnt ping anything at all,
> they werent getting one.

If they weren't getting an IP, then I can understand why they can't ping
anything.

Is there a personal firewall (Zone Alarm) or anything else similar to that
installed?

Are the DNS addresses on the clients hardcoded to your internal DNS but the
IP is set to 'obtain automatically'?

Ace
Anonymous
a b D Laptop
August 2, 2005 10:16:05 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

> Is there a personal firewall (Zone Alarm) or anything else similar to that
> installed?

no firewall. even turned off XP firewall.

> Are the DNS addresses on the clients hardcoded to your internal DNS but the
> IP is set to 'obtain automatically'?

If I understand your question right, that's what appears to have caused this
whole mess. Yes, they're set to obtain automatically (both at work and at
home), but the office network's internal DNS servers are there in the
Registry when they're at home (I had them look it up). Clearing them out
seems to work sporadically. I mean, it worked for the first laptop on which
we first discovered this problem. But the second laptop didn't behave the
same way (it's the one I described above that unexpectedly just started
working last weekend). Now a third laptop has exhibited the same issue.
I've told him to ipconfig /release, /renew, and /flushdns, also he cleared
out the DNS servers from HKLM\Software\Policies\Microsoft\WindowsNT\DNSclient
and rebooted, and he even gets an IP address from the wireless hotspot he's
trying to connect to, but still cannot pull up web pages. He also cant seem
to ping Internet IP addresses even though his laptop gets that IP address -
weird.

Or maybe I dont understand your question: 'hardcoded to the internal DNS'?
Anonymous
a b D Laptop
August 2, 2005 3:30:40 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:373A73B2-A938-4BB4-B12F-BC7C7AB62B9C@microsoft.com,
mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
commented about below:
>> Is there a personal firewall (Zone Alarm) or anything else similar
>> to that installed?
>
> no firewall. even turned off XP firewall.
>
>> Are the DNS addresses on the clients hardcoded to your internal DNS
>> but the IP is set to 'obtain automatically'?
>
> If I understand your question right, that's what appears to have
> caused this whole mess. Yes, they're set to obtain automatically
> (both at work and at home), but the office network's internal DNS
> servers are there in the Registry when they're at home (I had them
> look it up). Clearing them out seems to work sporadically. I mean,
> it worked for the first laptop on which we first discovered this
> problem. But the second laptop didn't behave the same way (it's the
> one I described above that unexpectedly just started working last
> weekend). Now a third laptop has exhibited the same issue. I've told
> him to ipconfig /release, /renew, and /flushdns, also he cleared out
> the DNS servers from
> HKLM\Software\Policies\Microsoft\WindowsNT\DNSclient and rebooted,
> and he even gets an IP address from the wireless hotspot he's trying
> to connect to, but still cannot pull up web pages. He also cant seem
> to ping Internet IP addresses even though his laptop gets that IP
> address - weird.
>
> Or maybe I dont understand your question: 'hardcoded to the internal
> DNS'?

In IP properties, you can select to either obtain automatically or set it
statically. You can even set the DNS addresses statically, but obtain an IP
address automatically. Check out the IP properties and you'll see what I
mean.

I assume no spyware or viruses such as the QHOSTS that compromises the Hosts
file.

Honestly I've never seen these sort of problems with connectivity. I work
with one of my clients of about 150+ users and half of them have laptops and
travel around and they have no problems whatsoever whether they are in a
hotel, airport, a Starbucks or at home on their wireless.

It uis obviously something common since it is happening to all your laptops.
If you brought a new laptop in that never had the GPO settings, does it work
anywhere it goes?

Ace
Anonymous
a b D Laptop
August 2, 2005 4:21:04 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

"In IP properties, you can select to either obtain automatically"...

Ok, setting static TCP/IP info. I thought you meant something else by
"hardcoding." Yes, again, they're set to obtain automatically.

Right, no viruses/spyware. Scanned with locally installed AV and online AV
scanners.

> about 150+ users and half of them have laptops and have no problems whatsoever

yeah, neither did we until I set up this GPO and included the laptops in it!

> If you brought a new laptop in that never had the GPO settings, does it work

well, not sure. we dont have a new laptop that was just purchased to use
for a test. it probably would though cuz the laptops' GPO now doesnt include
DNS settings.
Anonymous
a b D Laptop
August 3, 2005 3:38:33 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:CF669723-C934-4E1A-B5C2-78662B204B8B@microsoft.com,
mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
commented about below:
> "In IP properties, you can select to either obtain automatically"...
>
> Ok, setting static TCP/IP info. I thought you meant something else by
> "hardcoding." Yes, again, they're set to obtain automatically.
>
> Right, no viruses/spyware. Scanned with locally installed AV and
> online AV scanners.
>
>> about 150+ users and half of them have laptops and have no problems
>> whatsoever
>
> yeah, neither did we until I set up this GPO and included the laptops
> in it!
>
>> If you brought a new laptop in that never had the GPO settings,
>> does it work
>
> well, not sure. we dont have a new laptop that was just purchased to
> use for a test. it probably would though cuz the laptops' GPO now
> doesnt include DNS settings.

So it all points back to the GPO. Let's backtrack a sec. Did you ever get a
chance to run a Resulting Policy report thru GPMC on one of the affected
laptops or a user account?

Was this a GPO you created or did you alter the Default Domain Policy? If
not the default, did you completely remove the GPO and allow the user to
logon and then logoff and then go home and try it again?

Was anything else altered thru the reg such as the MTU settings? That can
affect communication. Any other software installed on these laptops that
affect network settings, such as WinPoet or anything else?

Originally you said you posted this in the GPO newsgroup. I was looking for
it in win2000.group_policy group but couldn't find your name. I was curious
what those guys had to offer.

If you re-ran Windows setup on one of the laptops, in effect resetting the
system (it will keep the users' profiles, apps and other settings intact),
and then put the computer into another OU without that GPO, does it work? I
know this is alot of work, but I'm trying to pinpoint where the issue is.

Also, maybe disjoining one of them, allow the user to take it home and try
it, then when they return, re-join it but put it in a different OU.

Ace
Anonymous
a b D Laptop
August 3, 2005 4:56:14 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Ok, just ran GPMC's Group Policy Results wizard on one of the laptops that
hasnt even been connected at home yet. The only DNS-related thing (which I
did set) was Dynamic Update set as enabled. Its status has not proven to
have any effect on all this.
Anonymous
a b D Laptop
August 3, 2005 5:11:05 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

What's especially weird about all this is that I can't seem to force the
changes in the Registry. I search for all instances of the internal DNS
servers in the Registry and wipe them out and reboot but still nothing. One
guy is now in Germany for the month and hoped to get online while there but
can't. So, he can't just bring his laptop back in to log in or let new
policies apply or anything. I've emailed him all these TCP/IP and
Registry-editing instructions above but none have worked (he's using a hotel
PC to get email). Apparently there's either something I'm missing in the
Regsitry or something else...
Anonymous
a b D Laptop
August 3, 2005 9:03:58 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:A23B1DFC-D40D-419A-8B9A-ACAFD7CBDCD3@microsoft.com,
mikeindo <mikeindo@discussions.microsoft.com> posted this:
> What's especially weird about all this is that I can't seem to force
> the changes in the Registry. I search for all instances of the
> internal DNS servers in the Registry and wipe them out and reboot but
> still nothing. One guy is now in Germany for the month and hoped to
> get online while there but can't. So, he can't just bring his laptop
> back in to log in or let new policies apply or anything. I've
> emailed him all these TCP/IP and Registry-editing instructions above
> but none have worked (he's using a hotel PC to get email).
> Apparently there's either something I'm missing in the Regsitry or
> something else...

You may have a Winsock problem, install the Windows XP support tools from
the XP CD and run netdiag /v to check the Winsock test.

--?
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
a b D Laptop
August 3, 2005 9:03:59 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

> Just yank it at this point!

gettin' close to doin' that...

> Let me know what you find with the GPMC report.

did you see my post?

> You may have a Winsock problem, install the Windows XP support tools from
> the XP CD and run netdiag /v to check the Winsock test.

i will.
Anonymous
a b D Laptop
August 4, 2005 4:09:22 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:120702C9-3F82-45CE-85DC-5F3A79ACF9A0@microsoft.com,
mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
commented about below:
> Ok, just ran GPMC's Group Policy Results wizard on one of the laptops
> that hasnt even been connected at home yet. The only DNS-related
> thing (which I did set) was Dynamic Update set as enabled. Its
> status has not proven to have any effect on all this.

That's it? Just remove the link and completely delete the GPO and recreate a
new one from scratch for whatever other settings you are controlling. I
wouldn't even know why you are controlling DNS behavior with GPOs since that
is default with client PCs anyway, that is newer than Win2000. Any
compelling reason to control this behavior with a GPO?

Ace
Anonymous
a b D Laptop
August 4, 2005 10:10:06 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

> That's it? Just remove the link and completely delete the GPO and recreate a
> new one from scratch for whatever other settings you are controlling. I
> wouldn't even know why you are controlling DNS behavior with GPOs since that
> is default with client PCs anyway, that is newer than Win2000. Any
> compelling reason to control this behavior with a GPO?

no reason. didnt know the clients did that - maybe shoulda guessed though.
i'll remove that setting too. sure, i could wipe the GPO out and start
fresh. of course, i wont know if it works until someone either brings in
their laptop or takes it home (one that hasnt been fixed of course)!

btw, i've tried to copy one GPO to another OU and rename it, but then the
original gets renamed too. it'd be nice to copy over one of the other GPOs,
rename it, and remove the DNS-related stuff. how do i do that?
Anonymous
a b D Laptop
August 4, 2005 6:12:50 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

mikeindo wrote:

> btw, i've tried to copy one GPO to another OU and rename it, but then
> the original gets renamed too. it'd be nice to copy over one of the
> other GPOs, rename it, and remove the DNS-related stuff. how do i do
> that?

You can't do this, in the console when you see the list of GPOs? These are
just links the actual GPO has a very long globally unique identifier and are
in the \\DNSADDomain\SYSVOL\DNSADDomain\policies DFS share. Do not modify
these unless you know exactly what you are doing.
You can have the same GPO linked to several different OUs.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
a b D Laptop
August 4, 2005 6:12:51 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

> You can't do this,

ah.

ok, shifting focus slightly, we have another GPO that does contain internal
DNS server settings for an OU containing desktop workstations at our office.
so theyre not going anywhere, like the laptops do! anyway, they dont seem to
take on the internal DNS servers in TCP/IP properties as they should. seems
that it should be grayed-out with those DNS servers set, but it's not. you
can click in 'em and change, which is not the goal. ipconfig /all displays
'incorrect' info (the same what's set in TCP/IP Properties), but the
'correct' info are in the same same Registry keys that the laptops had:
HKLM\software\policies\microsoft\windowsNT\DNSclient. these PCs of course
have static TCP/IP info and most are used by local Admins. to explain it
another way, i'd like the GPO to set static DNS servers and the static IP
addresses to be set locally. is that possible? or would it just be worth my
while/time to reset the DNS settings manually on each PC?
Anonymous
a b D Laptop
August 4, 2005 8:53:53 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:A8DB575C-57BA-4CFD-8328-9EA0506472D9@microsoft.com,
mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
commented about below:
> no reason. didnt know the clients did that - maybe shoulda guessed
> though. i'll remove that setting too. sure, i could wipe the GPO out
> and start fresh. of course, i wont know if it works until someone
> either brings in their laptop or takes it home (one that hasnt been
> fixed of course)!
>
> btw, i've tried to copy one GPO to another OU and rename it, but then
> the original gets renamed too. it'd be nice to copy over one of the
> other GPOs, rename it, and remove the DNS-related stuff. how do i do
> that?

Just as Kevin said, they are just links to the GPO itself. If you look
further down in the GPMC, you will see a container called Group Policy
Objects. These are all the GPOs created in the domain. If you delete one
from an OU, it just removes the link. That is why when you rename a link, it
renames the actual GPO. Just delete the actual GPO under that container and
create a new one.

As for default dynamic update behavior, here are some links to read up on:

816592 - HOW TO Configure DNS Dynamic Update in Windows 2003:
http://support.microsoft.com/?id=816592

317590 - HOW TO Configure DNS Dynamic Update in Windows 2000, [How it
relates to Pri DNS Suffix and Append parent Suffix. Also DNSUpdateProxy
Group]:
http://support.microsoft.com/?id=317590

Basically, as long as the client is newer than Win2000, the Primary DNS
Suffix, or any of your suffixes are set to the zone to update into, and the
DNS addresses on the clients IP properties are set ONLY to the internal DNS
servers hosting the AD zone name or have a reference to the SOA of the zone,
will it work. Also when DHCP is used, it will be based on the above default
behavior. You can also force DHCP to upate for your clients, especially for
legacy and non-Windows clients. No need to control this thru GPOs, which
just complicates things (as you've seen).

Ace
Anonymous
a b D Laptop
August 4, 2005 9:13:10 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:1E91B6D2-F3C2-47FE-969E-99818FCB30EE@microsoft.com,
mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
commented about below:
>> You can't do this,
>
> ah.
>
> ok, shifting focus slightly, we have another GPO that does contain
> internal DNS server settings for an OU containing desktop
> workstations at our office. so theyre not going anywhere, like the
> laptops do! anyway, they dont seem to take on the internal DNS
> servers in TCP/IP properties as they should. seems that it should be
> grayed-out with those DNS servers set, but it's not. you can click
> in 'em and change, which is not the goal. ipconfig /all displays
> 'incorrect' info (the same what's set in TCP/IP Properties), but the
> 'correct' info are in the same same Registry keys that the laptops
> had: HKLM\software\policies\microsoft\windowsNT\DNSclient. these PCs
> of course have static TCP/IP info and most are used by local Admins.
> to explain it another way, i'd like the GPO to set static DNS servers
> and the static IP addresses to be set locally. is that possible? or
> would it just be worth my while/time to reset the DNS settings
> manually on each PC?

Dude, you are complicating things for yourself. DHCP is a wonderful tool and
works hand in hand with dynamic updates using Option 081 (under DHCP
properties, DNS tab). Keeping users as just Domain Users will also keep them
from changing settings. Read my other post about dynamic updates.

Ace
Anonymous
a b D Laptop
August 5, 2005 1:13:40 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

mikeindo wrote:
>> You can't do this,
>
> ah.
>
> ok, shifting focus slightly, we have another GPO that does contain
> internal DNS server settings for an OU containing desktop
> workstations at our office. so theyre not going anywhere, like the
> laptops do! anyway, they dont seem to take on the internal DNS
> servers in TCP/IP properties as they should. seems that it should be
> grayed-out with those DNS servers set, but it's not. you can click
> in 'em and change, which is not the goal. ipconfig /all displays
> 'incorrect' info (the same what's set in TCP/IP Properties), but the
> 'correct' info are in the same same Registry keys that the laptops
> had: HKLM\software\policies\microsoft\windowsNT\DNSclient. these PCs
> of course have static TCP/IP info and most are used by local Admins.
> to explain it another way, i'd like the GPO to set static DNS servers
> and the static IP addresses to be set locally. is that possible? or
> would it just be worth my while/time to reset the DNS settings
> manually on each PC?

With Dynamic DNS registration there is little need for a static IP address
in AD except for DNS, DHCP, SMTP or POP3 servers. DCs don't even need a
static IP unless they host one of those services. As for as that goes, DHCP
can assign a static IP based on a MAC address.

As for users changing the DNS servers in TCP/IP properties, users should not
be local administrators either. For the Applications that require
Administrative rights you should use the run as feature. Using the run as
feature allows the application to run under an Administrator account, while
not exposing the machine to things like viruses and worms, which use the
logged on user account for the damage they do. This is the way I set up my
kid's computers and believe me it has sure saved me some major headaches.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
a b D Laptop
August 5, 2005 4:20:03 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

thanks for all your help. when some of these laptops either come in or go
out, we'll all what happens. in the meantime, i'm removing all DNS-related
stuff from GPOs and setting stuff manually as needed from the PCs themselves.
not TOO many, so not a big deal.
Anonymous
a b D Laptop
August 6, 2005 4:09:20 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:D AA515FC-B110-4039-B388-1EB139564330@microsoft.com,
mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
commented about below:
> thanks for all your help. when some of these laptops either come in
> or go out, we'll all what happens. in the meantime, i'm removing all
> DNS-related stuff from GPOs and setting stuff manually as needed from
> the PCs themselves. not TOO many, so not a big deal.

Why not use DHCP?

Ace
Anonymous
a b D Laptop
August 6, 2005 4:09:21 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

> Why not use DHCP?

ah, yes. well, i wanted to set as many as static IP as i could for
tracking, monitoring, some administrative tasks. and i know i could just
reserve specific IP addresses for specific PCs in Windows' DHCP server
service. however, and maybe i shouldve mentioned this before but didnt think
it mattered here, i'm not using a Windows-based server as the DHCP server.
i'm using a firewall appliance that has a DHCP server feature. but i might
consider it soon!
Anonymous
a b D Laptop
August 6, 2005 1:08:01 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:A5692FE6-511E-4330-B5B0-A45296CF11C8@microsoft.com,
mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
commented about below:
>> Why not use DHCP?
>
> ah, yes. well, i wanted to set as many as static IP as i could for
> tracking, monitoring, some administrative tasks. and i know i could
> just reserve specific IP addresses for specific PCs in Windows' DHCP
> server service. however, and maybe i shouldve mentioned this before
> but didnt think it mattered here, i'm not using a Windows-based
> server as the DHCP server. i'm using a firewall appliance that has a
> DHCP server feature. but i might consider it soon!

I see. Windows DHCP works hand in hand with dynamic registration by the way.
The firewall appliance probably doesn't support Option 081, hence probably
why you were having problems with dynamic registration? Or at least it may
have been contributing to it. We usually recommend getting away from a
firewall's DHCP service because of this lack of functionality.

Ace
!