Home page logo

basics logo Security Basics mailing list archives

Re: Windoze GPO Question
From: "Jorge L. Vazquez" <jlvazquez825 () gmail com>
Date: Mon, 10 Nov 2008 18:22:57 -0500

my assumption is that the old domain settings are still in effect, which
  when they login locally need to be refreshed... also if I'm not
mistaken  they will need admin rights to refresh domain policy....and
yes when you join a machine to the domain, domain GP takes precedence
over local policy as they are applied after local policy, that been said
if the computer is a member of an ou in AD and the admin setup internet
explorer settings like proxy etc.... he won't be able to connect to the
internet when outside of network unless user refresh policy first...

hope it helps
Jon Kibler wrote:

This may be slightly off topic, but I have a question about GPO scope.

I have a client that has a bunch of sales people who have laptops. When
they come into their office, they login to the domain. When they are on
the road, they login to 'this computer.'

The problem that the client is seeing has left me scratching my head
about how GP works. What is happening is the client has recently set
some new group policies that do things like specify which name servers
and other network resources a given OU is to use. Now, when these
laptops are taken on the road and the user tries to get Internet access,
it fails. Why? Because the GPO settings are overriding the DHCP settings
on 'this computer'.

What I don't understand is why DOMAIN OU GPOs are being applied outside
the scope of the domain. If you are not logging into the domain, why are
the domain GPOs in effect? This doesn't make sense. Has my client
somehow misconfigured AD?


Jon Kibler

Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]