Re: Domain logon without network connection + group policies

From: Oliver Schneider (Borbarad_at_gmxpro.net)
Date: 01/27/05

  • Next message: Bryan S. Sampsel: "Re: Users "bypassing" Group Policy restrictions"
    Date: Thu, 27 Jan 2005 22:47:25 +0100 (MET)
    To: Manuel Sousa <manuel.sousa@gmail.com>
    
    

    Just don't cache the profiles on the machines. If doing this you should as
    well exclude several things from the profiles as they will get transferred
    from the server to the client machine upon each logon.

    This all can be set via the Group Policy.

    Oliver

    > I've realized that it's possible to logon to a domain without a
    > network connection and bypass the group policies.
    >
    > This provides false security when deploying policies that restrict
    > user permissions, so my question is:
    > 1. Is it possible to forbid logon if the workstation can't connect to
    > the Domain Controller;
    > 2. Or is it possible to have a cache of the group policies so that if
    > the workstation doesn't have network, it uses the last policies?
    >
    > One workaround is deploying the policies as local ones, but that
    > removes the flexibility of deploying / changing the policies from the
    > domain, so i'm open for other suggestions.

    -- 
    ---------------------------------------------------
    May the source be with you, stranger ;)
    ICQ: #281645
    URL: http://assarbad.net
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Bryan S. Sampsel: "Re: Users "bypassing" Group Policy restrictions"