mailing list archives
Re: Windoze GPO Question
From: Christopher <c.boggs () gmail com>
Date: Mon, 10 Nov 2008 16:57:24 -0600
OK, I take that back. The settings I was talking about (Domain and
Standard profile) only allow you to configure the Windows Firewall
settings, so they won't be much help to you.
Regardless, your client's problems seem to be that they have
configured settings under Computer Configuration, which applies to the
computer regardless of who is logged in. These settings have to be
applied to an OU that contains the Computer accounts.
The only thing I can think of that would help in this situation, is
the "Alternate Configuration" settings for TCP/IP under the properties
of the Network Connection. That could be used as an alternate
'off-site' config, setup for DCHP or something.
On Mon, Nov 10, 2008 at 4:47 PM, Christopher <c.boggs () gmail com> wrote:
Computer configuration policies still apply even when you're logging
in locally. There are some GPO options, however, that will allow you
to specify seperate settings (like firewall, etc.) for when a computer
is on the domain network or when it can't contact the domain
controller, but I don't have them handy.
On 11/10/08, Jon Kibler <Jon.Kibler () aset com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
This may be slightly off topic, but I have a question about GPO scope.
I have a client that has a bunch of sales people who have laptops. When
they come into their office, they login to the domain. When they are on
the road, they login to 'this computer.'
The problem that the client is seeing has left me scratching my head
about how GP works. What is happening is the client has recently set
some new group policies that do things like specify which name servers
and other network resources a given OU is to use. Now, when these
laptops are taken on the road and the user tries to get Internet access,
it fails. Why? Because the GPO settings are overriding the DHCP settings
on 'this computer'.
What I don't understand is why DOMAIN OU GPOs are being applied outside
the scope of the domain. If you are not logging into the domain, why are
the domain GPOs in effect? This doesn't make sense. Has my client
somehow misconfigured AD?
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.
Sent from my mobile device