No announcement yet.

how to Override local policy over group policy 2008

  • Filter
  • Time
  • Show
Clear All
new posts

  • how to Override local policy over group policy 2008

    I was told once that GP was worthless as long as a domain user had
    local admin rights because they could get around any settings. Other than
    removing a computer from the domain, the only way I can think of that this might
    be possible is by setting a LP that is counter to the GP settings and somehow
    enforcing the LP. I haven't found anything to either confirm or deny that this
    is possible. We are planning to do this for our developers who have admin rights on the local machine, is there some way we can enforce some changes to their system although they are the administrators for their machine or if there was a way that we can enforce the local policy through the group policy so that we do not have to make changes on each machine and things can be managed centrally.
    Can anyone here speak to this?

  • #2
    Re: how to Override local policy over group policy 2008

    Remember GPs get re-applied so yes, a local admin can over-ride them, but within 90 minutes, they will have to do it again... and again....

    If this is developers, presumably they have a reason to change policies?

    You cannot manage local policies centrally -- that is the role of group policies!
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **