[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Prevent group policy from effecting local users

Posted on 2006-03-20
15
Medium Priority
?
346 Views
Last Modified: 2010-04-13
I currently have group policy enabled for my domain. I am doing it mainly for proxy settings. The problem i am coming across is if a user takes thier laptop home and logs in to the local computer [computername (this computer)] the group policy is coming across. How can i make it so that if they log on locally to the computer they dont use the proxy?
0
Comment
Question by:msidnam
  • 5
  • 4
  • 4
  • +1
15 Comments
 
LVL 6

Accepted Solution

by:
ian_chard earned 1200 total points
ID: 16236519
Hi,

The group policy shouldn't effect the local machine, Especially if they are not logging onto the domain.

One way to get round this would be to make a local group policy on each laptop that has no proxy server configuired. This would be applied when the user logs on locally, but when they log onto the domain, The domain policy would take precedence and set up the Proxy details.

It is possible that when the user is logging on at home, The PC still has the settings from the group policy on it, Even though it is not actually refreshing those policy settings.

Cheers
0
 
LVL 13

Expert Comment

by:rhinoceros
ID: 16237172
Group policy will affect when the domain user logon their domain account (profile) on laptop, it mean the users account must be the member of OU.

However, local user account have another one profile for locally logon, that is different with domain account, and all GPO setting (include proxy setting) will not be enabled.
0
 
LVL 6

Expert Comment

by:ian_chard
ID: 16237481
Another way around the problem is to create a batch file and put it in the local user accounts startup folder in C:\documents and settings\%USERNAME%\\Start Menu\Programs\Startup that runs the following:

proxycfg -d

This will give the machine direct internet access for that user only. You could always do this with a registry hack that runs at start up via a local policy for the local user that also modifies the hkcu internet settings to disable proxy configuration for that user, and run it alongside the proxycfg too to ensure they get direct Internet access.

Proxycfg will only work on XP machines by default, though you may be able to copy it from an XP/Windows 2003 server machine to get it to work.
0
[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16242442
GPO will hold whether you log on locally or to the domain as mentioned above

i have proxy set in mine and the minute i go home and plug in to the network i get no issues, windows takes care of itself even with my proxy enabled

does your proxy screw up home internet?
0
 
LVL 6

Expert Comment

by:ian_chard
ID: 16245164
I should have added in my above post that %USERNAME% would be the username for the LOCAL log on, and not any domain one.

Thanks
Ian
0
 
LVL 2

Author Comment

by:msidnam
ID: 16246534
thank you all for help. I figured that  if you log on locally it should bypass the proxy. one of our auditors was out in the field yesterday and the IT guy where she was at was saying that they couldn't get out to the internet even on a local profile. I have hidden the connections tab so I am thinking that perhaps he never tried to connect from the local profile. I tried on my laptop after I posted and even though I couldn't see the connections tab I was able to get on. I will need to check out their laptops when they get back. I will post again in a day or two. thanks again for the help everyone.
0
 
LVL 6

Expert Comment

by:ian_chard
ID: 16246573
If you are trying to set the proxy server within the organisation without using the connection tab you can use a reg hack to enter the proxy details like this:


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyServer"="PROXYSERVERNAME:PROXYPORT"

Where proxyservername is the proxy server name and proxyport is the port used on the proxy (usually 8080).

Of course this will overwrite all settings so you'll have to create another reg hack to delete it when working from home and needing direct access.
0
 
LVL 13

Expert Comment

by:rhinoceros
ID: 16248673
> she was at was saying that they couldn't get out to the internet even on a local profile. I have hidden the connections tab so I am thinking that perhaps he never tried to connect from the local profile.


Have you also enabled "Local Group Policy" on laptop ?


0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16252152
i am in the same boat as you - same as i as i mentioned above. logging in localley for me gives me no issues even with a proxy set via GP at work :)
0
 
LVL 2

Author Comment

by:msidnam
ID: 16252176
Yea, I am thinking this other IT guy never even tried the local account once he found out that the domain account had the connection tab hidden and didnt work.

The users should be back in a couple days and i am going to try some things here since we also have a DSL line that is not attached to our network and its wireless.

I will report back in a couple days once i get those users laptops.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16252238
cool cool

good luck - itll be fine im sure
0
 
LVL 2

Author Comment

by:msidnam
ID: 16282811
I'm having a tech go out today to do some testing with another laptop.
0
 
LVL 2

Author Comment

by:msidnam
ID: 16284682
You are not going to beleive this! The whole reason it wouldn't work is because the site where my auditors are at are themselves using a proxy! And the IT guy there couldnt tell me that when i was talking to him last week? Oh boy! Sorry for the trouble.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16285103
oh dear....
0
 
LVL 6

Expert Comment

by:ian_chard
ID: 16287198
LOL! It's always the one thing you don't expect.

Thanks for the points.

Cheers
Ian
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question