Group Policy for detached domain client

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi. I have a few laptops that are being used from home after hours. Users on
these laptops are made part of the local administrators group when they are
on the LAN by using group policy. Once they are off the LAN they log into
their machines as usuall but do not have administrative rights. Am I right in
saying that once the machine is off the network, the group policy does not
apply anymore, even though they are logged into the machine? And if so, how
to I fix it, apart from manually adding them to the local policy on each
machine?

Any assistance in this regard is appreciated, even a link to a document will
help very much.

Thanks up front,

Morne
 
Once they are off the LAN they log into
their machines as usuall but do not have administrative rights. Am I right
in
saying that once the machine is off the network, the group policy does not
apply anymore, even though they are logged into the machine?
Click to expand...


If they still log into the domain while not connected they will use cached
credentials and have the same privileges as if they actually logged into the
domain.
If they log in locally when not connected to the domain they the domain
group policy will not apply.



And if so, how
to I fix it, apart from manually adding them to the local policy on each
machine?
Click to expand...


Remove their local login account. There is really no reason for them to log
in locally. This will force them to log in with cached credentials.


hth
DDS W 2k MVP MCSE
 
Back
Top