Windows 7 + Wireless = Temp profile?

[atamakosi]

Hi All,
Second attempt to post this, sorry if any double up. Hope someone can help with this issue, i've been banging my head against the wall on this problem.

My school has purchased an initial lot of 28 HP mini 5103 netbooks for our classrooms. We've decided to also start deploying Windows7 with these and a the new staff laptops. I've spent the past few weeks setting up the GPO's to prevent unauthorized access to things like the system drive and other network machines, etc. etc. Now when i test it with a student account everything looks great and golden rays beam from behind the machine. Until i remove the network cable and try to log on using the same accounts wirelessly. Then it all junks out on me and the user is logged in with a temp profile with no restrictions. I've tried pinging it at the login screen and receive no replies. it will only make the connection wirelessly after a user logs in. I'm assuming this is the main issue now and my last hurdle.

Is there anyway to configure the wireless connection to start pre-logon? I've set the usual computer gpo's to wait for network, attempted setting a roaming profile for my test account, and other attempts that have become a blur of gpupdate and restarts.

basic info if needed:
Server 2k8 R2 DC
Zonedirector 1000 w/ Ruckus AP's
HP Mini 5103's running Win 7 Ent. x86

Once this is done, i'm going to get them out to the classrooms. In which time I'm sure I'll have to tackle the random user account docs being renamed to 'Documents' from 'Username'. thats a mystery as well right now cause it doesn't occur every time.

many thanks for any and all help!

[ZeroHour]

Hi
What does gpresult give on the clients as a reason?
Do you get any ping dropouts? (when pinging to the client trying to login/booting)

On a side point, what happened when you were trying to post? if you had a bug I can look into at if you post details in: EduGeek.net Site Problems

[atamakosi]

I believe my first post just timed out. can happen when you keep having to get up and run around campus to fix minor issues.

packets are dropped until after login. then it will actually make the connection and pull the redirected desktopdir as well as a few updates but the user is still logged into a temp profile that has full access.

gpreport shows the gp infrastructure failed due to the network not present/started. so again it looks like it isn't creating the network connection to our wireless until after it's needed.

I've read others solved this by using the manufacturer's wireless client but we have different brands at our school so that isn't an elegant solution.

[SYNACK]

Have you got the latest driver for the wireless cards installed and made sure that any manufacture wireles managment software has been removed so that Windows is in control. Is the wireless profile on the laptops set as a machine one and how is authentication setup.

If you are usign WPA2-Enterprise with per-user authentication then it will wait and use the users credentials to authenticate which could cause this. If so you could look at using it with machine authentication instead which should allow it to work before logon.

You may also want to look at using something like super mandatory profiles along with GPO settings to cause the logon to drop out if it can't load the required profile stuff.

[explodingcarrots]

I second SYNACK's suggestion - HP's own wireless applications can be troublesome when trying to log on to a domain. Let WZC take the full load, update wireless card drivers and cross your fingers!

[atamakosi]

Thanks for the replies, everyone. I've discovered the issue that wasn't allowing the machines to logon wirelessly and have corrected it.

The technician that setup our radius server, for whatever reason, didn't have the school computers OU added. Once that was done, the network connections are now made during startup instead of login and everything is sunshine and roses. I had assumed that when the wireless network was installed that it would have been obvious to add the school computers so I thought it was a more complicated issue. Sorry for that.