Re: Domain logon without network connection + group policies

From: Oliver Schneider (Borbarad_at_gmxpro.net)
Date: 01/27/05

  • Next message: Bryan S. Sampsel: "Re: Users "bypassing" Group Policy restrictions"
    Date: Thu, 27 Jan 2005 22:47:25 +0100 (MET)
    To: Manuel Sousa <manuel.sousa@gmail.com>
    
    

    Just don't cache the profiles on the machines. If doing this you should as
    well exclude several things from the profiles as they will get transferred
    from the server to the client machine upon each logon.

    This all can be set via the Group Policy.

    Oliver

    > I've realized that it's possible to logon to a domain without a
    > network connection and bypass the group policies.
    >
    > This provides false security when deploying policies that restrict
    > user permissions, so my question is:
    > 1. Is it possible to forbid logon if the workstation can't connect to
    > the Domain Controller;
    > 2. Or is it possible to have a cache of the group policies so that if
    > the workstation doesn't have network, it uses the last policies?
    >
    > One workaround is deploying the policies as local ones, but that
    > removes the flexibility of deploying / changing the policies from the
    > domain, so i'm open for other suggestions.

    -- 
    ---------------------------------------------------
    May the source be with you, stranger ;)
    ICQ: #281645
    URL: http://assarbad.net
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Bryan S. Sampsel: "Re: Users "bypassing" Group Policy restrictions"

    Relevant Pages

    • Re: Aftermath of RDIRCMP.EXE?
      ... We are going to try creating a new OU, putting the machines in there, ... with Deny Read and Deny Apply Group Policy permissions on the Default Domain ... Ok, check the policy settings that you want (as I already said, some ... policies only work at domain level, ...
      (microsoft.public.windows.server.active_directory)
    • Re: How to apply different Group Policies to different users on standalone Windows XP pro machine
      ... Deny access will trump any allow access ... allow only certain domain users or groups the ability to ... log on to only certain machines at certain times, ... You CAN specify individual policies for each domain user ...
      (microsoft.public.windowsxp.security_admin)
    • Policies not applying
      ... I am having problems getting policies applied to apply on my branch machines. ... I think the problem is slow link. ...
      (microsoft.public.win2000.group_policy)
    • Re: USB device wont stop
      ... policies you can select optimize for quick removal and this disables the write cache for the drive.Does it help? ... Cache or not will not aviod the ... user to format a removable drive with NTFS. ... USB drives have a write cache while FAT formatted ones have ...
      (microsoft.public.windowsxp.general)
    • Re: Control Panel causes error
      ... Both policies are set to "0",so that's not it. ... The other profiles work fine. ... Would a copy of the error log help diagnose the root of the problem? ... > How interesting, Nik! ...
      (microsoft.public.windowsxp.help_and_support)