laptops connect at work but not at home?

Archived from groups: microsoft.public.win2000.dns (More info?)

Firstly, I also posted this into the Broadband Networking and Group Policy
forums, as it might apply there too. The summary is that users' WinXP Pro
laptops work fine on our office network but not at home, whether they're
using dial-up or broadband.

Now here are the details: Initially these laptops belonged to an OU on our
W2K domain with other office PCs (which have static IPs) and the laptops
(using DHCP) were used successfully at their homes. Then I specified 2
internal DNS servers in the OU's GPO, and that's about when the laptops
started failing to connect at home. Cable-modem users were actually able to
ping IP addresses on the Internet, but not FQDNs. Convinced then it was
strictly a DNS issue, I removed the DNS servers from the laptops' Registries
(NameServer key under HKLM\software\policies\microsoft\WindowsNT\DNSclient)
and seemed to work on one laptop but, strangely, not the rest! So then I
moved these laptops into their own OU without any DNS servers set (since they
get DNS server settings via DHCP anyway), refreshed policy on DC and laptops,
but still didnt work! Now the cable-modem users can't even ping IP
addresses. I even removed one laptop from the OU altogether, refreshed, and
still doesnt work! Meanwhile, connectivity at work remains intact...

Other pertitent info: Users log into their laptops at home using the same
profile as at work (DC info apparently cached), but even logging in as
another profile (a local one) didnt work. Running ipconfig /all in either
profile shows FQDN still as 'computername.domainname.com', but as said
before, it worked at home like this before the GPO edit.

Thanks in advance.
28 answers Last reply
More about laptops connect work home
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:5EB8F4DB-EF49-4E7F-A700-B0B7E9D606C6@microsoft.com,
    mikeindo <mikeindo@discussions.microsoft.com> posted this:
    > Firstly, I also posted this into the Broadband Networking and Group
    > Policy forums, as it might apply there too. The summary is that
    > users' WinXP Pro laptops work fine on our office network but not at
    > home, whether they're using dial-up or broadband.
    >
    > Now here are the details: Initially these laptops belonged to an OU
    > on our W2K domain with other office PCs (which have static IPs) and
    > the laptops (using DHCP) were used successfully at their homes. Then
    > I specified 2 internal DNS servers in the OU's GPO, and that's about
    > when the laptops started failing to connect at home. Cable-modem
    > users were actually able to ping IP addresses on the Internet, but
    > not FQDNs. Convinced then it was strictly a DNS issue, I removed the
    > DNS servers from the laptops' Registries (NameServer key under
    > HKLM\software\policies\microsoft\WindowsNT\DNSclient) and seemed to
    > work on one laptop but, strangely, not the rest! So then I moved
    > these laptops into their own OU without any DNS servers set (since
    > they get DNS server settings via DHCP anyway), refreshed policy on DC
    > and laptops, but still didnt work! Now the cable-modem users can't
    > even ping IP addresses. I even removed one laptop from the OU
    > altogether, refreshed, and still doesnt work! Meanwhile,
    > connectivity at work remains intact...
    >
    > Other pertitent info: Users log into their laptops at home using the
    > same profile as at work (DC info apparently cached), but even logging
    > in as another profile (a local one) didnt work. Running ipconfig
    > /all in either profile shows FQDN still as
    > 'computername.domainname.com', but as said before, it worked at home
    > like this before the GPO edit.

    In Help and support, Tools, Advanced system information, there is a tool for
    checking applied policies.
    Carefully look through the policy report for any entry that can cause this.


    --?
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    Thanks, but if it's anything like what the gpresult tool does, then I've
    already covered that base too. I ran it after I removed the laptop from the
    OU altogether and saw that only the default domain policy was still applied
    (as it was supposed to) which only includes info about password requirements.
    What else might it be...?
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:8108552A-3D6E-4946-8A3B-54EFE2232838@microsoft.com,
    mikeindo <mikeindo@discussions.microsoft.com> posted this:
    > Thanks, but if it's anything like what the gpresult tool does, then
    > I've already covered that base too. I ran it after I removed the
    > laptop from the OU altogether and saw that only the default domain
    > policy was still applied (as it was supposed to) which only includes
    > info about password requirements. What else might it be...?

    After re-reading the original post to see if I missed anything in it, you
    state user cannot ping IP addresses. Is there a manually configured Gateway?


    --?
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    No.
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:FD0E30FB-DEBF-45DB-B6B3-313C8A60982E@microsoft.com,
    mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
    commented about below:
    > No.

    FYI, sometimes with GPO settings, you need to "disable" a setting to undo it
    rather than just set them to 'not configured'. Not saying that this is the
    case, but if you remember NT40 Sytem Policies, that was the only way to
    'undo' them.

    Also, what I've found with XP machines, a Computer Configuration GPO setting
    will only work if the computer is in that specific GPO, even if you set the
    Computer Configuration section for a specific user account. What I've did to
    correct this is to put the XP machines into a sub-OU under the OU with the
    GPO to get it to work. This is only for XP. Windows 2000 will accept the
    Computer Configuration Policy if it's in the OU or not when set on GPO for a
    user account.

    Have you used the GPMC to run an RSOP or even a Modeling report? You would
    need a Win2003 DC to run that tool.

    One more thing, I am assuming you're saying the users cannot ping by IP or
    FQDN when the users are using their laptops at home, they are directly
    connected to their own network, e.g. Linksys router or directly on the cable
    modem. How about whey they VPN into the corporate network, does it work for
    them then?

    Is there a Proxy or ISA setting on the laptops?

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services
    Infinite Diversities in Infinite Combinations.
    =================================
  6. Archived from groups: microsoft.public.win2000.dns (More info?)

    i'll try to disable the DNS-related settings in the GPO and see what happens.
    Even though the DNS Servers setting's explanation says, "If this setting is
    not configured, it is not applied to any computers, and computers use their
    local or DHCP-configured parameters."?

    We were running W2K Server and ran into problems using GPMC from my XP box
    so I abandoned its use. But now that server runs W2K3, so should be ok now I
    think. So I'll try to run an RSOP and/or modeling report.

    > What I've did to correct this is to put the XP machines into a sub-OU under the OU with the GPO to get it to work.

    I suppose I could try this too.

    You're right, they cannot ping from home, behind a Linksys router or
    directly connected to cable modem. But they don't VPN in, so we can't test
    that. There is no proxy or ISA in place.

    To add to the mystery, one of the laptops that I've been messing with
    concerning this issue has all of a sudden started working at home! Over the
    weekend, the owner told me this - this was two days after I would have
    changed anything. Is there a chance it was simply like a delayed applying of
    settings? The owner said she'd only rebooted, but we'd been doing that along
    the way already. Not to say this issue is totally resolved - there is at
    least one laptop out there that cannot connect to the Internet when outside
    this office, last I heard...
  7. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:56BFC801-BC06-4A19-86FD-7CE9BB62102B@microsoft.com,
    mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
    commented about below:
    > i'll try to disable the DNS-related settings in the GPO and see what
    > happens. Even though the DNS Servers setting's explanation says, "If
    > this setting is not configured, it is not applied to any computers,
    > and computers use their local or DHCP-configured parameters."?

    I've seen this in the past. It doesn't apply to XP and GPOs, but I just
    thought to bring that across. I;ve seen it during a migration where a an XP
    machine joined to the NT4 domain exhibited this behavior after the NT4
    upgrade. What I had to do is set the NT4 style System Polices back to
    disabled. Once I confirmed that, I then removed the System Policy and
    proceeded to use GPOs.


    > We were running W2K Server and ran into problems using GPMC from my
    > XP box so I abandoned its use. But now that server runs W2K3, so
    > should be ok now I think. So I'll try to run an RSOP and/or modeling
    > report.

    Ok, sounds good.


    >> What I've did to correct this is to put the XP machines into a
    >> sub-OU under the OU with the GPO to get it to work.
    >
    > I suppose I could try this too.
    >
    > You're right, they cannot ping from home, behind a Linksys router or
    > directly connected to cable modem. But they don't VPN in, so we
    > can't test that. There is no proxy or ISA in place.
    >
    > To add to the mystery, one of the laptops that I've been messing with
    > concerning this issue has all of a sudden started working at home!
    > Over the weekend, the owner told me this - this was two days after I
    > would have changed anything. Is there a chance it was simply like a
    > delayed applying of settings? The owner said she'd only rebooted,
    > but we'd been doing that along the way already. Not to say this
    > issue is totally resolved - there is at least one laptop out there
    > that cannot connect to the Internet when outside this office, last I
    > heard...

    Can I assume the users at home performed an ipconfig /release and then
    followed by a /renew? Did you have them confirm their ipconfig settings when
    you were helping them tech support this?

    Ace
  8. Archived from groups: microsoft.public.win2000.dns (More info?)

    > Can I assume the users at home performed an ipconfig /release and then
    > followed by a /renew? Did you have them confirm their ipconfig settings when
    > you were helping them tech support this?

    yes we did all that. when we first started troubleshooting this, they could
    ping Internet IP addreesses but no FQDNs, and were getting IP address from
    ISP. later, when they couldnt ping anything at all, they werent getting one.
  9. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:0D541A7A-C93C-4432-BD37-D28BEAC9D683@microsoft.com,
    mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
    commented about below:
    >> Can I assume the users at home performed an ipconfig /release and
    >> then followed by a /renew? Did you have them confirm their ipconfig
    >> settings when you were helping them tech support this?
    >
    > yes we did all that. when we first started troubleshooting this,
    > they could ping Internet IP addreesses but no FQDNs, and were getting
    > IP address from ISP. later, when they couldnt ping anything at all,
    > they werent getting one.

    If they weren't getting an IP, then I can understand why they can't ping
    anything.

    Is there a personal firewall (Zone Alarm) or anything else similar to that
    installed?

    Are the DNS addresses on the clients hardcoded to your internal DNS but the
    IP is set to 'obtain automatically'?

    Ace
  10. Archived from groups: microsoft.public.win2000.dns (More info?)

    > Is there a personal firewall (Zone Alarm) or anything else similar to that
    > installed?

    no firewall. even turned off XP firewall.

    > Are the DNS addresses on the clients hardcoded to your internal DNS but the
    > IP is set to 'obtain automatically'?

    If I understand your question right, that's what appears to have caused this
    whole mess. Yes, they're set to obtain automatically (both at work and at
    home), but the office network's internal DNS servers are there in the
    Registry when they're at home (I had them look it up). Clearing them out
    seems to work sporadically. I mean, it worked for the first laptop on which
    we first discovered this problem. But the second laptop didn't behave the
    same way (it's the one I described above that unexpectedly just started
    working last weekend). Now a third laptop has exhibited the same issue.
    I've told him to ipconfig /release, /renew, and /flushdns, also he cleared
    out the DNS servers from HKLM\Software\Policies\Microsoft\WindowsNT\DNSclient
    and rebooted, and he even gets an IP address from the wireless hotspot he's
    trying to connect to, but still cannot pull up web pages. He also cant seem
    to ping Internet IP addresses even though his laptop gets that IP address -
    weird.

    Or maybe I dont understand your question: 'hardcoded to the internal DNS'?
  11. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:373A73B2-A938-4BB4-B12F-BC7C7AB62B9C@microsoft.com,
    mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
    commented about below:
    >> Is there a personal firewall (Zone Alarm) or anything else similar
    >> to that installed?
    >
    > no firewall. even turned off XP firewall.
    >
    >> Are the DNS addresses on the clients hardcoded to your internal DNS
    >> but the IP is set to 'obtain automatically'?
    >
    > If I understand your question right, that's what appears to have
    > caused this whole mess. Yes, they're set to obtain automatically
    > (both at work and at home), but the office network's internal DNS
    > servers are there in the Registry when they're at home (I had them
    > look it up). Clearing them out seems to work sporadically. I mean,
    > it worked for the first laptop on which we first discovered this
    > problem. But the second laptop didn't behave the same way (it's the
    > one I described above that unexpectedly just started working last
    > weekend). Now a third laptop has exhibited the same issue. I've told
    > him to ipconfig /release, /renew, and /flushdns, also he cleared out
    > the DNS servers from
    > HKLM\Software\Policies\Microsoft\WindowsNT\DNSclient and rebooted,
    > and he even gets an IP address from the wireless hotspot he's trying
    > to connect to, but still cannot pull up web pages. He also cant seem
    > to ping Internet IP addresses even though his laptop gets that IP
    > address - weird.
    >
    > Or maybe I dont understand your question: 'hardcoded to the internal
    > DNS'?

    In IP properties, you can select to either obtain automatically or set it
    statically. You can even set the DNS addresses statically, but obtain an IP
    address automatically. Check out the IP properties and you'll see what I
    mean.

    I assume no spyware or viruses such as the QHOSTS that compromises the Hosts
    file.

    Honestly I've never seen these sort of problems with connectivity. I work
    with one of my clients of about 150+ users and half of them have laptops and
    travel around and they have no problems whatsoever whether they are in a
    hotel, airport, a Starbucks or at home on their wireless.

    It uis obviously something common since it is happening to all your laptops.
    If you brought a new laptop in that never had the GPO settings, does it work
    anywhere it goes?

    Ace
  12. Archived from groups: microsoft.public.win2000.dns (More info?)

    "In IP properties, you can select to either obtain automatically"...

    Ok, setting static TCP/IP info. I thought you meant something else by
    "hardcoding." Yes, again, they're set to obtain automatically.

    Right, no viruses/spyware. Scanned with locally installed AV and online AV
    scanners.

    > about 150+ users and half of them have laptops and have no problems whatsoever

    yeah, neither did we until I set up this GPO and included the laptops in it!

    > If you brought a new laptop in that never had the GPO settings, does it work

    well, not sure. we dont have a new laptop that was just purchased to use
    for a test. it probably would though cuz the laptops' GPO now doesnt include
    DNS settings.
  13. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:CF669723-C934-4E1A-B5C2-78662B204B8B@microsoft.com,
    mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
    commented about below:
    > "In IP properties, you can select to either obtain automatically"...
    >
    > Ok, setting static TCP/IP info. I thought you meant something else by
    > "hardcoding." Yes, again, they're set to obtain automatically.
    >
    > Right, no viruses/spyware. Scanned with locally installed AV and
    > online AV scanners.
    >
    >> about 150+ users and half of them have laptops and have no problems
    >> whatsoever
    >
    > yeah, neither did we until I set up this GPO and included the laptops
    > in it!
    >
    >> If you brought a new laptop in that never had the GPO settings,
    >> does it work
    >
    > well, not sure. we dont have a new laptop that was just purchased to
    > use for a test. it probably would though cuz the laptops' GPO now
    > doesnt include DNS settings.

    So it all points back to the GPO. Let's backtrack a sec. Did you ever get a
    chance to run a Resulting Policy report thru GPMC on one of the affected
    laptops or a user account?

    Was this a GPO you created or did you alter the Default Domain Policy? If
    not the default, did you completely remove the GPO and allow the user to
    logon and then logoff and then go home and try it again?

    Was anything else altered thru the reg such as the MTU settings? That can
    affect communication. Any other software installed on these laptops that
    affect network settings, such as WinPoet or anything else?

    Originally you said you posted this in the GPO newsgroup. I was looking for
    it in win2000.group_policy group but couldn't find your name. I was curious
    what those guys had to offer.

    If you re-ran Windows setup on one of the laptops, in effect resetting the
    system (it will keep the users' profiles, apps and other settings intact),
    and then put the computer into another OU without that GPO, does it work? I
    know this is alot of work, but I'm trying to pinpoint where the issue is.

    Also, maybe disjoining one of them, allow the user to take it home and try
    it, then when they return, re-join it but put it in a different OU.

    Ace
  14. Archived from groups: microsoft.public.win2000.dns (More info?)

    Ok, just ran GPMC's Group Policy Results wizard on one of the laptops that
    hasnt even been connected at home yet. The only DNS-related thing (which I
    did set) was Dynamic Update set as enabled. Its status has not proven to
    have any effect on all this.
  15. Archived from groups: microsoft.public.win2000.dns (More info?)

    What's especially weird about all this is that I can't seem to force the
    changes in the Registry. I search for all instances of the internal DNS
    servers in the Registry and wipe them out and reboot but still nothing. One
    guy is now in Germany for the month and hoped to get online while there but
    can't. So, he can't just bring his laptop back in to log in or let new
    policies apply or anything. I've emailed him all these TCP/IP and
    Registry-editing instructions above but none have worked (he's using a hotel
    PC to get email). Apparently there's either something I'm missing in the
    Regsitry or something else...
  16. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:A23B1DFC-D40D-419A-8B9A-ACAFD7CBDCD3@microsoft.com,
    mikeindo <mikeindo@discussions.microsoft.com> posted this:
    > What's especially weird about all this is that I can't seem to force
    > the changes in the Registry. I search for all instances of the
    > internal DNS servers in the Registry and wipe them out and reboot but
    > still nothing. One guy is now in Germany for the month and hoped to
    > get online while there but can't. So, he can't just bring his laptop
    > back in to log in or let new policies apply or anything. I've
    > emailed him all these TCP/IP and Registry-editing instructions above
    > but none have worked (he's using a hotel PC to get email).
    > Apparently there's either something I'm missing in the Regsitry or
    > something else...

    You may have a Winsock problem, install the Windows XP support tools from
    the XP CD and run netdiag /v to check the Winsock test.

    --?
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  17. Archived from groups: microsoft.public.win2000.dns (More info?)

    > Just yank it at this point!

    gettin' close to doin' that...

    > Let me know what you find with the GPMC report.

    did you see my post?

    > You may have a Winsock problem, install the Windows XP support tools from
    > the XP CD and run netdiag /v to check the Winsock test.

    i will.
  18. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:120702C9-3F82-45CE-85DC-5F3A79ACF9A0@microsoft.com,
    mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
    commented about below:
    > Ok, just ran GPMC's Group Policy Results wizard on one of the laptops
    > that hasnt even been connected at home yet. The only DNS-related
    > thing (which I did set) was Dynamic Update set as enabled. Its
    > status has not proven to have any effect on all this.

    That's it? Just remove the link and completely delete the GPO and recreate a
    new one from scratch for whatever other settings you are controlling. I
    wouldn't even know why you are controlling DNS behavior with GPOs since that
    is default with client PCs anyway, that is newer than Win2000. Any
    compelling reason to control this behavior with a GPO?

    Ace
  19. Archived from groups: microsoft.public.win2000.dns (More info?)

    > That's it? Just remove the link and completely delete the GPO and recreate a
    > new one from scratch for whatever other settings you are controlling. I
    > wouldn't even know why you are controlling DNS behavior with GPOs since that
    > is default with client PCs anyway, that is newer than Win2000. Any
    > compelling reason to control this behavior with a GPO?

    no reason. didnt know the clients did that - maybe shoulda guessed though.
    i'll remove that setting too. sure, i could wipe the GPO out and start
    fresh. of course, i wont know if it works until someone either brings in
    their laptop or takes it home (one that hasnt been fixed of course)!

    btw, i've tried to copy one GPO to another OU and rename it, but then the
    original gets renamed too. it'd be nice to copy over one of the other GPOs,
    rename it, and remove the DNS-related stuff. how do i do that?
  20. Archived from groups: microsoft.public.win2000.dns (More info?)

    mikeindo wrote:

    > btw, i've tried to copy one GPO to another OU and rename it, but then
    > the original gets renamed too. it'd be nice to copy over one of the
    > other GPOs, rename it, and remove the DNS-related stuff. how do i do
    > that?

    You can't do this, in the console when you see the list of GPOs? These are
    just links the actual GPO has a very long globally unique identifier and are
    in the \\DNSADDomain\SYSVOL\DNSADDomain\policies DFS share. Do not modify
    these unless you know exactly what you are doing.
    You can have the same GPO linked to several different OUs.

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  21. Archived from groups: microsoft.public.win2000.dns (More info?)

    > You can't do this,

    ah.

    ok, shifting focus slightly, we have another GPO that does contain internal
    DNS server settings for an OU containing desktop workstations at our office.
    so theyre not going anywhere, like the laptops do! anyway, they dont seem to
    take on the internal DNS servers in TCP/IP properties as they should. seems
    that it should be grayed-out with those DNS servers set, but it's not. you
    can click in 'em and change, which is not the goal. ipconfig /all displays
    'incorrect' info (the same what's set in TCP/IP Properties), but the
    'correct' info are in the same same Registry keys that the laptops had:
    HKLM\software\policies\microsoft\windowsNT\DNSclient. these PCs of course
    have static TCP/IP info and most are used by local Admins. to explain it
    another way, i'd like the GPO to set static DNS servers and the static IP
    addresses to be set locally. is that possible? or would it just be worth my
    while/time to reset the DNS settings manually on each PC?
  22. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:A8DB575C-57BA-4CFD-8328-9EA0506472D9@microsoft.com,
    mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
    commented about below:
    > no reason. didnt know the clients did that - maybe shoulda guessed
    > though. i'll remove that setting too. sure, i could wipe the GPO out
    > and start fresh. of course, i wont know if it works until someone
    > either brings in their laptop or takes it home (one that hasnt been
    > fixed of course)!
    >
    > btw, i've tried to copy one GPO to another OU and rename it, but then
    > the original gets renamed too. it'd be nice to copy over one of the
    > other GPOs, rename it, and remove the DNS-related stuff. how do i do
    > that?

    Just as Kevin said, they are just links to the GPO itself. If you look
    further down in the GPMC, you will see a container called Group Policy
    Objects. These are all the GPOs created in the domain. If you delete one
    from an OU, it just removes the link. That is why when you rename a link, it
    renames the actual GPO. Just delete the actual GPO under that container and
    create a new one.

    As for default dynamic update behavior, here are some links to read up on:

    816592 - HOW TO Configure DNS Dynamic Update in Windows 2003:
    http://support.microsoft.com/?id=816592

    317590 - HOW TO Configure DNS Dynamic Update in Windows 2000, [How it
    relates to Pri DNS Suffix and Append parent Suffix. Also DNSUpdateProxy
    Group]:
    http://support.microsoft.com/?id=317590

    Basically, as long as the client is newer than Win2000, the Primary DNS
    Suffix, or any of your suffixes are set to the zone to update into, and the
    DNS addresses on the clients IP properties are set ONLY to the internal DNS
    servers hosting the AD zone name or have a reference to the SOA of the zone,
    will it work. Also when DHCP is used, it will be based on the above default
    behavior. You can also force DHCP to upate for your clients, especially for
    legacy and non-Windows clients. No need to control this thru GPOs, which
    just complicates things (as you've seen).

    Ace
  23. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:1E91B6D2-F3C2-47FE-969E-99818FCB30EE@microsoft.com,
    mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
    commented about below:
    >> You can't do this,
    >
    > ah.
    >
    > ok, shifting focus slightly, we have another GPO that does contain
    > internal DNS server settings for an OU containing desktop
    > workstations at our office. so theyre not going anywhere, like the
    > laptops do! anyway, they dont seem to take on the internal DNS
    > servers in TCP/IP properties as they should. seems that it should be
    > grayed-out with those DNS servers set, but it's not. you can click
    > in 'em and change, which is not the goal. ipconfig /all displays
    > 'incorrect' info (the same what's set in TCP/IP Properties), but the
    > 'correct' info are in the same same Registry keys that the laptops
    > had: HKLM\software\policies\microsoft\windowsNT\DNSclient. these PCs
    > of course have static TCP/IP info and most are used by local Admins.
    > to explain it another way, i'd like the GPO to set static DNS servers
    > and the static IP addresses to be set locally. is that possible? or
    > would it just be worth my while/time to reset the DNS settings
    > manually on each PC?

    Dude, you are complicating things for yourself. DHCP is a wonderful tool and
    works hand in hand with dynamic updates using Option 081 (under DHCP
    properties, DNS tab). Keeping users as just Domain Users will also keep them
    from changing settings. Read my other post about dynamic updates.

    Ace
  24. Archived from groups: microsoft.public.win2000.dns (More info?)

    mikeindo wrote:
    >> You can't do this,
    >
    > ah.
    >
    > ok, shifting focus slightly, we have another GPO that does contain
    > internal DNS server settings for an OU containing desktop
    > workstations at our office. so theyre not going anywhere, like the
    > laptops do! anyway, they dont seem to take on the internal DNS
    > servers in TCP/IP properties as they should. seems that it should be
    > grayed-out with those DNS servers set, but it's not. you can click
    > in 'em and change, which is not the goal. ipconfig /all displays
    > 'incorrect' info (the same what's set in TCP/IP Properties), but the
    > 'correct' info are in the same same Registry keys that the laptops
    > had: HKLM\software\policies\microsoft\windowsNT\DNSclient. these PCs
    > of course have static TCP/IP info and most are used by local Admins.
    > to explain it another way, i'd like the GPO to set static DNS servers
    > and the static IP addresses to be set locally. is that possible? or
    > would it just be worth my while/time to reset the DNS settings
    > manually on each PC?

    With Dynamic DNS registration there is little need for a static IP address
    in AD except for DNS, DHCP, SMTP or POP3 servers. DCs don't even need a
    static IP unless they host one of those services. As for as that goes, DHCP
    can assign a static IP based on a MAC address.

    As for users changing the DNS servers in TCP/IP properties, users should not
    be local administrators either. For the Applications that require
    Administrative rights you should use the run as feature. Using the run as
    feature allows the application to run under an Administrator account, while
    not exposing the machine to things like viruses and worms, which use the
    logged on user account for the damage they do. This is the way I set up my
    kid's computers and believe me it has sure saved me some major headaches.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  25. Archived from groups: microsoft.public.win2000.dns (More info?)

    thanks for all your help. when some of these laptops either come in or go
    out, we'll all what happens. in the meantime, i'm removing all DNS-related
    stuff from GPOs and setting stuff manually as needed from the PCs themselves.
    not TOO many, so not a big deal.
  26. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:DAA515FC-B110-4039-B388-1EB139564330@microsoft.com,
    mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
    commented about below:
    > thanks for all your help. when some of these laptops either come in
    > or go out, we'll all what happens. in the meantime, i'm removing all
    > DNS-related stuff from GPOs and setting stuff manually as needed from
    > the PCs themselves. not TOO many, so not a big deal.

    Why not use DHCP?

    Ace
  27. Archived from groups: microsoft.public.win2000.dns (More info?)

    > Why not use DHCP?

    ah, yes. well, i wanted to set as many as static IP as i could for
    tracking, monitoring, some administrative tasks. and i know i could just
    reserve specific IP addresses for specific PCs in Windows' DHCP server
    service. however, and maybe i shouldve mentioned this before but didnt think
    it mattered here, i'm not using a Windows-based server as the DHCP server.
    i'm using a firewall appliance that has a DHCP server feature. but i might
    consider it soon!
  28. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:A5692FE6-511E-4330-B5B0-A45296CF11C8@microsoft.com,
    mikeindo <mikeindo@discussions.microsoft.com> made this post, which I then
    commented about below:
    >> Why not use DHCP?
    >
    > ah, yes. well, i wanted to set as many as static IP as i could for
    > tracking, monitoring, some administrative tasks. and i know i could
    > just reserve specific IP addresses for specific PCs in Windows' DHCP
    > server service. however, and maybe i shouldve mentioned this before
    > but didnt think it mattered here, i'm not using a Windows-based
    > server as the DHCP server. i'm using a firewall appliance that has a
    > DHCP server feature. but i might consider it soon!

    I see. Windows DHCP works hand in hand with dynamic registration by the way.
    The firewall appliance probably doesn't support Option 081, hence probably
    why you were having problems with dynamic registration? Or at least it may
    have been contributing to it. We usually recommend getting away from a
    firewall's DHCP service because of this lack of functionality.

    Ace
Ask a new question

Read More

Laptops DNS Windows