Group Policy when disconnected from network

  • Thread starter Thread starter Victor Fisher
  • Start date Start date
V

Victor Fisher

I have a group policy set that configures a proxy server, then does
not allow the user to make changes to the settings. The issue I'm
running into, however, is on my laptop users, when they logout, the
settings for the proxy remain. Of course, when they dialup, connect
via their cable modems, etc, they are unable to browse because IE is
looking for the proxy server. I do not want to create local logons
for the users. I want the user to be able to use their cached
information to logon.

What I'm looking for is a way to disable the group policy upon logoff
or shutdown of the laptop. Or even a way to run another group policy
on logoff/shutdown that disables the proxy.

Another question is, when I'm disconnected from the network, and I use
cached info to logon to the laptop, where is the cached policy
information stored? Can I manipulate that somehow? Is there a
setting I can use to say that if I'm not on the network, revert to the
local computer policy?

Thanks,

Victor Fisher
 
Victor,

There is no local policy cache of network policy. If a computer is a member
of a domain, it has to connect to the domain in order to change existing
policy settings.

Some CSEs cache their own settings in order to handle removal processing,
but even then, they only get launched when network GPOs are available. Our
testing has shown that this also excludes the local GPO.

The intent of the policy system is that domain policy can't be undone by
simply pulling the plug and booting with cached credentials.

Sorry, I don't have a solution for you, but I believe that is how the
processing works.

Regards,

Eric Voskuil
Policy Maker
http://www.autoprof.com
 
Would a .reg file do the job?? I tried writing one for that specific
problem and I couldn't for the life of me find out how to get it to work.
The message said the reg. file was successfully applied to the registry but
upon going to IE, still no web pages were available due to the wrong proxy
info was still there.

Dave Niemeyer

-------------------------------
 
Dave Niemeyer said:
Would a .reg file do the job?? I tried writing one for that specific
problem and I couldn't for the life of me find out how to get it to work.
The message said the reg. file was successfully applied to the registry but
upon going to IE, still no web pages were available due to the wrong proxy
info was still there.

Dave Niemeyer
Click to expand...


Actually, I created a VBScript that I set to run at different points.
If I run the VBScript manually, it works. The settings are changed.
If I put it into the logout or shutdown script, it actually does run.

I put it in the logout script, then connected to the registry
remotely, and the settings remained. I then shutdown the machine,
disconnected it from the network and rebooted. As soon as I logged
back in (disconnected from the network using cached credentials, the
settings reappeared. Thats why I'm trying to figure out where the
policy is cached, and if there is a way to remove or change the policy
upon logout/shutdown.

My current thought is to just run a script that changes the setting at
logon, then another script that changes it at logout, although that
precludes me from setting the registry key so that the user can't
change it manually.

Good luck.
 
Back
Top