• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 420
  • Last Modified:

Prevent group policy from effecting local users

I currently have group policy enabled for my domain. I am doing it mainly for proxy settings. The problem i am coming across is if a user takes thier laptop home and logs in to the local computer [computername (this computer)] the group policy is coming across. How can i make it so that if they log on locally to the computer they dont use the proxy?
0
msidnam
Asked:
msidnam
  • 5
  • 4
  • 4
  • +1
1 Solution
 
ian_chardCommented:
Hi,

The group policy shouldn't effect the local machine, Especially if they are not logging onto the domain.

One way to get round this would be to make a local group policy on each laptop that has no proxy server configuired. This would be applied when the user logs on locally, but when they log onto the domain, The domain policy would take precedence and set up the Proxy details.

It is possible that when the user is logging on at home, The PC still has the settings from the group policy on it, Even though it is not actually refreshing those policy settings.

Cheers
0
 
rhinocerosCommented:
Group policy will affect when the domain user logon their domain account (profile) on laptop, it mean the users account must be the member of OU.

However, local user account have another one profile for locally logon, that is different with domain account, and all GPO setting (include proxy setting) will not be enabled.
0
 
ian_chardCommented:
Another way around the problem is to create a batch file and put it in the local user accounts startup folder in C:\documents and settings\%USERNAME%\\Start Menu\Programs\Startup that runs the following:

proxycfg -d

This will give the machine direct internet access for that user only. You could always do this with a registry hack that runs at start up via a local policy for the local user that also modifies the hkcu internet settings to disable proxy configuration for that user, and run it alongside the proxycfg too to ensure they get direct Internet access.

Proxycfg will only work on XP machines by default, though you may be able to copy it from an XP/Windows 2003 server machine to get it to work.
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
Jay_Jay70Commented:
GPO will hold whether you log on locally or to the domain as mentioned above

i have proxy set in mine and the minute i go home and plug in to the network i get no issues, windows takes care of itself even with my proxy enabled

does your proxy screw up home internet?
0
 
ian_chardCommented:
I should have added in my above post that %USERNAME% would be the username for the LOCAL log on, and not any domain one.

Thanks
Ian
0
 
msidnamAuthor Commented:
thank you all for help. I figured that  if you log on locally it should bypass the proxy. one of our auditors was out in the field yesterday and the IT guy where she was at was saying that they couldn't get out to the internet even on a local profile. I have hidden the connections tab so I am thinking that perhaps he never tried to connect from the local profile. I tried on my laptop after I posted and even though I couldn't see the connections tab I was able to get on. I will need to check out their laptops when they get back. I will post again in a day or two. thanks again for the help everyone.
0
 
ian_chardCommented:
If you are trying to set the proxy server within the organisation without using the connection tab you can use a reg hack to enter the proxy details like this:


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyServer"="PROXYSERVERNAME:PROXYPORT"

Where proxyservername is the proxy server name and proxyport is the port used on the proxy (usually 8080).

Of course this will overwrite all settings so you'll have to create another reg hack to delete it when working from home and needing direct access.
0
 
rhinocerosCommented:
> she was at was saying that they couldn't get out to the internet even on a local profile. I have hidden the connections tab so I am thinking that perhaps he never tried to connect from the local profile.


Have you also enabled "Local Group Policy" on laptop ?


0
 
Jay_Jay70Commented:
i am in the same boat as you - same as i as i mentioned above. logging in localley for me gives me no issues even with a proxy set via GP at work :)
0
 
msidnamAuthor Commented:
Yea, I am thinking this other IT guy never even tried the local account once he found out that the domain account had the connection tab hidden and didnt work.

The users should be back in a couple days and i am going to try some things here since we also have a DSL line that is not attached to our network and its wireless.

I will report back in a couple days once i get those users laptops.
0
 
Jay_Jay70Commented:
cool cool

good luck - itll be fine im sure
0
 
msidnamAuthor Commented:
I'm having a tech go out today to do some testing with another laptop.
0
 
msidnamAuthor Commented:
You are not going to beleive this! The whole reason it wouldn't work is because the site where my auditors are at are themselves using a proxy! And the IT guy there couldnt tell me that when i was talking to him last week? Oh boy! Sorry for the trouble.
0
 
Jay_Jay70Commented:
oh dear....
0
 
ian_chardCommented:
LOL! It's always the one thing you don't expect.

Thanks for the points.

Cheers
Ian
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

  • 5
  • 4
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now