mailing list archives
Re: Windoze GPO Question
From: "Nikhil Wagholikar" <visitnikhil () gmail com>
Date: Tue, 11 Nov 2008 09:45:09 +0530
Hello Jon Kibler,
I am in total agreement with Steve Armstrong.
Its a good idea to create a separate OU for laptop users (may be a
roaming profile) that have permissions to apply other DHCP settings or
basically change their Network settings.
If your client has remote access (say VPN connectivity to their local
network), then roaming profile is best solution. Let the sales team
login to the domain instead of "This computer".
Practice Lead | Security Assessment & Digital Forensics
Security Products: http://www.niiconsulting.com/products.html
On Tue, Nov 11, 2008 at 1:54 AM, Jon Kibler <Jon.Kibler () aset com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
This may be slightly off topic, but I have a question about GPO scope.
I have a client that has a bunch of sales people who have laptops. When
they come into their office, they login to the domain. When they are on
the road, they login to 'this computer.'
The problem that the client is seeing has left me scratching my head
about how GP works. What is happening is the client has recently set
some new group policies that do things like specify which name servers
and other network resources a given OU is to use. Now, when these
laptops are taken on the road and the user tries to get Internet access,
it fails. Why? Because the GPO settings are overriding the DHCP settings
on 'this computer'.
What I don't understand is why DOMAIN OU GPOs are being applied outside
the scope of the domain. If you are not logging into the domain, why are
the domain GPOs in effect? This doesn't make sense. Has my client
somehow misconfigured AD?
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.
- RE: Windoze GPO Question, (continued)