Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Using local group policy to override domain group policy

Active Directory


Reply
 
Thread Tools Search this Thread
  #1  
Old 29-05-2008
Member
 
Join Date: Jan 2005
Posts: 40
Using local group policy to override domain group policy

There are some different domain users which access the server from various location through their notebook. They are not physically connected with each other. Now how can a user from the other end can configure settings of domain group policy. Here he had already tried to do the same via domain group policy. But that does not worked well. I need some help to find a option that can allow me to disable domain policy.

Reply With Quote
  #2  
Old 29-05-2008
Member
 
Join Date: Oct 2004
Posts: 39
There is no way to do that. This is how GP is designed. You must try to work on the local group policy also. And you must then re-apply the same. Depending the type of connectivity and configuration it will take time to apply the settings completely. While there is no way to do that manually.
Reply With Quote
  #3  
Old 04-09-2011
Member
 
Join Date: Sep 2011
Posts: 1
re: Using local group policy to override domain group policy

Talk about posting in a dead thread. Here I go. This thread still shows up in Google near the top when people with this problem do a search so I am posting the answer here.

First, your user needs to be a local administrator for his laptop if he is going to be overseas and disconnected from your network. This will allow him to call you for tech support and avoid the need for you to find a way to access his computer remotely, which may or may not be a workable option depending on the network environment this fellow finds himself in. Plus, if you trust him to take a company computer overseas, you should trust him with elevated local privileges because you are effectively doing that anyway--but that is a different matter.

Group Policy Client need not be running on a detached system computer. There is no domain to attach to and no Group Policy Server available, so a local admin can simply disable the service and make whatever changes are needed to adapt to the outside environment.

Also, many local group policy settings are available through the following registry keys:

Code:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Group Policy
Included in this registry tree are settings that specify which domain GP Server to attach to. Thus, editing the keys titled "DCName" and "DSPath" can help to point the user's laptop to a different GP server--or to none at all if they read "LocalGPO" and "\\localhost" respectively. Changing these values across several registry keys will cause the Group Policy Client to misdirect and fail to find the domain policy server. This can of course be reduced to two .reg files, so the client can be effectively turned on and off by merging one file or the other into the registry. This is useful since the files can be emailed to the user and you can simply say "double-click on this"--thus avoiding the need to explain how to disable the service manually.

Please note that if the Group Policy Client fails it will create error entries in the logs, and all those services dependent on it will fail also. However, in a severed environment overseas, none of those services are helpful to the user anyway. One side effect of this is that non-administrator domain users may not be able to log onto the system--thus, the user needs local admin privileges.

Finally, you could always configure a VPN option for the user if you know or control the overseas network environment he is in. This would require some advanced planning in order to ensure things like:
- your VPN server was accessible from the overseas network
- the firewall on the overseas network allows your VPN connection to pass through
- there is sufficient bandwidth between your network and the overseas network to allow the required domain traffic to be pushed back and forth in a timely manner.

I am by no means an expert in VPN, so you should consult other sources for information on that possibility.

Hope this helps someone out there in the future.
Reply With Quote
  #4  
Old 28-09-2011
Member
 
Join Date: Sep 2011
Posts: 1
re: Using local group policy to override domain group policy

To Cousinit: That was very nice of you to post to a thread which is three years old. Your advice was clear and concise. Keep up the good deeds. -Kent
Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory
Tags: , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Using local group policy to override domain group policy"
Thread Thread Starter Forum Replies Last Post
Override the local Group Policy by domain policy or delete the RSOP TheTurner Windows Security 2 17-12-2013 08:10 PM
Use group policy to change local administrator password in Domain coady Active Directory 4 29-12-2010 10:20 AM
How to use Group Policy Editor to Manage Local Computer Policy on Windows XP Afznotermi Networking & Security 3 07-10-2009 02:12 PM
Group Policy Local drives Daniel Active Directory 3 24-04-2008 07:15 AM
Group Policy -> Missing Group Policy settings Jeroen Active Directory 3 24-07-2007 11:00 PM


All times are GMT +5.5. The time now is 11:35 AM.