i'm not sure where to post this but I thought i'd try here first.
scenario: i'm a subdivision of a larger company. I have my own windows domain which has no knowledge of the parent company's domain. the parent company owns the network equipment and is implementing network access control on the switches. our workstations have juniper's odyssey clients doing the NAC verification. problem is with windows 7 machines.
in group policy, I have "always wait for network" configured. I also have group policy preferences mapping several drives with a "replace" action.
a bootup goes basically like so:
1 nic starts
2. switch puts the connected port into a "quarantine" vlan
3. odyssey client verifies computer is OK for core subnet
4. switch changes the vlan of the connected port to the core subnet
5. nic is now on "my" network.
this all usually happens pretty quickly, but the problem is that the "always wait for network" setting stops waiting after step 2, when the nic has layer three connectivity to *a* network, just not the *right* network. so the user gets the CTRL+ALT+DEL screen early. logs right in, with cached credentials because it has no domain connectivity, group policies don't run, all the mapped drives left over from the last session have red Xs on them and a balloon popup says "could not reconnect all network drives."
this is alleviated if I disable cached credentials on the machines, of course, but for various reasons we are reluctant to do that. yet. i also get funny looks from executives when i tell them to count to 60 after they see the ctrl+alt+del screen. this did not happen with xp, i'm guessing because xp waited longer to let users log in while windows 7 presents "quicker" bootup times and does a lot of stuff in the background after I log in.
bottom line:
is there a way to delay the ctrl+alt+delete screen for a fixed amount of time *after* network connectivity?
is there a way to delay the ctrl+alt+delete screen until the machine detects *domain* connectivity?
is there a way to customize the "there are no logon servers available to service your request" error message for when I eventually cave and disable cached credentials?