Group Policies apply when the computer starts up or when the user logs in. And after that event, every 90 minutes on a domain computer. This may work very well for LAN connected computers, however, for remote computers that generally start up without being connected to corporate network and the user logs in with cached credentials, the event based Group Policy refreshes are completed missed. And in such cases, it requires for the user to remain logged in for an extended period of time (90 minutes) for the policies to download and to apply over the VPN connection. The point is it leaves the remote computers in an unpredictable state and the administrator is never sure if the group policy updates are successfully applied on every remote computer.
There are workarounds for sure. You can have the user run gpupdate command, for instance, create a shortcut on their desktop and have them launch it every so often. But that’s not enterprise IT administration; that’s band-aid. Oh and how about the case when you change the group membership of computers and users; how do they get updated when the remote computer starts off offline and the user logs in with cached credentials ? That’s truly a catch 22 situation. Surely, you can use the ‘Dial Up networking’ to initiate a VPN connection and then, login but honestly how many companies can leverage that option when VPN legacy client software or SSL based VPN solutions are more popular.
Active Directory Client Extensions by Synergix has a feature where the Group Policy updates occur immediately after the user connects to corporate network. Yeah, it is VPN client software agnostic and works on Windows 2000 Professional to Windows 7.0, both x86 and x64 platforms. With Active Directory Client Extensions, there is no need to wait for up to 90 minutes for the policies to download and to apply.