ASA political anyconnect and default group policy

Similar Questions

• ASA and DAP group policy

  Hi all

  I intend to implement SSL VPN on ASA 8.2.1.

  For example, I create the DAP following 2 files to assign different access rights.

  Policy name: sales DAP

  ldap.memberOf = sales

  Action: continue

  Policy name: engineering DAP

  ldap.memberOf = genius

  Action: continue

  The next policy group are already configured on SAA.

  GP_sales

  GP_engineering

  If UserA, who is a member of the OU sales Active directory Access ASA, ASA know UserA must be associated by GP_sales?

  Thank you

  Hello

  You must configure the LDAP server in your ASA and LDAP attribute is mapped to the Cisco attribute. (LDAP memberOf is maps to GroupPolicy)

  Then you need to configure the mapping of LDAP attributes

  http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00808d1a7c.shtml

• AnyConnect tunnel-group automatic assignment without selecting any group-tunnel-group-list alias and user-group strategy.

  Objective is that the anyconnect user must select group-alias, so that when a user enters his username and password he must go to his political group and tunnel-group specific. as I removed this command in webvpn 'no tunnel-group-list don't enable '. This I can not connect (user does not authenticate).

  1 - my question is why his past does not?

  Solution:

  If I keep only a single tunnel-group by default and make several group policies and assign to each user with his specific group policy that it works. in user attribute means I have only question following the commands it works, but if I put "group-lock value test-tunnel" that it did not identify.

  Please explain why.

  WebVPN

  allow outside

  limit the cache-fs 50

  SVC disk0:/anyconnect-win-3.0.10055-k9.pkg 1 image

  enable SVC

  internal strategy of group test-gp

  attributes of the strategy of group test-gp

  VPN-tunnel-Protocol svc webvpn

  the address value test-pool pools

  username, password test test

  username test attributes

  VPN-tunnel-Protocol svc

  group-lock value test-tunnel

  Strategy Group-VPN-test-gp

  tunnel-group test-tunnel type remote access

  attributes global-tunnel-group test-tunnel

  Group Policy - by default-test-gp

  tunnel-group test-tunnel webvpn-attributes

  allow group-url https://192.168.168.2/test

  Yes, you have the right solution. You only need to create 1 group of tunnel and multiple group policy. Under the attribute of the user, you re then group policy of vpn that you want the user assigned too.

  You can also authenticate users against AD and configure ldap attribute map to map the user to a specific group policy automatically.

  Here is an example of configuration if you happen to have the AD and will authenticate against AD:

  http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00808d1a7c.shtml

  Hope that helps.

• ASA 5515 - Anyconnect - inside the subnet connection problem

  Hi all

  I have a problem with the connection to the Interior/subnet using Anyconnect SSL VPN.

  ASA worm. 5515

  Please find below of configuration:

  User access audit

  ASA1 # show running-config
  : Saved
  :
  ASA 9.1 Version 2
  !
  hostname ASA1
  activate 8Ry2YjIyt7RRXU24 encrypted password
  volatile xlate deny tcp any4 any4
  volatile xlate deny tcp any4 any6
  volatile xlate deny tcp any6 any4
  volatile xlate deny tcp any6 any6
  volatile xlate deny udp any4 any4 eq field
  volatile xlate deny udp any4 any6 eq field
  volatile xlate deny udp any6 any4 eq field
  volatile xlate deny udp any6 any6 eq field
  2KFQnbNIdI.2KYOU encrypted passwd
  names of
  mask of local pool swimming POOLS-for-AnyConnect 10.0.70.1 - 10.0.70.50 IP 255.255.255.0
  !
  interface GigabitEthernet0/0
  nameif outside
  security-level 0
  address IP A.A.A.A 255.255.255.240
  !
  interface GigabitEthernet0/1
  nameif inside
  security-level 100
  192.168.64.1 IP address 255.255.255.0
  !
  interface GigabitEthernet0/2
  nameif dmz
  security-level 20
  address IP B.B.B.B 255.255.255.0
  !
  interface GigabitEthernet0/3
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface GigabitEthernet0/4
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface GigabitEthernet0/5
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Management0/0
  management only
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  passive FTP mode
  network of the OBJ_GENERIC_ALL object
  subnet 0.0.0.0 0.0.0.0
  network outside_to_inside_FR-Appsrv01 object
  Home 192.168.64.232
  network outside_to_dmz_fr-websvr-uat object
  Home 10.20.20.14
  network inside_to_dmz object
  192.168.64.0 subnet 255.255.255.0
  gtc-tomcat network object
  Home 192.168.64.228
  network of the USA-Appsrv01-UAT object
  Home 192.168.64.223
  network of the USA-Websvr-UAT object
  Home 10.20.20.13
  network vpn_to_inside object
  10.0.70.0 subnet 255.255.255.0
  extended access list acl_out permit everything all unreachable icmp
  acl_out list extended access permit icmp any any echo response
  acl_out list extended access permit icmp any one time exceed
  acl_out list extended access permit tcp any object outside_to_inside_FR-Appsrv01 eq 3389
  acl_out list extended access permit tcp any object outside_to_inside_FR-Appsrv01 eq 28080
  acl_out list extended access permit tcp any object outside_to_inside_FR-Appsrv01 eq 9876
  acl_out list extended access permit udp any object outside_to_inside_FR-Appsrv01 eq 1720
  acl_out list extended access permit tcp any object outside_to_dmz_fr-websvr-uat eq www
  acl_out list extended access permit tcp any object outside_to_dmz_fr-websvr-uat eq https
  acl_out list extended access permit tcp any object outside_to_dmz_fr-websvr-uat eq 3389
  acl_out list extended access permit tcp any object USA-Appsrv01-UAT eq 9876
  acl_out list extended access permit udp any eq USA-Appsrv01-UAT object 1720
  acl_out list extended access permit tcp any object USA-Websvr-UAT eq www
  acl_out list extended access permit tcp any USA-Websvr-UAT eq https object
  acl_out list extended access permit tcp any object USA-Websvr-UAT eq 3389
  acl_out list extended access permit tcp any object USA-Appsrv01-UAT eq 3389
  acl_dmz list extended access permit icmp any any echo response
  acl_dmz of access allowed any ip an extended list
  acl_dmz list extended access permitted tcp object object to outside_to_dmz_fr-websvr-uat gtc-tomcat eq 8080
  acl_dmz list extended access permitted tcp object object to outside_to_dmz_fr-websvr-uat gtc-tomcat eq 8081
  acl_dmz list extended access permitted tcp object object to outside_to_dmz_fr-websvr-uat gtc-tomcat eq 3389
  acl_dmz list extended access permitted tcp object USA-Websvr-UAT object USA-Appsrv01-UAT eq 8080
  acl_dmz list extended access permitted tcp object USA-Websvr-UAT object USA-Appsrv01-UAT eq 8081
  access extensive list ip 192.168.64.0 gtcvpn2 allow 255.255.255.0 10.0.70.0 255.255.255.0
  pager lines 24
  Outside 1500 MTU
  Within 1500 MTU
  MTU 1500 dmz
  no failover
  ICMP unreachable rate-limit 1 burst-size 1
  don't allow no asdm history
  ARP timeout 14400
  no permit-nonconnected arp
  NAT dynamic interface of OBJ_GENERIC_ALL source (indoor, outdoor)
  NAT (inside, outside) static source all all static destination vpn_to_inside vpn_to_inside
  !
  network outside_to_inside_FR-Appsrv01 object
  NAT static x.x.x.x (indoor, outdoor)
  network outside_to_dmz_fr-websvr-uat object
  NAT (dmz, outside) static x.x.x.x
  network of the USA-Appsrv01-UAT object
  NAT static x.x.x.x (indoor, outdoor)
  network of the USA-Websvr-UAT object
  NAT (dmz, outside) static x.x.x.x
  Access-group acl_out in interface outside
  Access-group acl_dmz in dmz interface
  Route outside 0.0.0.0 0.0.0.0 B.B.B.B 1
  Timeout xlate 03:00
  Pat-xlate timeout 0:00:30
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  Floating conn timeout 0:00:00
  dynamic-access-policy-registration DfltAccessPolicy
  identity of the user by default-domain LOCAL
  Enable http server
  http 192.168.64.204 255.255.255.255 inside
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
  Crypto ipsec pmtu aging infinite - the security association
  Crypto ca trustpoint ASDM_TrustPoint0
  registration auto
  name of the object CN = ASA1
  GTCVPN2 key pair
  Configure CRL
  trustpool crypto ca policy
  string encryption ca ASDM_TrustPoint0 certificates
  certificate of 19897d 54
  308201cf 30820138 a0030201 02020419 897d 864886f7 0d 010105 5430 0d06092a
  0500302c 3111300f 06035504 03130851 57455354 32343031 17301506 092a 8648
  09021608 51574553 54323430 31343132 30333034 30333237 301e170d 86f70d01
  5a170d32 34313133 30303430 3332375a 302 c 3111 55040313 08515745 300f0603
  53543234 30311730 1506092a 864886f7 010902 16085157 45535432 34303081 0d
  9f300d06 092 has 8648 86f70d01 01010500 03818d 00 30818902 818100a 2 5e873d21
  dfa7cc00 ee438d1d bc400dc5 220f2dc4 aa896be4 39843044 d0521010 88 has 24454
  b4b1f345 84ec0ad3 cac13d47 a71f367a 2e71f5fc 0a9bd55f 05d 75648 72bfb9e9
  c5379753 26ec523d f2cbc438 d234616f a71e4f4f 42f39dde e4b99020 cfcd00ad
  73162ab8 1af6b6f5 fa1b47c6 d261db8b 4a75b249 60556102 03010001 fa3fbe7c
  300 d 0609 2a 864886 f70d0101 8181007a 05050003 be791b64 a9f0df8f 982d162d
  b7c884c1 eb183711 05d676d7 2585486e 5cdd23b9 af774a8f 9623e91a b3d85f10
  af85c009 9590c0b3 401cec03 4dccf99a f1ee8c01 1e6f0f3a 6516579c 12d9cbab
  59fcead4 63baf64b 7adece49 7799f94c 1865ce1d 2c0f3ced e65fefdc a784dc50
  350e8ba2 998f3820 e6370ae5 7e6c543b 6c1ced
  quit smoking
  Telnet 192.168.64.200 255.255.255.255 inside
  Telnet 192.168.64.169 255.255.255.255 inside
  Telnet 192.168.64.190 255.255.255.255 inside
  Telnet 192.168.64.199 255.255.255.255 inside
  Telnet timeout 5
  SSH timeout 5
  SSH group dh-Group1-sha1 key exchange
  Console timeout 0
  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  SSL-trust ASDM_TrustPoint0 inside point
  SSL-trust outside ASDM_TrustPoint0 point
  WebVPN
  allow outside
  AnyConnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
  AnyConnect enable
  tunnel-group-list activate
  internal GroupPolicy_GTCVPN2 group strategy
  attributes of Group Policy GroupPolicy_GTCVPN2
  WINS server no
  value of 192.168.64.202 DNS server 192.168.64.201
  client ssl-VPN-tunnel-Protocol
  Split-tunnel-policy tunnelspecified
  value of Split-tunnel-network-list gtcvpn2
  field default value mondomaine.fr
  username cHoYQ5ZzE4HJyyq password of duncan / encrypted
  username Aosl50Zig4zLZm4 admin password / encrypted
  password encrypted sebol U7rG3kt653p8ctAz user name
  type tunnel-group GTCVPN2 remote access
  attributes global-tunnel-group GTCVPN2
  Swimming POOLS-for-AnyConnect address pool
  Group Policy - by default-GroupPolicy_GTCVPN2
  tunnel-group GTCVPN2 webvpn-attributes
  enable GTCVPN2 group-alias
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  maximum message length automatic of customer
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the preset_dns_map dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  Review the ip options
  inspect the netbios
  inspect the rsh
  inspect the rtsp
  inspect the skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect the tftp
  inspect the sip
  inspect xdmcp
  !
  global service-policy global_policy
  context of prompt hostname
  no remote anonymous reporting call
  call-home
  Profile of CiscoTAC-1
  no active account
  http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
  email address of destination [email protected] / * /
  destination-mode http transport
  Subscribe to alert-group diagnosis
  Subscribe to alert-group environment
  Subscribe to alert-group monthly periodic inventory 19
  Subscribe to alert-group configuration periodic monthly 19
  daily periodic subscribe to alert-group telemetry
  Cryptochecksum:0b972b3b751b59085bc2bbbb6b0c2281
  : end
  ASA1 #.

  I can connect to the ASA from outside with the Anyconnect client, split tunneling works well unfortunately I can't ping anything inside the network, VPN subnet: 255.255.255.0, inside the 192.168.64.x 255.255.255.0 subnet 10.0.70.x

  When connecting from the outside, cisco anyconnect is showing 192.168.64.0/24 in the tab "details of the trip.

  Do you know if I'm missing something? (internal subnet to subnet route vpn?)

  Thank you

  Use your internal subnet ASA as its default gateway? If this isn't the case, it will take a route pointing to the ASA inside the interface.

  You can perform a packet - trace as:

  Packet-trace entry inside tcp 192.168.64.2 80 10.0.70.1 1025

  (simulation of traffic back from a web server inside a VPN client)

• ASA5505: Configure the ASA for IPSec and SSL VPN?

  Hello-

  I currently have my 5505 for SSL AnyConnect VPN connections Setup.  Is it possible to set up also the 5505 for IPSec VPN connections?

  So, basically my ASA will be able to perform SSL and IPSec VPN tunnels, at the same time.

  Thank you!

  Kim,

  Yes, you can configure your ASA to support the AnyConnect VPN IPSec connections and at the same time.  In short, for the configuration of IPSec, you should configure at least a strategy ISAKMP, a set of IPSEC, encryption, tunnel group card processing and associated group policy.

  Matt

• Prevented by a group policy for the new usb keyboard driver installation

  Try to install the new keyboard (USB) but get the "group policy has prevented these drivers to install" or which nearby. No matter how lucky it is a value for default "Group Policy Editor"or a repair/reinstall of windows will do? ".

  Lee

  Which edition of Windows 7 are you running?

  If its Windows 7 Professional, Enterprise Edition or Ultimate, try the following:

  Press Windows key + R on your keyboard.

  type: gpedit.msc

  Press enter on your keyboard

  ---------------

  Under Computer Configuration, expand Administrative Templates

  Expand Windows components

  Select Windows Installer

  In the right pane, select "Disable Windows Installer"

  Double click on it

  Make not configured is selected, and then click on apply and OK

  Exit group policy

  Restart your computer

• Disable the Group Policy registry change

  Initially, I was surprised that, by default, run the Publisher of the registry (regedit) under a standard user account does not have administrative credentials.

  Then I realized that if the administrative credentials are required for editing the registry, virtually all configuration changes would require a command prompt. Also, I learned that UAC controls only the registry keys it considers administrative. Thus, for example, standard users can edit and create the registry keys under HKEY_CURRENT_USER, but no other hives.

  All well and good, but I want to disable my standard user 10 year of directly editing the registry.

  At work, we have Win7 enterprise. I'm a standard user to work and I can't even open the registry editor. I get a message "registry editing has been disabled by your administrator". I assume that there is a group policy setting.

  At home we have Win 7 Professional, which is the Group Policy Editor. Can I create a policy to prevent standard users to start the registry editor, and perhaps for the same message, I see at work?

  This link explains how to activate in windows 7 home premium and lower group policy editor.

  This comment (by Fritz) asks how to do from a programming perspective.

  Sorry, wrong link. Here's the good:
  http://www.Microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=18c90c80-8b0a-4906-a4f5-ff24cc2030fb#Filelist

• Windows 7 Home Premium equivalent Group Policy Editor

  Hello, I need help with a problem regarding the ability to restrict access to the application to another user on my computer. For some reason any Microsoft does not Group Policy Editor in Windows 7 Home Premium. I need to restrict the access of another user to all .exe files, with the exception of a small list of allowed applications. I would also like to be able to restrict access to control the Panel and all other files and folders. I still need to be able to access all applications and files of my administrator account.

  Hello

  Yes there are other ways around the problem, although the easiest by far would be to
  upgrade to Pro and use Group Policy.

  You may activate just of Panel as needed. for your administrator account.

  Or use a file fighting to move or rename the fichiers.cpl you don't want to do
  be able to run. Restrict access to where you put the files.

  This checklist:

  http://social.technet.Microsoft.com/forums/WindowsServer/en-us/bba4931b-7f55-4104-a1a9-ca5ab18e8cba/stop-user-access-to-control-panel?Forum=winserverGP

  Rob - SpiritX

• Clients vpn AnyConnect and cisco using the same certificate

  Can use the same certificate on the ASA client Anyconnect and cisco vpn ikev1-2?

  John.

  The certificate is to identify a user/machine rather than the Protocol, then Yes, generally 'yes' you can use the same certificate for SSL/IKEv1/IKEv2 connections.

  What you need to take care of, it's that said certificate is fulliling Elements of the Protocol, for example implmentations IKEv2 is 'necessary' particular KU are defined and client-server-auth/auth EKU are defined on the certificates.

  M.

• Uninstall IE and set another web browser such as Chrome and FireFox by default by using Group Policy

  Hello

  Please someone can instruct me on how to uninstall IE and set another web browser such as Chrome and FireFox by default by using Group Policy. Your help would be much appreciated.

  Kind regards

  RocknRollTim

  Hi Tim,.

   

  Thanks for posting your query in Microsoft Community.

  I wish to inform you that, group policy can only be changed if you are using Windows 7 Professional on your computer.

   
  Referring to your other posts, I see that your computers are on a domain network, we have a specific forum for the computers in the domain and they are experts in this field of investigation and would be in a better position to address the concerns. So refer to the link below and post your query on the TechNet Forums.
  https://social.technet.Microsoft.com/forums/en-us/home
   
  Hope this information helps, just answer for all the help on Windows.

• Impossible to replace and update a file in the client computers through Group Policy preferences

  Hello

  I am unable to replace and update a file in the client computers through Group Policy preferences.

  For example,.

  I am trying to replace and update a custom calendar file (c:\Program Files\Microsoft Office\Office12\1033\outlook.hol)to client computers through Group Policy ptreferences (political group: computer configuration\group policy setting \file preference\windows).) But it is not updated and replaced in client computers.

  Could you please help me on this?

  THnaks

  Srinivasan

  Hello

  Your question of Windows 7 is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the public on the TechNet site. Please post your question in the following link for assistance:

  http://social.technet.Microsoft.com/forums/en/winserverGP/threads

• Local administrator account and issue of local Group Policy permissions problem.

  You have a local administrator account where it was defined

  http://img26.imageshack.us/img26/5716/18112010133154.PNG

  I think preventing the admin account to remove or install devices.  This causes a problem.  Looks like it's AD GP as is grayed out and I can't add locally.  The network team claim there is no GPs AD to limit the admin account local they know of.

  Also, I try to use the process on the machine monitor, but who needs administrator rights and he repeats that the local administrator account is not a member of the Administrators group, but it is.

  Any ideas?  Even if it's just he Process Monitor bit setting?

  And looking at the photo can someone explain which means that icon next to load and unload device drivers.  It is different from the others and think that it is linked, may be trying to tell me that it is a strategy of AD Group.

  I talked to the networks, they said there is not together AD GP for this.  I used the local administrator account to create a new local administrator account and put it in the Administrators group.  Connected to it and it also has the same problem.

  Any ideas?

  The symbol, that you reference indicates that the setting has been locked by group policy and is not editable.  When I saw it in the past, the only way I could replace, it is using "secedit".  For more information about this command:
  Starting-> help and support-> Search: Secedit

  "Elephant Gun" approach might also work:

  "How to restore the security settings the default settings?
    <>http://support.Microsoft.com/kb/313222 >

  HTH,
  JW

• On a windows 2000 Server computer how to configure Group Policy to prevent my students to always change the desktop background and screen saver? __I want to set a screen saver and corporate logo.

  The server is a standard computer on Windows 2000 server and the workstations are XP.  We will be upgrading our servers next year, but for now I have to use what I have.  I do not know true with Windows 2000 Server Edition.

  You have posted in a forum for issues of office and customization for the Windows XP operating system. Your question has to do with Windows Server and group policy. Here's a great site to help you with your server issues:

  http://www.Petri.co.il

  Questions on group policy can be asked in the TechNet forums or in the Group Policy newsgroup:

  In a News Reader: microsoft.public.windows.group_policy
  On the web: http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?dg= microsoft.public.windows.group_policy

  http://social.technet.Microsoft.com/forums/en/categories/ MS - MVP - Elephant Boy computers - don't panic!

• By default, the settings change Local Group Policy Editor

  Original title: gpedit.msc

  I tried also to install windows media player 10 on my Vista laptop to business. I went into the local Group Policy Editor, gpedit.msc and Expand "Administrative Templates", then expand "Windows components", then expanded "Application compatibility", then I activate what was down there.

  I then started my machine and a program called ObjectDock would not work for me... What I want to know is the default settings of what I changed, I can change them back for ObjectDock works again

  Hi allenmitchell2006,

  Windows media player 11 is already included in Windows Vista and it is not possible to download Windows media player 10 on Vista Business.

  In order to solve the problem of the Group Policy Editor, you can try a system restore to a previous point where you have not experienced the problem.

  Note: When you perform the system restore to restore the computer to a previous state, programs and updates that you have installed are removed.

  To run the system restore, you can consult the following link:

  System restore

  http://Windows.Microsoft.com/en-us/Windows-Vista/what-is-system-restore

  System Restore: frequently asked questions

  http://Windows.Microsoft.com/en-us/Windows-Vista/system-restore-frequently-asked-questions

  Hope this information is useful.

  Jeremy K
  Microsoft Answers Support Engineer
  Visit ourMicrosoft answers feedback Forumand let us know what you think.

  If this post can help solve your problem, please click the 'Mark as answer' or 'Useful' at the top of this message. Marking a post as answer, or relatively useful, you help others find the answer more quickly.

• In Printer preferences group policy: printer appears but does not define itself by default

  People,

  I have my shared network printer installation group policy preferences. I have ensured that the Restrictions point and print are disabled in the parts of the user and the police computer. Each preference has a targeting rule that identifies computer names to apply this printer too and also users run in the security context is selected, both the game as default printer checkbox is checked. Mappings check only 1 printer is defined as the default value with pc.

  When a computer maps the printer on the initial user connection (IE when their roaming profile is created), it appears in the list of available printers and devices, but it is not defined by default. It gives an error when you try manually set as default: 0 x 00000709. I looked into the case of the newspapers that I see that the reason is not defined:

  The following information is part of the event: user, , printers by default {AA8B60B5-0555-45BD-9A8F-FAFA4D3DB7D8}, 0 x 80070709 the name of the printer is invalid...

  I looked at the registry of the user and NO connection string is displayed in HKCU\Printers, as I expect the error!

  If I then remove the printer from the list by right-clicking and choosing to remove the instrument and then type GPUPDATE to refresh policies, the printer is remapped and made the value by default as I expect. Once this has been done the printer seems to work for subsequent connections by the same user.

  If you don't remove this error persists.

  Anyone know what is happening because of the initial connection to fail map the printer properly?

  Thanks for any help,

  Martin Searle

  Developer of desktop platforms

  University of Kent, UK

  Hello

  The link below is better suited for your question on the preferences of the printer in a group.

  Please post your query on the printer preferences in a group by clicking on the link below:

  http://social.technet.Microsoft.com/forums/en-us/w7itpronetworking/threads

  I hope this helps!