Re: Force local policies
- From: "travisr" <travis@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: 10 Oct 2006 10:13:39 -0700
I agree that a device should follow the network rules of a domain but
there are some policies that don't affect how the device interacts with
the network (like 'look and feel' options) where it would be nice if
that could be retained on an embedded device. Regardless, as I've
learned more about the extent to which domain policy can control the
user interface and behavior I've decided we should probably just
completely eliminate domain support for our device. To accomplish
this, I believe you referred to excluding the 'Netlogon/Netjoin'
component - but a dependency trail can be traced from this back to
'FBA: SCE' and then 'Windows Logon (Standard)'. Does anybody know if
it is safe to exclude the 'Netlogon/NetJoin' component despite these
dependencies?
KM wrote:
travisr,
I'm far from being an IT guy, so excuse me if it sounds like I don't
know what I'm talking about. Anyway, as I understand it, a computer on
a domain will always override local policies with domain policies, if
the policy exists on the domain. What I would like to achieve is to
allow users to add the XPe installation to a domain but still guarantee
enforcement of certain local policies. Does anybody know if there is
any way to achieve this?
I don't know any way how to force local policies over domain ones unless it is set up on the server side. Although I am not an IT
guy either and therefore not an expert in this.
It does make sense, however, that domain policies are always on top of the local ones. Otherwise, corporate (domain) users would be
able to set up thier workstation as they wish and easy break administring and maintating the network.
If not, perhaps this is something somebody
from Microsoft might want to take under consideration - it may not make
sense for a PC but for an embedded product it certainly does.
I disagree. If you connect your embedded product to a network (and, worse, your product runs *PC* software) it must obey to the
network rules set up by administrators of that network. You want to join a domain, you will have to use the domain rules. This is my
opinion.
Also, if it isn't possible to ensure local policies are retained, can
anybody tell me how to disable the ability to add a system to a domain
without sacrificing other networking capabilities. Thanks in advance.
Well, not quite sure what networking capabilities you are interested in?
After all, you can always remove Join Domain component from your config and that will break the device ability to login to a domain.
Networking would work as it did before you removed the component. Some domain related stuff, of course, wouldn't work.
--
=========
Regards,
KM
.
- Follow-Ups:
- Re: Force local policies
- From: KM
- Re: Force local policies
- References:
- Force local policies
- From: travisr
- Re: Force local policies
- From: KM
- Force local policies
- Prev by Date: Re: Force local policies
- Next by Date: Re: Tasks
- Previous by thread: Re: Force local policies
- Next by thread: Re: Force local policies
- Index(es):
Relevant Pages
|
Loading
