Security Basics mailing list archives
Re: Windoze GPO Question
From: Christopher <c.boggs () gmail com>
Date: Mon, 10 Nov 2008 16:47:54 -0600
Computer configuration policies still apply even when you're logging in locally. There are some GPO options, however, that will allow you to specify seperate settings (like firewall, etc.) for when a computer is on the domain network or when it can't contact the domain controller, but I don't have them handy. On 11/10/08, Jon Kibler <Jon.Kibler () aset com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, This may be slightly off topic, but I have a question about GPO scope. I have a client that has a bunch of sales people who have laptops. When they come into their office, they login to the domain. When they are on the road, they login to 'this computer.' The problem that the client is seeing has left me scratching my head about how GP works. What is happening is the client has recently set some new group policies that do things like specify which name servers and other network resources a given OU is to use. Now, when these laptops are taken on the road and the user tries to get Internet access, it fails. Why? Because the GPO settings are overriding the DHCP settings on 'this computer'. What I don't understand is why DOMAIN OU GPOs are being applied outside the scope of the domain. If you are not logging into the domain, why are the domain GPOs in effect? This doesn't make sense. Has my client somehow misconfigured AD? THANKS! Jon Kibler - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkYmJAACgkQUVxQRc85QlOMSwCeP5JEFlf/yrl4uwh6Cbl7AFnm ZaoAnRRW4d0eFTlMRAQIH6mJR/JpHL3x =t05p -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
-- Sent from my mobile device
Current thread:
- Windoze GPO Question Jon Kibler (Nov 10)
- RE: Windoze GPO Question Quigley, Joe (Nov 10)
- Re: Windoze GPO Question Steve Armstrong (Nov 10)
- Re: Windoze GPO Question Jorge L. Vazquez (Nov 12)
- RE: Windoze GPO Question Jason Hurst (Nov 12)
- Re: Windoze GPO Question Jorge L. Vazquez (Nov 12)
- RE: Windoze GPO Question Jason Hurst (Nov 10)
- Re: Windoze GPO Question Christopher (Nov 10)
- Re: Windoze GPO Question Christopher (Nov 12)
- RE: Windoze GPO Question Murda Mcloud (Nov 12)
- Re: Windoze GPO Question Jorge L. Vazquez (Nov 12)
- RE: Windoze GPO Question Murda Mcloud (Nov 12)
- Re: Windoze GPO Question Nikhil Wagholikar (Nov 12)
- RE: Windoze GPO Question Murda Mcloud (Nov 12)
- Re: Windoze GPO Question Salvador III Manaois (Nov 12)
- <Possible follow-ups>
- Fwd: Windoze GPO Question Robert McIntyre (Nov 19)