RE: Local group policies vs. domain group policies
- From: briandel@xxxxxxxxxxxxxxxxxxxx (Brian Delaney [MSFT])
- Date: Thu, 24 Aug 2006 02:14:58 GMT
Hi Jeff,
Then I disconnect from the domain and reboot the computer. On mycomputer,
my local group policy has a setting to allow me to view the Control Panelsee
("Prohibit access to the Control Panel" is Disabled). Will I be able to
the Control Panel when I log in locally?
If you log on locally then you will be able to see the control panel, even
if you are connected to the domain. This is because the User Settings GPOs
in the domain will not apply to local accounts. If you are logging in with
a domain account while disconnected from the domain then yes the GPO will
still apply as it is cached locally on the workstation.
Also, what if the domain policy is configured to Enabled but my localpolicy
is set to Not Configured?
The setting is enabled for domain accounts. Local accounts on the machine
will not be affected if this is part of the User Settings in Group Policy
as this will not apply to local users.
In other words, do domain GPOs remain on the computer when the computer is
not connected to the domain or do the local GPOs get reapplied upon every
boot?
Domain GPOs are cached locally on the machine and will continue to apply
when disconnected from the network. Naturally any GPOs that rely on a
resouce on the network such as Software installation will fail when off the
network.
Hope this helps,
Brian Delaney
Microsoft Canada
--
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: Local group policies vs. domain group policiesto
thread-index: AcbG+KN0BXiExQb1ThipzxQtpdt0aQ==
X-WBNR-Posting-Host: 209.105.253.133
From: =?Utf-8?B?amhhcmRlZQ==?= <jhardee@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Local group policies vs. domain group policies
Date: Wed, 23 Aug 2006 14:11:02 -0700
Let's say I have a computer on the domain and there is a domain policy set
not allow me to view the Control Panel ("Prohibit access to the Controlcomputer,
Panel" is Enabled). I log into the domain, the policy gets applied, and I
can't view the Control Panel as designed.
Then I disconnect from the domain and reboot the computer. On my
my local group policy has a setting to allow me to view the Control Panelsee
("Prohibit access to the Control Panel" is Disabled). Will I be able to
the Control Panel when I log in locally?policy
Also, what if the domain policy is configured to Enabled but my local
is set to Not Configured?
In other words, do domain GPOs remain on the computer when the computer is
not connected to the domain or do the local GPOs get reapplied upon every
boot? I understand the precedence of GPOs, but not what "sticks around".
Thanks,
Jeff
.
- Prev by Date: RE: Unreachable AD through mmc console
- Next by Date: RE: Active Directory with Win 2003 - Co-Location of Network
- Previous by thread: netdiag /fix DNS_ERROR_RCODE_NOT_IMPLEMENTED error
- Next by thread: Domain topology
- Index(es):
Relevant Pages
|
