rikicsofde
asked on
Laptop GPO lockdown
Is there a way to apply a group policy to a XPpro laptop when it's off the Win 2K network, and keep my clients from loading programs and accepting addware?
ASKER
The proplem isn't that simple. The client is the CEO and what to be able to connect to the internet anytime, anywhere without worry his computer will be open to programs he did not want.
It will be almost impossible to lock a machine down that hard. You would have to run a "block everything but..." list. This would very difficult to create. Windows has many small executables that it uses all the time (take a look at task manager) all of which would be have to be listed.
I am afraid to say that there isn't a technical solution to this problem.
Simon.
I am afraid to say that there isn't a technical solution to this problem.
Simon.
ASKER
Thank you simon this is the conclusion I came up with as well. Is it possible to to stop clients from doing this thru local group policy?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for the guideance... We seem to be on the same page.
Rik.
Rik.
At the end of the day you’ve got to keep it simple.
I use group policy for desktop machines but laptops are in a world of there own and when your dealing with “suits” you cant afford to be trying out new things out!
Spybot is the best in the business even Microsoft recommend it on there site ans they don’t have anything themselves! Just be sure to update it when you install it and run the immunize tool it’s the business.
Keep windows updated, your Anti Virus updated and your already ahead of the competition!
Its all about layered security!
Good Luck
I use group policy for desktop machines but laptops are in a world of there own and when your dealing with “suits” you cant afford to be trying out new things out!
Spybot is the best in the business even Microsoft recommend it on there site ans they don’t have anything themselves! Just be sure to update it when you install it and run the immunize tool it’s the business.
Keep windows updated, your Anti Virus updated and your already ahead of the competition!
Its all about layered security!
Good Luck
Get the user to connect to the network at the login prompt using "Connecting using Dial up Networking". This will make the machine act as part of the domain - meaning that the GP setting will be applied from the server. That setting will then stick until the machine is removed from the domain or gets an updated GP.
You can also use this process to keep online and offline passwords in sync by getting the user to change their password after logging in to the maching in this way.
Simon.