Solved

Domain and Local Policy Switching

Posted on 2014-04-10
5
281 Views
Last Modified: 2014-04-11
Good morning,

I have some Win 7 laptops that need to adhere to my Windows 2003 domain's 15 minute screen timeout and locking policy while on the network, but when it's off the network, this lockout/timeout needs to be no less than one hour.

How can I accomplish this?

Thanks!
0
Comment
Question by:Michael L
  • 3
  • 2
5 Comments
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39992769
This is not possible to do both scenarios with one GPO.  I'm not even sure it's possible with multiple GPOs as you would have to have some sort of variable setting letting the computer know it's off of the network (not domain, but network) and to switch to a different policy.  Typically what would happen is you would have to move the users' laptop into a different OU with a different lock policy if you wanted to change the lock time.
0
 

Author Comment

by:Michael L
ID: 39992777
Can it be done, somehow, if they log on locally, off network?
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39992835
Yes, with  VB script.  They could even log on with their domain creds locally if they are cached.  The script would basically check whether they were on network or off and if they are off then it would set their lockout to at least 60 minutes.  I'm oversimplifying that, but I know there are some awesome VB scripters/programmers on here that could whip you up something real good.
0
 

Author Comment

by:Michael L
ID: 39992995
Interesting. Will have to research.
0
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 500 total points
ID: 39993022
If you post a question under the VB sections of the site (I think they are VB.NET, Visual Basic, VB Script, etc.) you will get some really good replies, even the actual code.  Look for a guy named Rob Sampson, he is one of the top Experts in VB and one of the top Experts overall.  He is great.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question