Removing Group Policy restrictions

I have a notebook set up with a single user with admin privileges.
Everything worked OK, including ethernet to ADSL modem.

I have now had to connect to a domain at work. Everything is OK at work,
but at home, whether I log in as the domain user or as the original single
user logging in to the local computer, the ethernet port no longer connects.
Checking the windows firewall I see that group policy is controlling the
registry.
Why? Shouldn't the non-domain user have a normal registry.
How can I return the registry to normal for the non-domain user?
--
Doug

Doug <Doug@discussions.microsoft.com> wrote:
> I have a notebook set up with a single user with admin privileges.
> Everything worked OK, including ethernet to ADSL modem.
>
> I have now had to connect to a domain at work. Everything is OK at
> work, but at home, whether I log in as the domain user or as the
> original single user logging in to the local computer, the ethernet
> port no longer connects. Checking the windows firewall I see that
> group policy is controlling the registry.
> Why? Shouldn't the non-domain user have a normal registry.

No, not for things that apply to the whole computer. And you really should
use only one login so you have only one profile. When I join a computer to a
domain I get rid of the local account entirely.

> How can I return the registry to normal for the non-domain user?

Talk to the admins at work about how they've configured their policies for
your laptop.

This may be moot....for your home ADSL, it's a good idea to get a little
router/firewall appliance anyway, so you don't need to do anything but plug
in & get a DHCP configured address - no local authentication, etc. Also more
secure. This may solve the problem.

I realise that there needs to be control over the domain user when connected
to the domain. But why take over the complete computer when not on the
domain.

Notebooks are designed for that very reason - they can be used away from the
domain.
The ethernet connection works ONLY when authenticated (ie physically
attached to the domain and logged in correctly). What domain policy would
deactivate the ethernet port?
--
Doug


"Lanwench [MVP - Exchange]" wrote:

> Doug <Doug@discussions.microsoft.com> wrote:
> > I have a notebook set up with a single user with admin privileges.
> > Everything worked OK, including ethernet to ADSL modem.
> >
> > I have now had to connect to a domain at work. Everything is OK at
> > work, but at home, whether I log in as the domain user or as the
> > original single user logging in to the local computer, the ethernet
> > port no longer connects. Checking the windows firewall I see that
> > group policy is controlling the registry.
> > Why? Shouldn't the non-domain user have a normal registry.
>
> No, not for things that apply to the whole computer. And you really should
> use only one login so you have only one profile. When I join a computer to a
> domain I get rid of the local account entirely.
>
> > How can I return the registry to normal for the non-domain user?
>
> Talk to the admins at work about how they've configured their policies for
> your laptop.
>
> This may be moot....for your home ADSL, it's a good idea to get a little
> router/firewall appliance anyway, so you don't need to do anything but plug
> in & get a DHCP configured address - no local authentication, etc. Also more
> secure. This may solve the problem.
>
>
>
>

Doug <Doug@discussions.microsoft.com> wrote:
> I realise that there needs to be control over the domain user when
> connected to the domain. But why take over the complete computer
> when not on the domain.

Because that's the way group policy works. Even if you now remove the
computer from the domain, some settings will remained "tattooed" on it.

>
> Notebooks are designed for that very reason - they can be used away
> from the domain.

Sure. And for some kinds of settings, the admins can probably devise domain
& non-domain policies if they know what they're doing, but they may also
have their reasons. That's nothing I could possibly know.

> The ethernet connection works ONLY when authenticated (ie physically
> attached to the domain and logged in correctly).

At home, I'd be willing to bet that if you have a router that handles the
PPPoE authentication it would work...and (yes, again OT) that's a better
setup anyway as you have more security & can use more than one
computer/network device on that network.

> What domain policy
> would deactivate the ethernet port?

Well, I doubt it's disabled outright. I'll bet you could connect it to
something that didn't require authentication,and get a DHCP configured
address, and work away. You might test that somewhere else. I don't know
what you've tried to do to test this as you haven't described any of your
exact symptoms, but if you do need PPPoE and can create a new network
account you can choose that as an option and try it.

If you get no joy there, there's probably nothing you can do about this from
your end. You need to work with the IT people who are responsible for the
domain. If they won't budge & this is your personal computer, perhaps it
should not belong to the domain at all. If it's a company computer, and you
are set up according to their company policy, you may be stuck with what
they give you.


>
>> Doug <Doug@discussions.microsoft.com> wrote:
>>> I have a notebook set up with a single user with admin privileges.
>>> Everything worked OK, including ethernet to ADSL modem.
>>>
>>> I have now had to connect to a domain at work. Everything is OK at
>>> work, but at home, whether I log in as the domain user or as the
>>> original single user logging in to the local computer, the ethernet
>>> port no longer connects. Checking the windows firewall I see that
>>> group policy is controlling the registry.
>>> Why? Shouldn't the non-domain user have a normal registry.
>>
>> No, not for things that apply to the whole computer. And you really
>> should use only one login so you have only one profile. When I join
>> a computer to a domain I get rid of the local account entirely.
>>
>>> How can I return the registry to normal for the non-domain user?
>>
>> Talk to the admins at work about how they've configured their
>> policies for your laptop.
>>
>> This may be moot....for your home ADSL, it's a good idea to get a
>> little router/firewall appliance anyway, so you don't need to do
>> anything but plug in & get a DHCP configured address - no local
>> authentication, etc. Also more secure. This may solve the problem.

OK. I'll give more info. Before connecting to the domain, the notebook used
ethernet to connect to an ADSL modem for Internet access.

Take notebook to work, connect to domain, notebook works OK on domain.
Come back home, now have to Ctrl-Alt-Del on to notebook. ipconfig says LAN
media disconnected whether logged in as domain user (can not find profile but
logs in anyway) or as original user (log in to This Computer).

Remove cable from this notebook and connect to a different, stand-alone (no
domain) computer and ADSL modem found and working. IE same cable, only PC
end disconnected and reconnected.

IS there a way to remove group policyt restrictions?
--
Doug


"Lanwench [MVP - Exchange]" wrote:

> Doug <Doug@discussions.microsoft.com> wrote:
> > I realise that there needs to be control over the domain user when
> > connected to the domain. But why take over the complete computer
> > when not on the domain.
>
> Because that's the way group policy works. Even if you now remove the
> computer from the domain, some settings will remained "tattooed" on it.
>
> >
> > Notebooks are designed for that very reason - they can be used away
> > from the domain.
>
> Sure. And for some kinds of settings, the admins can probably devise domain
> & non-domain policies if they know what they're doing, but they may also
> have their reasons. That's nothing I could possibly know.
>
> > The ethernet connection works ONLY when authenticated (ie physically
> > attached to the domain and logged in correctly).
>
> At home, I'd be willing to bet that if you have a router that handles the
> PPPoE authentication it would work...and (yes, again OT) that's a better
> setup anyway as you have more security & can use more than one
> computer/network device on that network.
>
> > What domain policy
> > would deactivate the ethernet port?
>
> Well, I doubt it's disabled outright. I'll bet you could connect it to
> something that didn't require authentication,and get a DHCP configured
> address, and work away. You might test that somewhere else. I don't know
> what you've tried to do to test this as you haven't described any of your
> exact symptoms, but if you do need PPPoE and can create a new network
> account you can choose that as an option and try it.
>
> If you get no joy there, there's probably nothing you can do about this from
> your end. You need to work with the IT people who are responsible for the
> domain. If they won't budge & this is your personal computer, perhaps it
> should not belong to the domain at all. If it's a company computer, and you
> are set up according to their company policy, you may be stuck with what
> they give you.
>
>
> >
> >> Doug <Doug@discussions.microsoft.com> wrote:
> >>> I have a notebook set up with a single user with admin privileges.
> >>> Everything worked OK, including ethernet to ADSL modem.
> >>>
> >>> I have now had to connect to a domain at work. Everything is OK at
> >>> work, but at home, whether I log in as the domain user or as the
> >>> original single user logging in to the local computer, the ethernet
> >>> port no longer connects. Checking the windows firewall I see that
> >>> group policy is controlling the registry.
> >>> Why? Shouldn't the non-domain user have a normal registry.
> >>
> >> No, not for things that apply to the whole computer. And you really
> >> should use only one login so you have only one profile. When I join
> >> a computer to a domain I get rid of the local account entirely.
> >>
> >>> How can I return the registry to normal for the non-domain user?
> >>
> >> Talk to the admins at work about how they've configured their
> >> policies for your laptop.
> >>
> >> This may be moot....for your home ADSL, it's a good idea to get a
> >> little router/firewall appliance anyway, so you don't need to do
> >> anything but plug in & get a DHCP configured address - no local
> >> authentication, etc. Also more secure. This may solve the problem.
>
>
>
>

Doug <Doug@discussions.microsoft.com> wrote:
> OK. I'll give more info. Before connecting to the domain, the
> notebook used ethernet to connect to an ADSL modem for Internet
> access.

Yes, I understand all this......
>
> Take notebook to work, connect to domain, notebook works OK on domain.
> Come back home, now have to Ctrl-Alt-Del on to notebook.

Yes, of course....you belong to a domain.

> ipconfig
> says LAN media disconnected whether logged in as domain user (can not
> find profile but logs in anyway) or as original user (log in to This
> Computer).

And does your ADSL modem require PPPoE authentication? They usually do.
That's what I've been getting at. Either try creating a new LAN connection
using PPPoE (see if it lets you) or get a cheap and cheerful router, which
a) is likely to work and b) will also give you more protectoin from the
Internet.
>
> Remove cable from this notebook and connect to a different,
> stand-alone (no domain) computer and ADSL modem found and working.
> IE same cable, only PC end disconnected and reconnected.
>
> IS there a way to remove group policyt restrictions?

No. You need to talk to your admins, I'm sorry.

>
>> Doug <Doug@discussions.microsoft.com> wrote:
>>> I realise that there needs to be control over the domain user when
>>> connected to the domain. But why take over the complete computer
>>> when not on the domain.
>>
>> Because that's the way group policy works. Even if you now remove the
>> computer from the domain, some settings will remained "tattooed" on
>> it.
>>
>>>
>>> Notebooks are designed for that very reason - they can be used away
>>> from the domain.
>>
>> Sure. And for some kinds of settings, the admins can probably devise
>> domain & non-domain policies if they know what they're doing, but
>> they may also have their reasons. That's nothing I could possibly
>> know.
>>
>>> The ethernet connection works ONLY when authenticated (ie physically
>>> attached to the domain and logged in correctly).
>>
>> At home, I'd be willing to bet that if you have a router that
>> handles the PPPoE authentication it would work...and (yes, again OT)
>> that's a better setup anyway as you have more security & can use
>> more than one computer/network device on that network.
>>
>>> What domain policy
>>> would deactivate the ethernet port?
>>
>> Well, I doubt it's disabled outright. I'll bet you could connect it
>> to something that didn't require authentication,and get a DHCP
>> configured address, and work away. You might test that somewhere
>> else. I don't know what you've tried to do to test this as you
>> haven't described any of your exact symptoms, but if you do need
>> PPPoE and can create a new network account you can choose that as an
>> option and try it.
>>
>> If you get no joy there, there's probably nothing you can do about
>> this from your end. You need to work with the IT people who are
>> responsible for the domain. If they won't budge & this is your
>> personal computer, perhaps it should not belong to the domain at
>> all. If it's a company computer, and you are set up according to
>> their company policy, you may be stuck with what they give you.
>>
>>
>>>
>>>> Doug <Doug@discussions.microsoft.com> wrote:
>>>>> I have a notebook set up with a single user with admin privileges.
>>>>> Everything worked OK, including ethernet to ADSL modem.
>>>>>
>>>>> I have now had to connect to a domain at work. Everything is OK
>>>>> at work, but at home, whether I log in as the domain user or as
>>>>> the original single user logging in to the local computer, the
>>>>> ethernet port no longer connects. Checking the windows firewall I
>>>>> see that group policy is controlling the registry.
>>>>> Why? Shouldn't the non-domain user have a normal registry.
>>>>
>>>> No, not for things that apply to the whole computer. And you
>>>> really should use only one login so you have only one profile.
>>>> When I join a computer to a domain I get rid of the local account
>>>> entirely.
>>>>
>>>>> How can I return the registry to normal for the non-domain user?
>>>>
>>>> Talk to the admins at work about how they've configured their
>>>> policies for your laptop.
>>>>
>>>> This may be moot....for your home ADSL, it's a good idea to get a
>>>> little router/firewall appliance anyway, so you don't need to do
>>>> anything but plug in & get a DHCP configured address - no local
>>>> authentication, etc. Also more secure. This may solve the problem.