Announcement

Collapse
No announcement yet.

User block GPO on his laptop

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • User block GPO on his laptop

    Hi all,

    I have an user here who block GPO. I explain....

    We have standard for wallpaper, software deployment, etc.
    I have deployed one to fix the wallpaper with our new logo. The GPO copy the .jpg on the local drive and applied it to the user and he was not able to change it. Same for screensaver.

    But on his laptop, i don't see nothing. I'm not able to remote is computer, i think he disable remote registry, wmi, and other services.

    How can i do to be sure this user receive GPO and start services not running. In my GPO, i add block modified registry.

    Thx for your help.

    David

  • #2
    Re: User block GPO on his laptop

    From the sounds of things a good starting place would be to take Local Admin rights away from the user. If he can change settings on services he has too high a level of priveledge for a standard user.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    sigpic
    Cruachan's Blog

    Comment


    • #3
      Re: User block GPO on his laptop

      ok yes i know that, but does any services can control this ?

      Comment


      • #4
        Re: User block GPO on his laptop

        Services don't control Group Membership. If you can't get remote access to the machine (either via RDP or by using the Computer Management snap-in and connecting to the laptop) then you'll need to get the machine from the user.

        If a user is doing this deliberately and stopping remote access to his PC I would want to know why as well. It's somewhat suspicious behaviour.
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        sigpic
        Cruachan's Blog

        Comment


        • #5
          Re: User block GPO on his laptop

          ok....
          cause he was a developper. and i try to found how to start services in remote or with GPO at startup to enable it.

          thx for your fast answer

          Comment


          • #6
            Re: User block GPO on his laptop

            My next call would be to HR. You don't need developers who feel they're above company policy.


            Tom
            For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

            Anything you say will be misquoted and used against you

            Comment


            • #7
              Re: User block GPO on his laptop

              ok, so there are no way to block gpo applied on local machine from the AD?

              Thx guys for you answer

              Comment


              • #8
                Re: User block GPO on his laptop

                There are ways to block GP from the domain, but this is very tricky.
                Even if he did block GP, I don't believe he could block the Security Policy that is coming from the domain.

                It might be possible that he removed his laptop from the domain.

                Anyhow, if the machine is still member of the domain, you can use GPO --> restricted groups to force your own user in his local administrators group. You can also use the Services settings to make sure required services starts.

                He also might have some kind of FireWall application that blocks the entire DC.

                If he's still in the domain, you should use a logon script and / or startup script to enumerate all running processes to see what he's running. That would be a good starting point.

                If he's not in the domain, you don't have much to do.

                Comment


                • #9
                  Re: User block GPO on his laptop

                  ok, so by startup scripts, i could be able to start services on his machine.
                  I will try, cause in this problem, we have a little bit politic business case.

                  I let you know.

                  Comment

                  Working...
                  X