Talk about posting in a dead thread. Here I go. This thread still shows up in Google near the top when people with this problem do a search so I am posting the answer here.
First, your user needs to be a local administrator for his laptop if he is going to be overseas and disconnected from your network. This will allow him to call you for tech support and avoid the need for you to find a way to access his computer remotely, which may or may not be a workable option depending on the network environment this fellow finds himself in. Plus, if you trust him to take a company computer overseas, you should trust him with elevated local privileges because you are effectively doing that anyway--but that is a different matter.
Group Policy Client need not be running on a detached system computer. There is no domain to attach to and no Group Policy Server available, so a local admin can simply disable the service and make whatever changes are needed to adapt to the outside environment.
Also, many local group policy settings are available through the following registry keys:
Code:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Group Policy
Included in this registry tree are settings that specify which domain GP Server to attach to. Thus, editing the keys titled "DCName" and "DSPath" can help to point the user's laptop to a different GP server--or to none at all if they read "LocalGPO" and "\\localhost" respectively. Changing these values across several registry keys will cause the Group Policy Client to misdirect and fail to find the domain policy server. This can of course be reduced to two .reg files, so the client can be effectively turned on and off by merging one file or the other into the registry. This is useful since the files can be emailed to the user and you can simply say "double-click on this"--thus avoiding the need to explain how to disable the service manually.
Please note that if the Group Policy Client fails it will create error entries in the logs, and all those services dependent on it will fail also. However, in a severed environment overseas, none of those services are helpful to the user anyway. One side effect of this is that non-administrator domain users may not be able to log onto the system--thus, the user needs local admin privileges.
Finally, you could always configure a VPN option for the user if you know or control the overseas network environment he is in. This would require some advanced planning in order to ensure things like:
- your VPN server was accessible from the overseas network
- the firewall on the overseas network allows your VPN connection to pass through
- there is sufficient bandwidth between your network and the overseas network to allow the required domain traffic to be pushed back and forth in a timely manner.
I am by no means an expert in VPN, so you should consult other sources for information on that possibility.
Hope this helps someone out there in the future.
29-05-2008
Similar Threads for: "Using local group policy to override domain group policy" 
