Shane, http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/gp/341.mspx?mfr=true That is where the option is that Darren was talking about. Thanks Mike On Feb 13, 2008 11:58 AM, Shane Williford <shane.williford@xxxxxxxxxx> wrote: > There is no checkbox anywhere that I can see under -> Users -> Windows -> > IE Maintenance. I have 'Browser User Interface', 'Connection', 'URL', > 'Security', & 'Program' settings…none of which has that option in it. L > > > ------------------------------ > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Darren Mar-Elia > *Sent:* Wednesday, February 13, 2008 10:49 AM > > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: GPO applicability when not connected to a > network/domain > > > > Under that policy, within IE Maintenance Processing, there is a check box > to say, process even if the GPOs have not changed. > > > > Darren > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Shane Williford > *Sent:* Wednesday, February 13, 2008 8:47 AM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: GPO applicability when not connected to a > network/domain > > > > How do I set my IE Maintenance GP to force a refresh? I do have a setting > in one of my group policies at the domain level (Computer Config -> Admin > Templates -> System -> Group Policy) to refresh every 15 minutes; is that > what you're refering to? (I assume not)… > > > ------------------------------ > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Darren Mar-Elia > *Sent:* Wednesday, February 13, 2008 10:34 AM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: GPO applicability when not connected to a > network/domain > > > > > > > > *From:* tools@xxxxxxxxxx [mailto:tools@xxxxxxxxxx] > *Sent:* Wednesday, February 13, 2008 8:30 AM > *To:* 'gptalk@xxxxxxxxxxxxx' > *Subject:* RE: [gptalk] Re: GPO applicability when not connected to a > network/domain > > > > You're correct—policies don't refresh unless there is a change, or unless > you modify this default behavior by forcing a refresh on every processing > cycle. I know some people that do this for IE Maintenance policy as a matter > of course because its so flaky. So, yes, if your users wanted, they could > undo their proxy while at work with that reg file. Though presumably they > would not be able to get internet access if they did that? > > > > Darren > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Shane Williford > *Sent:* Wednesday, February 13, 2008 8:20 AM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: GPO applicability when not connected to a > network/domain > > > > Darren, > > In regards to the issue I have below, let me ask this – I have created a > .reg file for my laptop users to run that will disable proxy settings while > not on the network (e.g. for when they're at home). The danger in doing > this of course is the fact they may run it while at work, thus disabling the > GPO proxy settings I have. My question is this: if from what I've read on > your site and seen in numerous dialogs is correct, GPs don't 'refresh' ( > i.e reapply) every so often, UNLESS they change…is that correct? So, if my > laptop users were to do something ignorant like run this reg file I created > while at work, their IE Proxy settings would remain disabled until they > rebooted? (or does a simple log-off refresh policies?) > > > Thanks. > > Shane > > > ------------------------------ > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Darren Mar-Elia > *Sent:* Tuesday, February 12, 2008 6:22 PM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: GPO applicability when not connected to a > network/domain > > > > Right. GP settings do stick. They are not unapplied when the machine is > not on the domain, by design. So there is no way, using GP, to have them > un-apply when the machine is not in contact with a DC. > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Shane Williford > *Sent:* Tuesday, February 12, 2008 4:18 PM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: GPO applicability when not connected to a > network/domain > > > > Darren, > > Thank you for the quick reply. OK, so let me see if I got this straight - > you're saying that GP does NOT apply if a computer (in this case, a laptop) > is not connected to a domain (and thus authenticating to a DC)? For me, > that's is exactly what I want. But, what I gather is that the GP settings > that applied while connected to the domain "stick"? (I think I read that > somewhere in your FAQs...those are awesome, btw) > > > > Yeah, I didn't want to have to script something, if possible. Our last > proxy setup was done that way and I wanted to 'clean up' our log-in script, > so I removed the proxy settings. I may have to go back to that, which isn't > a horrible thing, but certainly not how I prefer as I'm not a scripting guru > by any means. > > > > Shane > > > > -----Original Message----- > *From:* gptalk-bounce@xxxxxxxxxxxxx on behalf of Darren Mar-Elia > *Sent:* Tue 2/12/2008 5:41 PM > *To:* gptalk@xxxxxxxxxxxxx > *Cc:* > *Subject:* [gptalk] Re: GPO applicability when not connected to a > network/domain > > Shane- > > Thanks for joining the list. Unfortunately, I don't have good news for > you. Policy is not applied if a computer is not in contact with a DC. So, > there is no way (other than Windows Firewall profiles) to have conditional > policies in effect based on being on or off the network. Even mucking with > the local GPO won't work for domain joined PCs because if those PCs are not > in contact with a DC, they simply ignore any changes you try to make to the > local GPO (to preserve domain precedence). > > > > Sorry about that. One thing you can probably do is write a script that > enables and disables the proxy and put a shortcut to it on their desktop, > with instructions to use it when they are at home. I've done that sort of > thing in the past and, while not elegant, works. > > > Darren > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Shane Williford > *Sent:* Tuesday, February 12, 2008 1:45 PM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] GPO applicability when not connected to a > network/domain > > > > "GPO Guy", > > Thank you for the great website!...VERY informative! > > > > I was wondering if you could lead me to the Microsoft documentation (and > if you could answer) explaining if GPOs get applied to computers (laptops) > not connected to a domain/network. I have set some IE settings for our > organization, and have a group that use laptops and work remotely (from > home) at times. I want them to be able to not have the proxy configurations > while not connected to the network. Is there a way to configure GP to not > apply when not connected to the network (other than creating a local policy > setting for IE)? > > > Thanks for all your help! > > > > Shane M. Williford > > Systems Administrator > > MCSE, MCSA Sec, Sec+, Net+, A+ > > Mazuma Credit Union > > shane.williford@xxxxxxxxxx > > 816-361-4194 x6012 > > > > Notice: The information transmitted in this e-mail may contain > confidential and/or legally privileged information intended only for the use > of the individual(s) named above. Review, use, disclosure, distribution, or > forwarding of this information by persons or entities other than the > intended recipient(s) is prohibited by law and may subject them to criminal > or civil liabilities. Statements and opinion expressed in this e-mail may > not represent those of Mazuma Credit Union. All e-mail communications > through Mazuma's corporate email system are subject to archiving and review > by someone other than the recipient. If you have received this communication > in error, please notify the sender immediately and delete/destroy any and > all copies of the original message from any computer or network system. > >