Re: Domain logon without network connection + group policies

• Previous message: Jim Harrison (ISA): "RE: ISA server logs"
• In reply to: Manuel Sousa: "Domain logon without network connection + group policies"
• Next in thread: STEVE MAKOUSKY: "Re: Domain logon without network connection + group policies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 27 Jan 2005 22:47:25 +0100 (MET)
To: Manuel Sousa <manuel.sousa@gmail.com>

Just don't cache the profiles on the machines. If doing this you should as
well exclude several things from the profiles as they will get transferred
from the server to the client machine upon each logon.

This all can be set via the Group Policy.

Oliver

> I've realized that it's possible to logon to a domain without a
> network connection and bypass the group policies.
>
> This provides false security when deploying policies that restrict
> user permissions, so my question is:
> 1. Is it possible to forbid logon if the workstation can't connect to
> the Domain Controller;
> 2. Or is it possible to have a cache of the group policies so that if
> the workstation doesn't have network, it uses the last policies?
>
> One workaround is deploying the policies as local ones, but that
> removes the flexibility of deploying / changing the policies from the
> domain, so i'm open for other suggestions.

-- 
---------------------------------------------------
May the source be with you, stranger ;)
ICQ: #281645
URL: http://assarbad.net
---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Jim Harrison (ISA): "RE: ISA server logs"
• In reply to: Manuel Sousa: "Domain logon without network connection + group policies"
• Next in thread: STEVE MAKOUSKY: "Re: Domain logon without network connection + group policies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]