Local Policies for Domain Users on XP

[Guest]

Hi

I am setting up a new PC image that will form part of a domain. Due to problems with SecuRemote VPN software and Group Policies, I can't push the GPO's down to users when they logon to the domain. I have tried creating a local policy for all the settings I require (Computer & User) and filtered out the Administrators via a deny ACL to the local policy. This seems to work fine but only for local users to the PC, not when you logon to the domain as a user. Can anyone clarify is this is by design and that Local policies only apply to local users? I thought that policies where applied in the order Local, Site, Domain, OU? Anyone have any ideas apart from creating reg files or modifying ntuser.dat?

 

[Guest]

Hi You are indeed correct about the order in which
policies get applied L,S,D,OU.

It seems that when you log on as a Domain user the Local
policy setting is getting overwritten. Do you have any
Site,Domain or OU policies that could be doing this ?

Try using the GPRESULT tool ?

http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/prodtechnol/winxppro/proddocs/gpresult.asp

Regards,

Tim

-----Original Message-----
Hi,

I am setting up a new PC image that will form part of a

domain. Due to problems with SecuRemote VPN software and
Group Policies, I can't push the GPO's down to users when
they logon to the domain. I have tried creating a local
policy for all the settings I require (Computer & User)
and filtered out the Administrators via a deny ACL to the
local policy. This seems to work fine but only for local
users to the PC, not when you logon to the domain as a
user. Can anyone clarify is this is by design and that
Local policies only apply to local users? I thought that
policies where applied in the order Local, Site, Domain,
OU? Anyone have any ideas apart from creating reg files or
modifying ntuser.dat?