Re: Windows XP remember GP when removed from domain
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 08/24/04
- Next message: IT Boy: "Help disappear 2003 DC policy!"
- Previous message: Alex: "setting desktop wallpaper"
- In reply to: Mark Renoden [MSFT]: "Re: Windows XP remember GP when removed from domain"
- Next in thread: Mark Renoden [MSFT]: "Re: Windows XP remember GP when removed from domain"
- Reply: Mark Renoden [MSFT]: "Re: Windows XP remember GP when removed from domain"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 24 Aug 2004 06:26:39 -0700
Hi Mark,
Are you sure of your response ?
As I read the post, where it says,
> On my XP Box with SP1 if I remove the PC from the domain,
> these policies remain in force and are locked on the local station.
the poster is indicating that the policies are still grayed out
and disallowing local policy management of their values.
As I understood it, those values that are tattooed have those
settings persisting, but the local policy should allow them to
be changed, and the cached true policies from the domain
should no longer be in force, and be changable. Certainly the
engine should no longer be acting as if they are being enforced
from AD and disabling their adjustment with the local UI .
TIA,
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Mark Renoden [MSFT]" <markreno@online.microsoft.com> wrote in message news:ume2PZWiEHA.3548@TK2MSFTNGP09.phx.gbl... > Hi Keven > > I'm actually surprised that the policies are being reset on the Windows 2000 > machines. What you're seeing on the Windows XP SP1 machines is what I'd > expect. > > Security policy is an actual registry change that needs to be modified with > a new policy. Perhaps your Windows 2000 machines actually have settings in > their local policy which is allowed to take effect once they are moved off > the domain and that is normally overridden by the domain policy? > > HTH > -- > Mark Renoden [MSFT] > Windows Platform Support Team > Email: markreno@online.microsoft.com > > Please note you'll need to strip ".online" from my email address to email > me; I'll post a response back to the group. > > This posting is provided "AS IS" with no warranties, and confers no rights. > > "Keven" <darkslyther@no-spam.yahoo.com> wrote in message > news:bca301c4895b$ce235db0$a401280a@phx.gbl... > > My windows 2003 domain is set to have accounts lockout > > after so many attempts, to require at least 8 passwords > > etc. On Windows 2000 machines if I remove a machine from > > the domain it always releases these policies back to the > > local GPO. On my XP Box with SP1 if I remove the PC from > > the domain, these policies remain in force and are locked > > on the local station. Is there a way to remove these > > locked policies not that the box is part of a workgroup > > again? Thanks Keven > > > > If you reply direct please remove no-spam. > >
- Next message: IT Boy: "Help disappear 2003 DC policy!"
- Previous message: Alex: "setting desktop wallpaper"
- In reply to: Mark Renoden [MSFT]: "Re: Windows XP remember GP when removed from domain"
- Next in thread: Mark Renoden [MSFT]: "Re: Windows XP remember GP when removed from domain"
- Reply: Mark Renoden [MSFT]: "Re: Windows XP remember GP when removed from domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
