Enviremental information: Windows Domain with 3 2012 R2 Domain Controlers.
I am trying to build a Windows 8.1 in kiosk mode, only a browser with access to specific websites.
With the help of GPO - partially with user settings and GPO Loopback Processing enabled - i made Internet Explorer (with -k option -> fullscreen Kiosk mode) the Custom User Interface, so there will be no Windows Explorer, just IE, most Windows shortcuts won't work, windows key on keyboard is enabled. The user (Domain Account in group "Domain Guests") is loged in automaticaly. On the computer, i removed the "Domain Users" group from users, and added the kiosk user directly.
This works fine, as long as the computer is online. When i unplug the network cable, windows is booting the explorer instead of the custom user interface, and the task that should run in the background - also configured via GPO - are not started. I can see all the settings, i.e. the registry key for the Custom User Interface is set to IE Kiosk mode, so Windows should know all the settings... but they are just ignored, as long as the computer is not connected to our DC!
This is not only a problem with this kiosk computer - i always tought that GPOs are cached AND executed localy, so i.e. a laptop will get the settings from our DC while in our network, an when the Laptop leaves the building and the user is working on the train, our settings should still be applied! Am i wrong? Or what am i doing wrong?
EDIT:
Tried without Loopback Processing, without success. Disabled Loopback Processing -> no User Settings after a reboot - just as expected. created a new GPO for the USER, linked it, enabled it -> Reboot, and the user settings are applied. BUT: Reboot without network connection, and the settings are not applied.
EDIT2:
Some more tests, and it seams as if the Computer Settings are applied properly, but the User Settings are ignored. They even vanishe from the registry (i am shure that this did not happen before...).
After some more testing, finaly the settings are still beeing applied offline.
The problem seems to be to "DOmain Guest" Group. I wanted to prevent this user to login to other machines on our campus, because in order to achieve auto logon, i had to put the plaintext password in the registry. This is why i removed the user from the "Domain Users" group and added him to the "Domain Guest" group. Then i added the user himself to the "Power Users" Group and for testing also the "Users" group on the local machine. Both didn't work, only after i added the user to "Domain Users" group the policys were applied after a reboot and without connection to the DC. Strange.