Link to home
Create AccountLog in
Avatar of msidnam
msidnamFlag for United States of America

asked on

Prevent group policy from effecting local users

I currently have group policy enabled for my domain. I am doing it mainly for proxy settings. The problem i am coming across is if a user takes thier laptop home and logs in to the local computer [computername (this computer)] the group policy is coming across. How can i make it so that if they log on locally to the computer they dont use the proxy?
ASKER CERTIFIED SOLUTION
Avatar of ian_chard
ian_chard

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of rhinoceros
rhinoceros

Group policy will affect when the domain user logon their domain account (profile) on laptop, it mean the users account must be the member of OU.

However, local user account have another one profile for locally logon, that is different with domain account, and all GPO setting (include proxy setting) will not be enabled.
Another way around the problem is to create a batch file and put it in the local user accounts startup folder in C:\documents and settings\%USERNAME%\\Start Menu\Programs\Startup that runs the following:

proxycfg -d

This will give the machine direct internet access for that user only. You could always do this with a registry hack that runs at start up via a local policy for the local user that also modifies the hkcu internet settings to disable proxy configuration for that user, and run it alongside the proxycfg too to ensure they get direct Internet access.

Proxycfg will only work on XP machines by default, though you may be able to copy it from an XP/Windows 2003 server machine to get it to work.
GPO will hold whether you log on locally or to the domain as mentioned above

i have proxy set in mine and the minute i go home and plug in to the network i get no issues, windows takes care of itself even with my proxy enabled

does your proxy screw up home internet?
I should have added in my above post that %USERNAME% would be the username for the LOCAL log on, and not any domain one.

Thanks
Ian
Avatar of msidnam

ASKER

thank you all for help. I figured that  if you log on locally it should bypass the proxy. one of our auditors was out in the field yesterday and the IT guy where she was at was saying that they couldn't get out to the internet even on a local profile. I have hidden the connections tab so I am thinking that perhaps he never tried to connect from the local profile. I tried on my laptop after I posted and even though I couldn't see the connections tab I was able to get on. I will need to check out their laptops when they get back. I will post again in a day or two. thanks again for the help everyone.
If you are trying to set the proxy server within the organisation without using the connection tab you can use a reg hack to enter the proxy details like this:


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyServer"="PROXYSERVERNAME:PROXYPORT"

Where proxyservername is the proxy server name and proxyport is the port used on the proxy (usually 8080).

Of course this will overwrite all settings so you'll have to create another reg hack to delete it when working from home and needing direct access.
> she was at was saying that they couldn't get out to the internet even on a local profile. I have hidden the connections tab so I am thinking that perhaps he never tried to connect from the local profile.


Have you also enabled "Local Group Policy" on laptop ?


i am in the same boat as you - same as i as i mentioned above. logging in localley for me gives me no issues even with a proxy set via GP at work :)
Avatar of msidnam

ASKER

Yea, I am thinking this other IT guy never even tried the local account once he found out that the domain account had the connection tab hidden and didnt work.

The users should be back in a couple days and i am going to try some things here since we also have a DSL line that is not attached to our network and its wireless.

I will report back in a couple days once i get those users laptops.
cool cool

good luck - itll be fine im sure
Avatar of msidnam

ASKER

I'm having a tech go out today to do some testing with another laptop.
Avatar of msidnam

ASKER

You are not going to beleive this! The whole reason it wouldn't work is because the site where my auditors are at are themselves using a proxy! And the IT guy there couldnt tell me that when i was talking to him last week? Oh boy! Sorry for the trouble.
oh dear....
LOL! It's always the one thing you don't expect.

Thanks for the points.

Cheers
Ian