Soldato
- Joined
- 8 Mar 2007
- Posts
- 10,938
Heh, they certainly keep me on my toes, but it definitely helps you improve your GPO knowledge quickly when you have to figure out how to lock everything down so securely!
And I'm the clueless one? If you're talking like GPO is the be all and end all and infallible then I'd suggest that moniker fits you better.
http://blogs.technet.com/b/markruss...4/30/circumventing-group-policy-settings.aspx
This bit is especially interesting given all the hot air you've been puffing...
Group policy settings are an integral part of any Windows-based IT environment. If you’re a network administrator you use them to enforce corporate security and desktop management policy, and if you’re a user you’ve almost certainly been frustrated by the limitations imposed by those policies. Regardless of which you are, you should be aware that if the users in your network belong to the local administrator’s group they can get around policies any time they want.
This demonstration highlights the fact that networks that run with users as local administrators have no way to police the usage of their computers.
Hence, granting myself as a local admin makes your GPOs effectively useless.
Last edited: