Laptop GPO lockdown

Posted on 2004-08-17
Medium Priority
Last Modified: 2012-06-21
Is there a way to apply a group policy to a XPpro laptop when it's off the Win 2K network, and keep my clients from loading programs and accepting addware?
Question by:rikicsofde
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
LVL 104

Expert Comment

ID: 11820150
If the machine is part of the domain and the machine can dial in to the domain then it is quite simple.

Get the user to connect to the network at the login prompt using "Connecting using Dial up Networking". This will make the machine act as part of the domain - meaning that the GP setting will be applied from the server. That setting will then stick until the machine is removed from the domain or gets an updated GP.

You can also use this process to keep online and offline passwords in sync by getting the user to change their password after logging in to the maching in this way.


Author Comment

ID: 11820677
The proplem isn't that simple. The client is the CEO and what to be able to connect to the internet anytime, anywhere without worry his computer will be open to programs he did not want.
LVL 104

Expert Comment

ID: 11820763
It will be almost impossible to lock a machine down that hard. You would have to run a "block everything but..." list. This would very difficult to create. Windows has many small executables that it uses all the time (take a look at task manager) all of which would be have to be listed.

I am afraid to say that there isn't a technical solution to this problem.

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users


Author Comment

ID: 11821417
Thank you simon this is the conclusion I came up with as well.  Is it possible to to stop clients from doing this thru local group policy?

Accepted Solution

SilverSox earned 1500 total points
ID: 11821749
You could install spybot S&D this comes with an immunization tool that stops most spyware / addware, also get him to use a different web browser as IE will accept anything !! FireFox is the one I use and it has some great features including popup blocking software!

Author Comment

ID: 11821848
Thank you for the guideance... We seem to be on the same page.


Expert Comment

ID: 11828479
At the end of the day you’ve got to keep it simple.

I use group policy for desktop machines but laptops are in a world of there own and when your dealing with “suits” you cant afford to be trying out new things out!

Spybot is the best in the business even Microsoft recommend it on there site ans they don’t have anything themselves! Just be sure to update it when you install it and run the immunize tool it’s the business.

Keep windows updated, your Anti Virus updated and your already ahead of the competition!

Its all about layered security!

Good Luck  

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question