Domain logon without network connection + group policies

From: Manuel Sousa (manuel.sousa_at_gmail.com)
Date: 01/27/05

Next message: John Madden: "DSQuery on active directory"

Previous message: Cory Stoker: "Re: Dhcp security"
Next in thread: Oliver Schneider: "Re: Domain logon without network connection + group policies"
Reply: Oliver Schneider: "Re: Domain logon without network connection + group policies"
Maybe reply: STEVE MAKOUSKY: "Re: Domain logon without network connection + group policies"
Reply: Danny: "Re: Domain logon without network connection + group policies"
Maybe reply: Ghetti, Tim: "RE: Domain logon without network connection + group policies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 27 Jan 2005 12:57:33 +0000
To: focus-ms@securityfocus.com

Hi,

I've realized that it's possible to logon to a domain without a
network connection and bypass the group policies.

This provides false security when deploying policies that restrict
user permissions, so my question is:
1. Is it possible to forbid logon if the workstation can't connect to
the Domain Controller;
2. Or is it possible to have a cache of the group policies so that if
the workstation doesn't have network, it uses the last policies?

One workaround is deploying the policies as local ones, but that
removes the flexibility of deploying / changing the policies from the
domain, so i'm open for other suggestions.

Thanks in advance,
Manuel Sousa

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: John Madden: "DSQuery on active directory"

Previous message: Cory Stoker: "Re: Dhcp security"
Next in thread: Oliver Schneider: "Re: Domain logon without network connection + group policies"
Reply: Oliver Schneider: "Re: Domain logon without network connection + group policies"
Maybe reply: STEVE MAKOUSKY: "Re: Domain logon without network connection + group policies"
Reply: Danny: "Re: Domain logon without network connection + group policies"
Maybe reply: Ghetti, Tim: "RE: Domain logon without network connection + group policies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Planning A Group Policy Deployment
... and minor management objectives. ... the individual policy settings, is not the way to approach the issue. ... responsibility for deploying Group Policy at a high school. ... For example - there are over 900 group policies in the W2k3 excel ...
(microsoft.public.windows.group_policy)
Analysing and configuring IPS/IDS Policies
... I am currently in the process of implementing an IPS at a client site. ... There are various approaches to deploying policies from ground up and ... We analyse alerts observed on the allowed protocols and create ... alerts and deploying policies. ...
(Focus-IDS)
Re: Domain logon without network connection + group policies
... Information Security Analyst ... This provides false security when deploying policies that restrict ... not the intended recipient, you are hereby notified that any review, retransmission, dissemination, ...
(Focus-Microsoft)
Re: Domain logon without network connection + group policies
... > network connection and bypass the group policies. ... Is it possible to forbid logon if the workstation can't connect to ...
(Focus-Microsoft)
XP Policies are intermittent??!!!
... deploying at a rate of 10 a month. ... using AD Policies for the XP machines I get people who it ... a pain in the butt and is getting bigger and bigger of an ...
(microsoft.public.windowsxp.security_admin)