Updating LastServerQuery value on a locked down workstation
Hello I tried setting the CacheInterval and MaxOffset via GPO in our enviorment and found it was not working as expected. The password reset client would still appear during logon in the task bar. I discovered that the following registry key didn’t exist on my workstation. HKCU\Software\Microsoft\Forefront Identity Manager\2010\Extensions Following information posted by AnthonyHo the key needs to manually created. http://social.technet.microsoft.com/Forums/en-GB/ilm2/thread/0f9d03aa-72a2-428c-8e03-d1d113d13414 After creating the key, manually registering again the following Qword appeared LastServerQuery Now GPO works as expected on my test workstation and the cacheinterval and maxoffset from the GPO appear under HKCU\Software\Policies\Microsoft\Forefront Identity Manager\2010\Extensions Its my understanding that without the LastServerQuery key that cacheinterval and maxoffset have no affect. In my production environment (school board) we do not allow users (i.e. students) access / edit the registry on the workstation via a GPO. How should I go about getting the LastServerQuery value updated. Otherwise every time users login the password reset client is going to run hitting my FIM portal. I'm looking for more information / guidance on the issue above. Thanks Bill
April 12th, 2011 11:24am

You can use GP Preferences to roll out Registry settings. Is this an option for you? The clients require the GP Preferences CSE if they're earlier builds than (I think) Vista SP1.
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2011 3:03pm

Paul If you talking about Group Policy Preference Client Side Extensions for Windows XP (KB943729) then my client workstations have that installed. Thanks for the tip, I didn't think about doing it that way. If it works then it would solve the issue of creating the key structure. Bill
April 12th, 2011 3:32pm

are you saying students have no read-write access to the following registry key? HKCU\Software\Microsoft\Forefront Identity Manager\2010\Extensions
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2011 5:59pm

students have read access to the registry on the workstations Under what user context is the LastServerQuery value updated. ie system or the user's account
April 12th, 2011 6:34pm

user account. It's HKCU :) Thus it has to be the user. I haven't confirm this, but i think i am correct.
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2011 7:22pm

I believe after testing again this morning that I'll be OK in our environment. LastServerQuery value has been updated for the user with the GPO set to block registry editing.
April 13th, 2011 11:00am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics