Re: Group Policy & VPN

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/23/04 

Date: Tue, 23 Nov 2004 04:12:34 GMT

There are Group Policy restrictions in user configuration/administrative
templates/network/network connections that can restrict what users under the
influence of the Group Policy can do to a domain computer. If you logon as a
"local administrator" that is not a domain member then those user
configuration policies from the domain will not apply. If you run the
gpresult support tool, it will tell you what Group Policies for user
configuration are applied to you as a user while logged onto that computer.
Any of those domain/OU level policies could be applying Group Policy to you.

Otherwise it could be Group Policy computer configuration that would apply
to the computer no matter if you are logged on as a local or domain user. If
that seems to be the case look at the services [ use services.msc] that are
disabled on the domain computer. The remote access connection manager and
telephony services should be set to manual start and be started, while the
remote access auto connection manager should be set to manual start up. In
general it may help to view the configuration of services on that problem
computer to see the differences while it is joined to the domain and when it
is not. You might need to move that computer into a different OU if it's
security need are different than other computers in the OU or make a child
OU for it of the OU it is now and create a new GPO for that OU with security
settings defined that need to override current security settings for the
U. --- Steve

"Scott Nichols" <snichols@cyscript.com> wrote in message
news:4a4ea8f1.0411221934.4db5f144@posting.google.com...
> Hi, I've joined a W2K machine to a domain and now the prior VPN
> connections I created are no longer in the Network and Dialup
> Connections folder. When I try adding them the option to create a VPN
> is grayed out.
>
> I know this is related to the Group Policy for the OU associated with
> the computer, but I don't know that much about Group Policy. Can
> anyone point me in the right direction for WHAT specifically in Group
> Policy I need to change?
>
> p.s. when the computer is NOT a member of the domain everything is OK.
>
> -Scott

Relevant Pages

  • Re: XP firewall turn off GP
    ... "protect all network connections" an make sure that is set to not ... Group Policy and again be sure to read the full description of the Group ... and bypass Group Policy user configuration, disable applications, install ... Firewall to not configured or disabled. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: applying settings to clients forcefully
    ... The RSOP output states windows 2003 as member server. ... Windows 2000 IP Configuration ... Microsoft Windows Operating System Group Policy Result tool ... Default Domain Policy ...
    (microsoft.public.win2000.group_policy)
  • Re: applying settings to clients forcefully
    ... Yes it's member server of the infrasoft.lan domain and i am not using any terminal services of that machine, nor it's configured as terminal server. ... > Windows 2000 IP Configuration ... > Microsoft Windows Operating System Group Policy Result tool ...
    (microsoft.public.win2000.group_policy)
  • Re: Windows 2000 Server GPO with Windows 2003 Server Terminal Serv
    ... I guess the next big question is how do I apply group policy for all my ... terminal server users without effecting the administrator account. ... Replace mode only looks at the "USer Configuration" ...
    (microsoft.public.windows.server.active_directory)
  • Re: Group Policy, Security Groups, and OUs
    ... So, let's say we have three major types of computer--desktop, server, and ... Now you create a group policy that has "computer ... configuration" settings and "user configuration" settings. ...
    (microsoft.public.windows.group_policy)
Loading