Hello @GRattu
In this case, since the policy is applying correctly to on premise computers, I would recommend looking in the next:
- Policy being restricted by overlapping policy that "locks" the Start Layout: extracting an RSOP via GPUPDATE /H OUTPUT.HTML may help to identify all the policies applying into a VPN connected machine
Reference: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/gpresult - That aside, the most likely issue with remote or VPN computers is the network readiness. For this, 2 options:
A) GPO engine detects a slow link and doesn't distribute the policies:
Set the policy for Slow Link Detection as Disabled:
Policy path: Policies\Administrative Templates\System\Group Policy\Slow Link Detection 0 to disable
Reference: https://learn.microsoft.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/manage-profile-service-slow-link-detection
B) Network not ready during the synchronous load of policies:
Set the policy to “Always Wait for the Network at Computer Startup and Logon” as Enabled for the VPN computer group
Policy path: "Computer Configuration \ Administrative Templates \ System \ Logon \ Always wait for the network at computer startup and logon"
Reference: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/policy/logon-optimization
Hope this helps with your query,
--
--If the reply is helpful, please Upvote and Accept as answer--