Group Policy and Laptops

by Mitch Tulloch [Published on 7 July 2005 / Last Updated on 7 July 2005]

Common misconception concerning laptops and Group Policy.

Something that is not always understood about Group Policy is this. Say a user has a laptop and uses it to connect remotely to the corporate LAN. Depending on how the remote connection is configured, Group Policy usually is processed to lock down and secure certain functionality on the machine.

Now the user logs off and disconnects from the corporate network and uses the machine as a standalone computer using their locally cached user profile. Are the Group Policy settings that were previously applied still in force? Yes, and they will continue to be enforced until the user connects to the network again and logs on and policy is refreshed.

Of course, if the laptop user has local Administrator privileges on thier machine, they can log on using the Administrator account and overwrite any registry-based settings that were configured by Group Policy. So the moral is, don't give users Administrator privileges without some absolutely compelling reason to do so!

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see .

Latest Contributions

Featured Links