Removing Group Policy restrictions

[Doug]

I have a notebook set up with a single user with admin privileges.
Everything worked OK, including ethernet to ADSL modem.

I have now had to connect to a domain at work. Everything is OK at work,
but at home, whether I log in as the domain user or as the original single
user logging in to the local computer, the ethernet port no longer connects.
Checking the windows firewall I see that group policy is controlling the
registry.
Why? Shouldn't the non-domain user have a normal registry.
How can I return the registry to normal for the non-domain user?

 

[Lanwench [MVP - Exchange]]

I have a notebook set up with a single user with admin privileges.
Everything worked OK, including ethernet to ADSL modem.

I have now had to connect to a domain at work. Everything is OK at
work, but at home, whether I log in as the domain user or as the
original single user logging in to the local computer, the ethernet
port no longer connects. Checking the windows firewall I see that
group policy is controlling the registry.
Why? Shouldn't the non-domain user have a normal registry.

No, not for things that apply to the whole computer. And you really should
use only one login so you have only one profile. When I join a computer to a
domain I get rid of the local account entirely.

How can I return the registry to normal for the non-domain user?

Talk to the admins at work about how they've configured their policies for
your laptop.

This may be moot....for your home ADSL, it's a good idea to get a little
router/firewall appliance anyway, so you don't need to do anything but plug
in & get a DHCP configured address - no local authentication, etc. Also more
secure. This may solve the problem.

 

[Doug]

I realise that there needs to be control over the domain user when connected
to the domain. But why take over the complete computer when not on the
domain.

Notebooks are designed for that very reason - they can be used away from the
domain.
The ethernet connection works ONLY when authenticated (ie physically
attached to the domain and logged in correctly). What domain policy would
deactivate the ethernet port?

 

[Lanwench [MVP - Exchange]]

I realise that there needs to be control over the domain user when
connected to the domain. But why take over the complete computer
when not on the domain.

Because that's the way group policy works. Even if you now remove the
computer from the domain, some settings will remained "tattooed" on it.

Notebooks are designed for that very reason - they can be used away
from the domain.

Sure. And for some kinds of settings, the admins can probably devise domain
& non-domain policies if they know what they're doing, but they may also
have their reasons. That's nothing I could possibly know.

The ethernet connection works ONLY when authenticated (ie physically
attached to the domain and logged in correctly).

At home, I'd be willing to bet that if you have a router that handles the
PPPoE authentication it would work...and (yes, again OT) that's a better
setup anyway as you have more security & can use more than one
computer/network device on that network.

What domain policy
would deactivate the ethernet port?

Well, I doubt it's disabled outright. I'll bet you could connect it to
something that didn't require authentication,and get a DHCP configured
address, and work away. You might test that somewhere else. I don't know
what you've tried to do to test this as you haven't described any of your
exact symptoms, but if you do need PPPoE and can create a new network
account you can choose that as an option and try it.

If you get no joy there, there's probably nothing you can do about this from
your end. You need to work with the IT people who are responsible for the
domain. If they won't budge & this is your personal computer, perhaps it
should not belong to the domain at all. If it's a company computer, and you
are set up according to their company policy, you may be stuck with what
they give you.

 

[Doug]

OK. I'll give more info. Before connecting to the domain, the notebook used
ethernet to connect to an ADSL modem for Internet access.

Take notebook to work, connect to domain, notebook works OK on domain.
Come back home, now have to Ctrl-Alt-Del on to notebook. ipconfig says LAN
media disconnected whether logged in as domain user (can not find profile but
logs in anyway) or as original user (log in to This Computer).

Remove cable from this notebook and connect to a different, stand-alone (no
domain) computer and ADSL modem found and working. IE same cable, only PC
end disconnected and reconnected.

IS there a way to remove group policyt restrictions?

 

[Lanwench [MVP - Exchange]]

OK. I'll give more info. Before connecting to the domain, the
notebook used ethernet to connect to an ADSL modem for Internet
access.

Yes, I understand all this......

Take notebook to work, connect to domain, notebook works OK on domain.
Come back home, now have to Ctrl-Alt-Del on to notebook.

Yes, of course....you belong to a domain.

ipconfig
says LAN media disconnected whether logged in as domain user (can not
find profile but logs in anyway) or as original user (log in to This
Computer).

And does your ADSL modem require PPPoE authentication? They usually do.
That's what I've been getting at. Either try creating a new LAN connection
using PPPoE (see if it lets you) or get a cheap and cheerful router, which
a) is likely to work and b) will also give you more protectoin from the
Internet.

Remove cable from this notebook and connect to a different,
stand-alone (no domain) computer and ADSL modem found and working.
IE same cable, only PC end disconnected and reconnected.

IS there a way to remove group policyt restrictions?

No. You need to talk to your admins, I'm sorry.