Refresh and/or apply logon GPOs when VPN connection is established

Is there a way to refresh and/or apply logon GPOs and/or scripts when VPN connection is established?
We're using Mobile VPN with SSL.
Now that we have more staff working remotely, some GPOs are not working as I would like them to.
I'm after something like this https://www.synergix.com/products/active-directory-client-extensions/features/group-policy-refreshes/ but was wondering if this is possible to achieve using WatchGuard VPN client.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Maciek

    The WatchGuard VPN client won't do anything like that. It'll simply connect to the VPN.

    It is possible to set up scripts using the OpenVPN client and the client profile that you can download from your firewall -- see this thread for more info on that:
    https://community.watchguard.com/watchguard-community/discussion/1042/run-script-after-connection-to-vpn

    -James Carson
    WatchGuard Customer Support

  • What happens if you create a batch file for the users to run after they connect, and it has

    gpupdate /force

    in it?

    If the GPO has user policies, that's going to be a pain, because that commend will ask if they want to log off to apply them.

    Gregg Hill

  • Synergix ADCE mentioned by @Maciek certainly seem to have some potential

    https://www.synergix.com/products/active-directory-client-extensions/features/

  • edited October 2020

    Hello, you can set a task scedule event and start gpupdate/force on VPN start with this solution

    https://www.groovypost.com/howto/automatically-run-script-on-internet-connect-network-connection-drop/

    We use this also and start any programms on VPN start or stop

  • Here's what we do, to assure gpupdate runs after the wg sslvpn is connected. The desktop shortcut which launches the VPN instead launches a .bat file. The bat file starts 2 executions. 1. The VPN launcher. 2. Another .bat file which pings the domain DC's IP address in a loop, then once the user connects the VPN and the ping gets a reply, it executes gpupdate.

    Make a .bat file, call it VPN_Launch.bat. Send to Desktop as shortcut. Then go to the shortcut > Properties. Change to launch as minimized.

    Here's the contents for VPN_Launch.bat:

    start C:\FolderName\ConnectVPN.wgssl
    start C:\Foldername\ping_wait.bat

    The wgssl file comes from a backup of your Watchguard. It launches the SSLVPN client pre configured with IP. The ping_wait runs minimized. Here's the .bat for ping_wait:

    :loop
    timeout 2
    ping -n 1 IP_OF_DC |find "TTL=" || goto :loop
    echo Answer received.
    echo Running Script
    gpupdate
    timeout 4

Sign In to comment.