One of the main problems with Group Policy is that policies are only applied when a computer is rebooted, a user logs on or within certain time intervals. Network Location Awareness is a new feature of Group Policy in Windows Vista which will address this problem.
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
- Automatically mount an NVMe EBS volume in an EC2 Linux instance using fstab - Mon, Feb 21 2022
The idea is that every time a Vista-PC detects a network connection to a domain controller, it will update the policies on this machine. For example, if a user connects by VPN to the corporate network or when a PC reconnects to the network after recovering from hibernation or standby, then Group Policy updates this computer .
Unfortunately, this new feature didn’t work in my tests. With Beta2 and RC1, the situation is even worse than with Windows XP. After I disabled the network card, all policies where deleted. When I reconnected the machine, it was not even possible to reload them with the gpupdate command.
I tested Group Policy again with the latest build (5728). This bug has now been fixed. However, Network Location Awareness still doesn’t work. It seems like there is still much work to be done by Microsoft’s developers.
Another question is if Network Location Awareness is a solution to the deployment problems with Group Policy. There are often cases when I want to update polices in my network immediately. For example, you might want to add another Firewall rule because of a new threat. Then, you have to tell your users to reboot in order to load the updated GPO (Group Policy Object).
Of course you can run gpupdate on all clients. But starting applications remotely is always problematic. Thus, I hoped that Microsoft would add a “push feature” to Group Policy that would allow me to deploy all policies or a certain policy setting in my network with a tool on the domain controller. Network Location Awareness isn’t the solution for this. Group Policy still only works on a pull model, i.e. the client has to contact the domain controller to update GPOs.
Another feature of Network Location Awareness is that it doesn’t rely anymore on the ICMP protocol to detect slow network connections. This is always a problem if the Windows clients communicate thru a Firewall with the domain controller.
Subscribe to 4sysops newsletter!
You can check this Technet article for more details about Network Location Awareness.