+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
Windows Thread, Urgent - Remove a local computer policy on computer shutdown in Technical; We have a laptop scheme where students have their own school laptops and have a local and domain login. We ...
  1. #1

    Join Date
    Feb 2011
    Posts
    62
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Exclamation Urgent - Remove a local computer policy on computer shutdown

    We have a laptop scheme where students have their own school laptops and have a local and domain login. We need to restrict the logon to the local account when the student are in school.

    We have looked at changing proxy setting etc within the school but it is not just the internet we wish to stop them from accessing. We need to restrict their access to local account.

    There is a group policy under computer policies to only allow certain accounts to login, this restricts the student from logging in locally (as we only allow administrators, domain admins and other group to login) but we need this policy to be removed on shutdown. This is because they take the laptop home from school and need to login locally. So the policy get applied within the school's domain but not when they turn their machine on at home (as there is no way for the machine to access the domain) so does not apply the restriction.

    We have looked at a script to allow account access during certain times but we need to allow access during the holidays and this may not be manageable.

    This has become an urgent issue that needs to be solved. Many thanks for any help or advice.

  2. #2
    TheMan100's Avatar
    Join Date
    Dec 2010
    Posts
    156
    Thank Post
    8
    Thanked 15 Times in 15 Posts
    Rep Power
    10
    So you want to disallow local access when connected to the domain, but allow local access when at home?

  3. #3
    bart21's Avatar
    Join Date
    Aug 2009
    Location
    peterborough
    Posts
    404
    Thank Post
    77
    Thanked 54 Times in 52 Posts
    Rep Power
    20
    How about setting the caches logins gpo then they can use domain account when at school or home.

    Nick

  4. #4

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,695
    Thank Post
    335
    Thanked 515 Times in 483 Posts
    Rep Power
    179
    Quote Originally Posted by rpettit View Post
    We have looked at changing proxy setting etc within the school but it is not just the internet we wish to stop them from accessing. We need to restrict their access to local account.
    Why do you need them to have access to anything locally? I mean, assuming you just want them to access files/internet at home, they shouldn't be able to install stuff at home right? or edit any major settings?

    Steve

  5. #5

    Join Date
    Feb 2011
    Posts
    62
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by TheMan100 View Post
    So you want to disallow local access when connected to the domain, but allow local access when at home?
    Yes this is what we need to do.

  6. #6

    Join Date
    Feb 2011
    Posts
    62
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by Steve21 View Post
    Why do you need them to have access to anything locally? I mean, assuming you just want them to access files/internet at home, they shouldn't be able to install stuff at home right? or edit any major settings?

    Steve
    They do need to install printers and add the laptops to their home network.

  7. #7
    clareq's Avatar
    Join Date
    Dec 2005
    Location
    Doncaster
    Posts
    709
    Thank Post
    53
    Thanked 188 Times in 124 Posts
    Rep Power
    101
    Why don't you give them local admin access for the first week they have the laptop - enough time to load printers, local network settings etc, and then remove it? They can then used cached network settings at home.

  8. #8

    Join Date
    Feb 2011
    Posts
    62
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by clareq View Post
    Why don't you give them local admin access for the first week they have the laptop - enough time to load printers, local network settings etc, and then remove it? They can then used cached network settings at home.
    Thanks for the advice. I will look at this as a last resort. I was hoping to come an alternative.

  9. #9
    TheMan100's Avatar
    Join Date
    Dec 2010
    Posts
    156
    Thank Post
    8
    Thanked 15 Times in 15 Posts
    Rep Power
    10
    How about a login script which will run on the local user's account, which will check if it's connected to the school network, and if they are connected, the script will log off the local account. I'm guessing this could be done by pinging a server in your network, then if the ping request receives a reply, log the local account off.

    EDIT: But then again, if they disable wireless on the laptops, they could skip this.
    Last edited by TheMan100; 15th May 2011 at 04:34 PM.

  10. #10

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,925
    Thank Post
    1,626
    Thanked 1,893 Times in 1,407 Posts
    Blog Entries
    2
    Rep Power
    429
    Personally I can't see why you want them to have 2 accounts. A cached login would be much more efficient, and you could have the my docs sync when they log in and out in school...

  11. #11
    TheMan100's Avatar
    Join Date
    Dec 2010
    Posts
    156
    Thank Post
    8
    Thanked 15 Times in 15 Posts
    Rep Power
    10
    Quote Originally Posted by nephilim View Post
    Personally I can't see why you want them to have 2 accounts. A cached login would be much more efficient, and you could have the my docs sync when they log in and out in school...
    "They do need to install printers and add the laptops to their home network."

  12. #12

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,925
    Thank Post
    1,626
    Thanked 1,893 Times in 1,407 Posts
    Blog Entries
    2
    Rep Power
    429
    And get viruses and Trojan by disabling the firewall and av....which is exactly how I read it...

  13. #13

    Join Date
    Feb 2011
    Posts
    62
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by nephilim View Post
    Personally I can't see why you want them to have 2 accounts. A cached login would be much more efficient, and you could have the my docs sync when they log in and out in school...
    Are you using cached login? I haven't looked at setting this up before so any additional information would be great.

  14. #14
    sister_annex's Avatar
    Join Date
    Jan 2009
    Location
    Wolverhampton
    Posts
    594
    Thank Post
    99
    Thanked 136 Times in 120 Posts
    Rep Power
    49
    We don't give students laptops but our teachers do have them...

    We dual boot all our laptop installs and leave over a third partition for data storage that can be accessed from both the 'home' and 'school' sides. Granted this does take a little longer to set up but it does mean that although the 'home' side could be (and sometimes is) used on the school network access to resources like the internet etc. is very difficult as the information for proxies etc. is not readily available.

    The school side acts as a normal 'school' computer that is joined to the domain and gets all the policies etc whereas the 'home' side is much like a standard shop bought install where they can do as they please install their home broadband software printers and so forth.

    In short the management of the way do it is very simple in terms of domain non domain uses and there is no additional steps that teachers need to think off (just an extra click at boot )

  15. #15
    morganw's Avatar
    Join Date
    Apr 2009
    Location
    Cambridge
    Posts
    816
    Thank Post
    46
    Thanked 132 Times in 126 Posts
    Rep Power
    39
    I think a dual-boot system would require two Windows licences. I'm not sure how this would work if you have a Microsoft agreement, but if you are using OEM licences then I don't think that this is legal approach.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Editing Local Computer Policies
    By MaceZ4 in forum Scripts
    Replies: 0
    Last Post: 21st January 2011, 12:17 PM
  2. Some computer not updating their computer policy
    By Ambient in forum Windows Server 2000/2003
    Replies: 40
    Last Post: 10th June 2010, 04:31 PM
  3. GPMC GPO Editor edit command always opens Local Computer Policy
    By sacabonos in forum Windows Server 2000/2003
    Replies: 0
    Last Post: 14th January 2010, 09:13 AM
  4. Computer Replacement Program Policy
    By ticker in forum How do you do....it?
    Replies: 9
    Last Post: 17th July 2006, 07:50 PM
  5. default computer policy problem
    By standunstan in forum Windows
    Replies: 24
    Last Post: 19th May 2006, 02:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •