[gptalk] Re: Remote Policy

  • From: "Delaney, Doug" <doug.delaney@xxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 19 Sep 2007 15:58:09 -0400

Darren,

Understood, thank you. 


Doug Delaney
EDS - Integration Engineering-GM
GM Desktop Engineering
1075 W. Entrance Dr., MS 2B, Cube 2130
Auburn Hills, MI 48326
Lab: 248-365-9187
Tel: 248-754-7917
Pg: 248-870-0306 pager
Mail: Doug.Delaney@xxxxxxx 
Note: The information in this email is intended solely for the
addressee. Access to this email by anyone else is unauthorized. If you
are not the intended recipient, any disclosure, copying, distribution or
any action taken or omitted to be taken in reliance on it is prohibited.


-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Wednesday, September 19, 2007 7:51 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Remote Policy

Doug, et al-
I will add that the other solution here that is a commercial one. My
company--SDM Software, has something called the GPExpert Scripting
Toolkit for PowerShell (www.sdmsoftware.com/products2.php). Essentially
what it is is a scripting interface into GP Settings, and it can effect
both domain and local GPOs and can be run remotely or on the local box.

That being said, you can distribute reg. files but keep in mind that,
for reasons I won't go into now, if you don't use GP admin. template
policy to actually distribute the changes, then GP doesn't know that
they are there, and they would essentially be tattooing the registry,
even though they are on policy keys. THis has to do with the way GP
handles the removal of policies in the first place.

Darren


-----Original message-----
From: "Nelson, Jamie R Contr 72 CS/SCBAF" Jamie.Nelson.ctr@xxxxxxxxxxxxx
Date: Wed, 19 Sep 2007 15:40:35 -0400
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Remote Policy

> FYI. You can technically do this for any admin template configurable 
> settings, as they are just registry entries. However, involving the 
> end user in this process kind of defeats the entire purpose of Group
Policy.
> Some other means of distributing (SMS, PsExec) would make much more 
> sense.
> 
> Regards,
> Jamie Nelson
> 
> 
> -----Original Message-----
> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
> On Behalf Of Nelson, Jamie R Contr 72 CS/SCBAF
> Sent: Wednesday, September 19, 2007 2:31 PM
> To: gptalk@xxxxxxxxxxxxx
> Subject: [gptalk] Re: Remote Policy
> 
> In that case there is not much you can do via Group Policy itself. If 
> the firewall settings are the only thing you "really" need, just 
> export the HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall registry 
> key from a LAN workstation that is receiving the policy and distribute

> it via other means (e-mail, file share) to your remote users in the 
> form of a .reg file. This would only work, though, if they have the 
> local admin rights required to change that area of the registry.
> 
> It's not really the proper way to do things, but it should work.
> 
> Regards,
> Jamie
> 
> 
> -----Original Message-----
> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
> On Behalf Of Delaney, Doug
> Sent: Wednesday, September 19, 2007 2:19 PM
> To: gptalk@xxxxxxxxxxxxx
> Subject: [gptalk] Re: Remote Policy
> 
> Understood, but General Motors will not allow replacement of the
msgina.
> Therefore, the VPN solution cannot change that approach
>  
> 
> Doug Delaney
> EDS - Integration Engineering-GM
> GM Desktop Engineering
> 1075 W. Entrance Dr., MS 2B, Cube 2130 Auburn Hills, MI 48326
> Lab: 248-365-9187
> Tel: 248-754-7917
> Pg: 248-870-0306 pager
> Mail: Doug.Delaney@xxxxxxx <mailto:Doug.Delaney@xxxxxxx>
> Note: The information in this email is intended solely for the 
> addressee. Access to this email by anyone else is unauthorized. If you

> are not the intended recipient, any disclosure, copying, distribution 
> or any action taken or omitted to be taken in reliance on it is
prohibited.
> 
>  
> 
> 
> ________________________________
> 
>       From: gptalk-bounce@xxxxxxxxxxxxx
> [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Odiorne, Derek
>       Sent: Wednesday, September 19, 2007 3:13 PM
>       To: gptalk@xxxxxxxxxxxxx
>       Subject: [gptalk] Re: Remote Policy
>       
>       
> 
>       Cisco, for example, has an option to start the vpn before logon.
> By doing it this way the users will run Group Policy Object's when 
> logging on.
> 
>        
> 
>       ----------------------------
> 
>       Derek A. Odiorne
> 
>       574-245-1487
>       -----------------------------
>       Need help now?
>       http://intranet/techserv/technologyserv.htm
> <http://intranet/techserv/technologyserv.htm>
> 
>       
> ________________________________
> 
> 
>       From: gptalk-bounce@xxxxxxxxxxxxx
> [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Delaney, Doug
>       Sent: Wednesday, September 19, 2007 3:07 PM
>       To: gptalk@xxxxxxxxxxxxx
>       Subject: [gptalk] Remote Policy
> 
>        
> 
>       Hi all,
> 
>       Is anyone aware of any free tools available for the remote 
> distribution of a GPO policy?
> 
>       Here is our situation.  We have a couple thousand users who
connect 
> via VPN only.  They connect after boot-up and cached credential logon 
> to windows.  Therefore, policies never apply during startup or logon.

> We have a need to administer the XP firewall (among other things), and

> are having a very difficult time finding a solution.  Many of these 
> users are 8 hours away from a building where they can connect via a 
> local LAN to get policies.
> 
>       Any guidance is greatly appreciated. 
> 
>       Doug Delaney
>       EDS - Integration Engineering-GM
>       GM Desktop Engineering
>       1075 W. Entrance Dr., MS 2B, Cube 2130
>       Auburn Hills, MI 48326
>       Lab: 248-365-9187
>       Tel: 248-754-7917
>       Pg: 248-870-0306 pager
>       Mail: Doug.Delaney@xxxxxxx <mailto:Doug.Delaney@xxxxxxx>  
>       Note: The information in this email is intended solely for the 
> addressee. Access to this email by anyone else is unauthorized. If you

> are not the intended recipient, any disclosure, copying, distribution 
> or any action taken or omitted to be taken in reliance on it is
prohibited.
> 
>        
> 
> ***********************
> You can unsubscribe from gptalk by sending email to 
> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field 
> OR by logging into the freelists.org Web interface. Archives for the 
> list are available at //www.freelists.org/archives/gptalk/
> ************************
> ***********************
> You can unsubscribe from gptalk by sending email to 
> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field 
> OR by logging into the freelists.org Web interface. Archives for the 
> list are available at //www.freelists.org/archives/gptalk/
> ************************

***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at //www.freelists.org/archives/gptalk/
************************

Other related posts: