Install LAPS through VPN connection

David Leal 41 Reputation points
2021-02-10T10:03:37.347+00:00

I'm deploying LAPS (local administrator password solution), I've three different scenarios:

  • Workstations wired connected in the office: It works perfectly.
  • Workstations wireless connected in the office: I doesn't work.
  • Workstations at home connected using a VPN: I doesn't work.

Installation GPO is quiet simple:

66329-captura.png

The source is a shared accesible folder through wirelees and VPN.
Nowadays 90% of the company is working at home with VPN connection. All other GPOs are working fine.

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,600 questions
0 comments No comments
{count} votes

Accepted answer
  1. Fan Fan 15,356 Reputation points Microsoft Vendor
    2021-02-11T04:49:21.773+00:00

    Hi,
    Not all Group Policy extensions are processed during a background refresh.
    Some of the group policies require a foreground (restar or logoff /login) to process .Such as software installation (need restart ), startup script.
    If the VPN or Wireless can't be connected at start up, then the group policies (Startup scripts ,software installation) won't process.

    I would recommend you talk to your network teams and confirm if the VPN or the wireless can be set to be connected at startup.
    Have no idea how did you configure the VPN, following link just for your reference:
    https://learn.microsoft.com/en-us/windows-server/remote/remote-access/vpn/vpn-device-tunnel-config

    Best Regards,

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Fan Fan 15,356 Reputation points Microsoft Vendor
    2021-02-11T04:49:29.487+00:00

    Hi,
    If there are any updates, welcome to share here!
    Best Regards,

    0 comments No comments

  2. Steve Vickroy 1 Reputation point
    2021-02-11T15:46:41.467+00:00

    There is a solution to the wireless issue. There is a setting to wait until the wireless connection is completed before processing the gpo. I use this for LAPS workstation installs over wireless.

    Computer Configuration -> Administrative Templates -> System -> Group Policy -> Specify startup policy processing wait time

    67033-image.png

    This will fix your wireless issue but not the vpn issue.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.