Apply Active Directory domain group policy to standalone PC

Posted on 2012-09-21
Medium Priority
Last Modified: 2012-09-24
We have an Active Directory 2003 domain with Windows XP workstations. Many settings on the workstations are configured and locked down via Active Directory domain group policy.

We need to send a few workstations to a remote office that does not have a domain controller or a connection to the domain. We're planning to remove the workstations from the domain and create local users.

How can we apply the Active Directory group policies to the local users on the workstations? Will we be able to manage the policies on the local computers (perhaps via gpedit)? Are there other things we are not anticipating that we should be aware of?
Question by:IntInc
LVL 11

Accepted Solution

epichero22 earned 1500 total points
ID: 38422693
It's going to be very difficult to do this in my experience.  You're better off getting a third-party software like DeepFreeze (or similar) to lock a standalone computer down.  

It's possible using GPEdit to do this but making any changes is difficult and you have to be very careful not to lock yourself out of the computer by setting a policy you can't undo.
LVL 17

Expert Comment

by:Brad Bouchard
ID: 38424170
I would try some sort of software that is free such as Kaseya's free remote management tool.  It installs on the computer and allows you remote access at all times and then you could just use the gpedit.msc of the local machine.  You could copy GPOs from your domain and use the same settings on the workgroup computers.
LVL 26

Expert Comment

ID: 38425567
http://www.frickelsoft.net/blog/?p=31 seems to have a method of doing what you want, but be aware once a non-domain computer enters the wild, it's out of your hands.

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question