We are looking to implement some sort of local group policy to restrict what staff can and can't do on their laptops when at home not plugged into the network.
Just wondering if any has any experience in how to go about this or can offer any advice.
Adam.
We set up a laptops with the local GP set to how we wanted them and then imaged the others to match.
I have it set that they can log into the domain "offline" and as such, the policies then are still in place as to what they can and cant do.
It does mean using local profiles as opposed to roaming profiles however.
You can still use certain folder redirecting in some cases.
Nath.
I know they can log into the domain "offline" but it also seems that they are able to install software which is something they normally can't do. This what I want to restrict mainly.Originally Posted by tarquel
I saw some machines at a local Uni set up with a sort of reverse group policy - the machines were resticted wth local policies and admin accounts got domain controller GPO that overrode the local policy thus giving full access to admins.
We just let them logon using the cached logon - that way they have the same permissions as a domain user (and hence just a "local" bog standard user). This works fine for us. If they need software installing then it's college policy that the IT department do it
Thats interesting... With mine, afaik it still applies even if they aren't connected.
Wonder how I managed that one? lol
Nath.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote