There are times when Active Directory (AD) group policies do not get updated immediately on a system when connecting with Mobility if Unattended mode is not being used. If a user logs onto the system with cached credentials, or if the tunnel is not completely set up when the group policy update is attempted, the policy will not successfully run. If the latter is the case, Unattended mode will not resolve this issue itself. A work around for this issue is to use Mobility Policy Module to execute a command that refreshes the AD group policy.
When logging onto a system, AD group policies do not run.
Create a rule set using Policy Management that contains the following rule:
When the server is reachable for 15 seconds
Run GPUPDATE /FORCE once per session
Device authentication is a better approach-- see the following topics in the v11.70 Mobility server help: