Re: Possible to enforce LP over GP?
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Thu, 19 Apr 2007 08:04:10 -0700
You cannot "enforce" local policy. AD delivered policy
always overrules what may be set in local policy.
Someone that has admin access to a machine can however
prevent all policy from being applied. Also, since much of
policy is applied when it is seen as having changed, settings
that only get reapplied in that fashion can be changed directly
if there is an available method to do so and those changes
will remain effective until the policy settings are reapplied.
Roger
"schmultzburger" <SPAMburger@xxxxxxxxx> wrote in message
news:132eugq2eqegb68@xxxxxxxxxxxxxxxxxxxxx
I was told once by a naysayer that GP was worthless as long as a domain
user had local admin rights because they could get around any settings.
Other than removing a computer from the domain, the only way I can think of
that this might be possible is by setting a LP that is counter to the GP
settings and somehow enforcing the LP. I haven't found anything to either
confirm or deny that this is possible. What I do read though is that
LSD-OU applies with later policy settings overriding earlier ones, except
for enforced settings. That says to me that IF you can enforce LP, it can
always override GP. Can anyone here speak to this?
TIA
S-
.
- Follow-Ups:
- Re: Possible to enforce LP over GP?
- From: schmultzburger
- Re: Possible to enforce LP over GP?
- References:
- Possible to enforce LP over GP?
- From: schmultzburger
- Possible to enforce LP over GP?
- Prev by Date: Possible to enforce LP over GP?
- Next by Date: Re: Possible to enforce LP over GP?
- Previous by thread: Possible to enforce LP over GP?
- Next by thread: Re: Possible to enforce LP over GP?
- Index(es):
Relevant Pages
|
Loading
