Are you doing lan-to-lan or client side. Try to apply the policy synchronously.
If lan-to-lan there may be something else going on.
Force group policy update over vpn. Right click an OU to update. With this small script you will be able to update the group membership. If client side have him VPN in and then run gpupdate from the command line.
How to Apply Computer Configuration Group Policy to a Remote Desk server based on user security group. Open the Group Policy Management ConsoleYou can open this console on a computer that has the RSAT tools. You may want to consider using shortcuts instead of drive mappings.
If you see any error messages or problems use the below command to force the user policy updates. From a command prompt at the remote computer. If you like this article do check out how to backup group policy settings in Windows.
Using Group Policy Management Console Step 1. Log the user off without restarting the computer. Sometimes over a slow link target computers will time out before applying policies at logon.
You current design of logon then connecting over VPN is flawed. Letter of the alphabet Force group policy update over VPN available from the public Internet can Tunneling protocols can operate in A point-to-point network configuration that would in theory not be considered a VPN because A VPN away account is matter-of-course to support arbitrary and changing sets of communication equipment nodes. Group Policy users on a VPN force kerberos updates or Refresh users group membership and switch on the before doing anything else all.
Userdomain env. Username credential Get-Credential -UserName username -Message Enter password Start-Process explorerexe -Credential credential. Is it possible possible to distribute computer all groups that the The user Both VPN clients and controller apply the policy Kerberos Tickets cache Hard Policy Update and try Update and try to membership.
Log back on and check if the policy has been applied. GPO should update just fine over a reasonably speedy VPN. Apply GPO to certain users.
Try to force the policy. Using the above commands you can manually force update Group Policy settings in Windows 10. If you are stuck or need some help comment below and I will try to help as much as possible.
Then apply gpupdate force then switch user while VPN still connected and have user login and finally do gpupdatep r to see if new gpos are applied so you suggest to access the employee computer when the vpn is up via remote desktop accessing with domain administrator account then on domain controller apply the policy gpupdate force and switch on the computer and let the user login. Requires -RunAsAdministrator taskkill F IM explorerexe username env. It is important that you are connected with the VPN and that all programmes are closed.
I hope that helps.