[gptalk] Re: Remote Policy

  • From: Darren Mar-Elia <darren@xxxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Wed, 19 Sep 2007 15:50:50 -0800

Doug, et al-
I will add that the other solution here that is a commercial one. My 
company--SDM Software, has something called the GPExpert Scripting Toolkit for 
PowerShell (www.sdmsoftware.com/products2.php). Essentially what it is is a 
scripting interface into GP Settings, and it can effect both domain and local 
GPOs and can be run remotely or on the local box.

That being said, you can distribute reg. files but keep in mind that, for 
reasons I won't go into now, if you don't use GP admin. template policy to 
actually distribute the changes, then GP doesn't know that they are there, and 
they would essentially be tattooing the registry, even though they are on 
policy keys. THis has to do with the way GP handles the removal of policies in 
the first place.

Darren


-----Original message-----
From: "Nelson, Jamie R Contr 72 CS/SCBAF" Jamie.Nelson.ctr@xxxxxxxxxxxxx
Date: Wed, 19 Sep 2007 15:40:35 -0400
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Remote Policy

> FYI. You can technically do this for any admin template configurable
> settings, as they are just registry entries. However, involving the end
> user in this process kind of defeats the entire purpose of Group Policy.
> Some other means of distributing (SMS, PsExec) would make much more
> sense.
> 
> Regards,
> Jamie Nelson
> 
> 
> -----Original Message-----
> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
> On Behalf Of Nelson, Jamie R Contr 72 CS/SCBAF
> Sent: Wednesday, September 19, 2007 2:31 PM
> To: gptalk@xxxxxxxxxxxxx
> Subject: [gptalk] Re: Remote Policy
> 
> In that case there is not much you can do via Group Policy itself. If
> the firewall settings are the only thing you "really" need, just export
> the HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall registry key from a
> LAN workstation that is receiving the policy and distribute it via other
> means (e-mail, file share) to your remote users in the form of a .reg
> file. This would only work, though, if they have the local admin rights
> required to change that area of the registry.
> 
> It's not really the proper way to do things, but it should work.
> 
> Regards,
> Jamie
> 
> 
> -----Original Message-----
> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
> On Behalf Of Delaney, Doug
> Sent: Wednesday, September 19, 2007 2:19 PM
> To: gptalk@xxxxxxxxxxxxx
> Subject: [gptalk] Re: Remote Policy
> 
> Understood, but General Motors will not allow replacement of the msgina.
> Therefore, the VPN solution cannot change that approach
>  
> 
> Doug Delaney
> EDS - Integration Engineering-GM
> GM Desktop Engineering
> 1075 W. Entrance Dr., MS 2B, Cube 2130
> Auburn Hills, MI 48326
> Lab: 248-365-9187
> Tel: 248-754-7917
> Pg: 248-870-0306 pager
> Mail: Doug.Delaney@xxxxxxx <mailto:Doug.Delaney@xxxxxxx>  
> Note: The information in this email is intended solely for the
> addressee. Access to this email by anyone else is unauthorized. If you
> are not the intended recipient, any disclosure, copying, distribution or
> any action taken or omitted to be taken in reliance on it is prohibited.
> 
>  
> 
> 
> ________________________________
> 
>       From: gptalk-bounce@xxxxxxxxxxxxx
> [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Odiorne, Derek
>       Sent: Wednesday, September 19, 2007 3:13 PM
>       To: gptalk@xxxxxxxxxxxxx
>       Subject: [gptalk] Re: Remote Policy
>       
>       
> 
>       Cisco, for example, has an option to start the vpn before logon.
> By doing it this way the users will run Group Policy Object's when
> logging on.
> 
>        
> 
>       ----------------------------
> 
>       Derek A. Odiorne
> 
>       574-245-1487
>       -----------------------------
>       Need help now?
>       http://intranet/techserv/technologyserv.htm
> <http://intranet/techserv/technologyserv.htm> 
> 
>       
> ________________________________
> 
> 
>       From: gptalk-bounce@xxxxxxxxxxxxx
> [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Delaney, Doug
>       Sent: Wednesday, September 19, 2007 3:07 PM
>       To: gptalk@xxxxxxxxxxxxx
>       Subject: [gptalk] Remote Policy
> 
>        
> 
>       Hi all, 
> 
>       Is anyone aware of any free tools available for the remote
> distribution of a GPO policy? 
> 
>       Here is our situation.  We have a couple thousand users who
> connect via VPN only.  They connect after boot-up and cached credential
> logon to windows.  Therefore, policies never apply during startup or
> logon.  We have a need to administer the XP firewall (among other
> things), and are having a very difficult time finding a solution.  Many
> of these users are 8 hours away from a building where they can connect
> via a local LAN to get policies.
> 
>       Any guidance is greatly appreciated. 
> 
>       Doug Delaney
>       EDS - Integration Engineering-GM
>       GM Desktop Engineering
>       1075 W. Entrance Dr., MS 2B, Cube 2130
>       Auburn Hills, MI 48326
>       Lab: 248-365-9187
>       Tel: 248-754-7917
>       Pg: 248-870-0306 pager
>       Mail: Doug.Delaney@xxxxxxx <mailto:Doug.Delaney@xxxxxxx>  
>       Note: The information in this email is intended solely for the
> addressee. Access to this email by anyone else is unauthorized. If you
> are not the intended recipient, any disclosure, copying, distribution or
> any action taken or omitted to be taken in reliance on it is prohibited.
> 
>        
> 
> ***********************
> You can unsubscribe from gptalk by sending email to
> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
> by logging into the freelists.org Web interface. Archives for the list
> are available at http://www.freelists.org/archives/gptalk/
> ************************
> ***********************
> You can unsubscribe from gptalk by sending email to 
> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
> logging into the freelists.org Web interface. Archives for the list are 
> available at http://www.freelists.org/archives/gptalk/
> ************************

***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: