using local group policy to override domain group policy

Discussion in 'Active Directory' started by inenewbl, May 29, 2008.

  1. inenewbl

    inenewbl Guest

    Hi all. I have a domain user with a notebook in overseas now. Currently his
    notebook is not physically connected to my domain since he is overseas now.
    For some reason he need to disable a setting that was obtained via domain
    group policy. However changing the setting via local group policy doesn't
    help. How can i disable the domain policy from taking effect on this
    particular user's pc. Thks in advance.
     
    inenewbl, May 29, 2008
    #1
    1. Advertisements

  2. Howdie!
    No, you can't. That's how Group Policy works. It takes precedence over
    local Group Policy and gets re-applied every max. 120 minutes. Depending
    on what setting it is, he could - if the user is local administrator on
    the machine - reset the setting manually by e.g. editing the policy. But
    every 120, the setting gets reverted back.

    The only reasonable thing for you is create a seperate OU for the user,
    move the useraccount/laptop into that OU (depending on we're talking
    about a UserConf or CompConf policy) and define the setting the way the
    user needs it. Then let him connect to the network (e.g. via VPN).

    There aren't many other options, really.

    cheers,

    Florian
     
    Florian Frommherz [MVP], May 29, 2008
    #2
    1. Advertisements

  3. Since he isn't connected to the network can he log on locally as opposed to
    using cached credentials? This may allow him to get by it. You can't
    override domain policy with a local policy.
     
    Paul Bergson [MVP-DS], May 29, 2008
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.