Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Domain and Local Policy Switching

Posted on 2014-04-10
5
Medium Priority
?
292 Views
Last Modified: 2014-04-11
Good morning,

I have some Win 7 laptops that need to adhere to my Windows 2003 domain's 15 minute screen timeout and locking policy while on the network, but when it's off the network, this lockout/timeout needs to be no less than one hour.

How can I accomplish this?

Thanks!
0
Comment
Question by:Michael L
  • 3
  • 2
5 Comments
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39992769
This is not possible to do both scenarios with one GPO.  I'm not even sure it's possible with multiple GPOs as you would have to have some sort of variable setting letting the computer know it's off of the network (not domain, but network) and to switch to a different policy.  Typically what would happen is you would have to move the users' laptop into a different OU with a different lock policy if you wanted to change the lock time.
0
 

Author Comment

by:Michael L
ID: 39992777
Can it be done, somehow, if they log on locally, off network?
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39992835
Yes, with  VB script.  They could even log on with their domain creds locally if they are cached.  The script would basically check whether they were on network or off and if they are off then it would set their lockout to at least 60 minutes.  I'm oversimplifying that, but I know there are some awesome VB scripters/programmers on here that could whip you up something real good.
0
 

Author Comment

by:Michael L
ID: 39992995
Interesting. Will have to research.
0
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 2000 total points
ID: 39993022
If you post a question under the VB sections of the site (I think they are VB.NET, Visual Basic, VB Script, etc.) you will get some really good replies, even the actual code.  Look for a guy named Rob Sampson, he is one of the top Experts in VB and one of the top Experts overall.  He is great.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question