Re: Force local policies

From: "KM" <konstmor@xxxxxxxxxxxxxxxx>
Date: Mon, 9 Oct 2006 17:54:09 -0700

travisr,

I'm far from being an IT guy, so excuse me if it sounds like I don't
know what I'm talking about. Anyway, as I understand it, a computer on
a domain will always override local policies with domain policies, if
the policy exists on the domain. What I would like to achieve is to
allow users to add the XPe installation to a domain but still guarantee
enforcement of certain local policies. Does anybody know if there is
any way to achieve this?

I don't know any way how to force local policies over domain ones unless it is set up on the server side. Although I am not an IT
guy either and therefore not an expert in this.
It does make sense, however, that domain policies are always on top of the local ones. Otherwise, corporate (domain) users would be
able to set up thier workstation as they wish and easy break administring and maintating the network.

If not, perhaps this is something somebody
from Microsoft might want to take under consideration - it may not make
sense for a PC but for an embedded product it certainly does.

I disagree. If you connect your embedded product to a network (and, worse, your product runs *PC* software) it must obey to the
network rules set up by administrators of that network. You want to join a domain, you will have to use the domain rules. This is my
opinion.

Also, if it isn't possible to ensure local policies are retained, can
anybody tell me how to disable the ability to add a system to a domain
without sacrificing other networking capabilities. Thanks in advance.

Well, not quite sure what networking capabilities you are interested in?
After all, you can always remove Join Domain component from your config and that will break the device ability to login to a domain.
Networking would work as it did before you removed the component. Some domain related stuff, of course, wouldn't work.

--
=========
Regards,
KM

.

Follow-Ups:
- Re: Force local policies
  - From: travisr
- Re: Force local policies
  - From: steves

References:
- Force local policies
  - From: travisr

Prev by Date: Force local policies
Next by Date: Pocket HandHeld Tablet PC Pocket Site
Previous by thread: Force local policies
Next by thread: Re: Force local policies
Index(es):
- Date
- Thread

Relevant Pages

Re: Force local policies
... I'm not saying that all local policies should ... always be allowed to override domain policies - particularily not on ... This is often used in domain environments by administrators as a way to protect workstations from a mess that end user ... administrators wouldn't have a way to protect the network from "curious users". ...
(microsoft.public.windowsxp.embedded)
Re: Dropping Netbios over TCP?
... Administrative Tools/Local Security Policy. ... Local Policies and click on User Rights Assignment. ... In the right pane double click on Access this computer from the network. ... > So if I want to keep using 'net use', I have to keep NetBIOS over TCP/IP ...
(microsoft.public.win2000.networking)
Re: Re-occuring error message SceClient 1202 Application Log error
... "local policies" vs "Local settings" and there were 3 ... other places other than "access this computer from network", ... > rights assignments. ... > expands them and remove the account. ...
(microsoft.public.windows.server.migration)
Re: Trouble mapping drive
... Some settings I would check in gpedit.msc are the following: ... computer from the network ...
(microsoft.public.windowsxp.general)
Force local policies
... I'm far from being an IT guy, so excuse me if it sounds like I don't ... enforcement of certain local policies. ... sense for a PC but for an embedded product it certainly does. ... anybody tell me how to disable the ability to add a system to a domain ...
(microsoft.public.windowsxp.embedded)