[gptalk] Re: GPO applicability when not connected to a network/domain

• From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
• To: <gptalk@xxxxxxxxxxxxx>
• Date: Tue, 12 Feb 2008 16:22:29 -0800

Right. GP settings do stick. They are not unapplied when the machine is not
on the domain, by design. So there is no way, using GP, to have them
un-apply when the machine is not in contact with a DC.

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Shane Williford
Sent: Tuesday, February 12, 2008 4:18 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO applicability when not connected to a
network/domain

 

Darren,

Thank you for the quick reply. OK, so let me see if I got this straight -
you're saying that GP does NOT apply if a computer (in this case, a laptop)
is not connected to a domain (and thus authenticating to a DC)? For me,
that's is exactly what I want. But, what I gather is that the GP settings
that applied while connected to the domain "stick"? (I think I read that
somewhere in your FAQs...those are awesome, btw)

 

Yeah, I didn't want to have to script something, if possible. Our last proxy
setup was done that way and I wanted to 'clean up' our log-in script, so I
removed the proxy settings. I may have to go back to that, which isn't a
horrible thing, but certainly not how I prefer as I'm not a scripting guru
by any means.

 

Shane

 

-----Original Message----- 
From: gptalk-bounce@xxxxxxxxxxxxx on behalf of Darren Mar-Elia 
Sent: Tue 2/12/2008 5:41 PM 
To: gptalk@xxxxxxxxxxxxx 
Cc: 
Subject: [gptalk] Re: GPO applicability when not connected to a
network/domain

Shane-

Thanks for joining the list. Unfortunately, I don’t have good news for you.
Policy is not applied if a computer is not in contact with a DC. So, there
is no way (other than Windows Firewall profiles) to have conditional
policies in effect based on being on or off the network. Even mucking with
the local GPO won’t work for domain joined PCs because if those PCs are not
in contact with a DC, they simply ignore any changes you try to make to the
local GPO (to preserve domain precedence).

 

Sorry about that. One thing you can probably do is write a script that
enables and disables the proxy and put a shortcut to it on their desktop,
with instructions to use it when they are at home. I’ve done that sort of
thing in the past and, while not elegant, works.


Darren

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Shane Williford
Sent: Tuesday, February 12, 2008 1:45 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] GPO applicability when not connected to a network/domain

 

“GPO Guy”,

Thank you for the great website!...VERY informative!

 

I was wondering if you could lead me to the Microsoft documentation (and if
you could answer) explaining if GPOs get applied to computers (laptops) not
connected to a domain/network. I have set some IE settings for our
organization, and have a group that use laptops and work remotely (from
home) at times. I want them to be able to not have the proxy configurations
while not connected to the network. Is there a way to configure GP to not
apply when not connected to the network (other than creating a local policy
setting for IE)?


Thanks for all your help!

 

Shane M. Williford

Systems Administrator

MCSE, MCSA Sec, Sec+, Net+, A+

Mazuma Credit Union

shane.williford@xxxxxxxxxx

816-361-4194 x6012

 

Notice: The information transmitted in this e-mail may contain confidential
and/or legally privileged information intended only for the use of the
individual(s) named above. Review, use, disclosure, distribution, or
forwarding of this information by persons or entities other than the
intended recipient(s) is prohibited by law and may subject them to criminal
or civil liabilities. Statements and opinion expressed in this e-mail may
not represent those of Mazuma Credit Union. All e-mail communications
through Mazuma's corporate email system are subject to archiving and review
by someone other than the recipient. If you have received this communication
in error, please notify the sender immediately and delete/destroy any and
all copies of the original message from any computer or network system. 

• Follow-Ups:
  • [gptalk] Re: GPO applicability when not connected to a network/domain
    • From: Shane Williford

• References:
  • [gptalk] GPO applicability when not connected to a network/domain
    • From: Shane Williford
  • [gptalk] Re: GPO applicability when not connected to a network/domain
    • From: Darren Mar-Elia
  • [gptalk] Re: GPO applicability when not connected to a network/domain
    • From: Shane Williford

Other related posts:

• » [gptalk] GPO applicability when not connected to a network/domain
• » [gptalk] Re: GPO applicability when not connected to a network/domain
• » [gptalk] Re: GPO applicability when not connected to a network/domain
• » [gptalk] Re: GPO applicability when not connected to a network/domain
• » [gptalk] Re: GPO applicability when not connected to a network/domain
• » [gptalk] Re: GPO applicability when not connected to a network/domain
• » [gptalk] Re: GPO applicability when not connected to a network/domain
• » [gptalk] Re: GPO applicability when not connected to a network/domain
• » [gptalk] Re: GPO applicability when not connected to a network/domain
• » [gptalk] Re: GPO applicability when not connected to a network/domain
• » [gptalk] Re: GPO applicability when not connected to a network/domain
• » [gptalk] Re: GPO applicability when not connected to a network/domain
• » [gptalk] Re: GPO applicability when not connected to a network/domain
• » [gptalk] Re: GPO applicability when not connected to a network/domain
• » [gptalk] Re: GPO applicability when not connected to a network/domain
• » [gptalk] Re: GPO applicability when not connected to a network/domain
• » [gptalk] Re: GPO applicability when not connected to a network/domain

1. Home
2. gptalk
3. Archive
4. 02-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---