Connect to a domain occasionally; don't want the policies sent to me

Tutorials Win: Microsoft Windows Forum

I work at a remote location from our home office. I have my own two
computers here in my office, both running Windows XP Pro.

I sometimes log in to the company's network using a VPN, which I *think*
logs me in to their domain. (Although when I log on to my computer, I ask
to log in to my local computer, not to any domain. I connect to the VPN
later.)

I don't want or need the corporate security policies applied to my computer
here. They have some things like a big logon "scare" dialog box (which is
so full of words that it overflows the dialog box, and of course there are
no scroll bars on this box, so the message is partly useless anyway).

Today, I tried to encrypt one of my local folders, and I can't, because
somewhere in the vastness of the corporate behemoth, there is an expired
certificate that was (or could be) used as a recovery agent. So I get the
error message that the "recovery policy configured for this system [which
system?] contains invalid recovery certificate". I tried to tell my own
local Encrypting File System policy that I don't want to use a recovery
agent, but I still can't encrypt anything.

Question: Even though I connect occasionally to this corporate domain
using a VPN, can I avoid their AD policies? I am my own administrator, and
I want to log in to my own two-computer peer-to-peer network, or to no
domain at all. Even when I am using the VPN

Thanks.

David Walker
Top

Re: Connect to a domain occasionally; don't want the policies sent to me by Meinolf

Meinolf
Wed Aug 13 13:15:37 PDT 2008

Hello David,

You have to talk to your companies boss about this. They made the policies
for specific reasons. If you do not agree with them, why do you work there?

And if this are domain machines, to answer your question, the policy will
be reapplied automatically, even if you are not connected to the domain.
So changing them with the local admin has no effect. That's by design.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> I work at a remote location from our home office. I have my own two
> computers here in my office, both running Windows XP Pro.
>
> I sometimes log in to the company's network using a VPN, which I
> *think* logs me in to their domain. (Although when I log on to my
> computer, I ask to log in to my local computer, not to any domain. I
> connect to the VPN later.)
>
> I don't want or need the corporate security policies applied to my
> computer here. They have some things like a big logon "scare" dialog
> box (which is so full of words that it overflows the dialog box, and
> of course there are no scroll bars on this box, so the message is
> partly useless anyway).
>
> Today, I tried to encrypt one of my local folders, and I can't,
> because somewhere in the vastness of the corporate behemoth, there is
> an expired certificate that was (or could be) used as a recovery
> agent. So I get the error message that the "recovery policy
> configured for this system [which system?] contains invalid recovery
> certificate". I tried to tell my own local Encrypting File System
> policy that I don't want to use a recovery agent, but I still can't
> encrypt anything.
>
> Question: Even though I connect occasionally to this corporate domain
> using a VPN, can I avoid their AD policies? I am my own
> administrator, and I want to log in to my own two-computer
> peer-to-peer network, or to no domain at all. Even when I am using
> the VPN
>
> Thanks.
>
> David Walker
>


Top

Re: Connect to a domain occasionally; don't want the policies sent to me by Paul

Paul
Wed Aug 13 15:08:31 PDT 2008

If this home machine is not part of the domain then you shouldn't be
receiving any of the policies. Hence if the home workstation is part of the
domain remove it and any domain resources you need just authenticate to that
resource.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"David Walker" <none@none.com> wrote in message
news:Xns9AF96CCBC38ADDavidWalker@207.46.248.16...
>I work at a remote location from our home office. I have my own two
> computers here in my office, both running Windows XP Pro.
>
> I sometimes log in to the company's network using a VPN, which I *think*
> logs me in to their domain. (Although when I log on to my computer, I ask
> to log in to my local computer, not to any domain. I connect to the VPN
> later.)
>
> I don't want or need the corporate security policies applied to my
> computer
> here. They have some things like a big logon "scare" dialog box (which is
> so full of words that it overflows the dialog box, and of course there are
> no scroll bars on this box, so the message is partly useless anyway).
>
> Today, I tried to encrypt one of my local folders, and I can't, because
> somewhere in the vastness of the corporate behemoth, there is an expired
> certificate that was (or could be) used as a recovery agent. So I get the
> error message that the "recovery policy configured for this system [which
> system?] contains invalid recovery certificate". I tried to tell my own
> local Encrypting File System policy that I don't want to use a recovery
> agent, but I still can't encrypt anything.
>
> Question: Even though I connect occasionally to this corporate domain
> using a VPN, can I avoid their AD policies? I am my own administrator,
> and
> I want to log in to my own two-computer peer-to-peer network, or to no
> domain at all. Even when I am using the VPN
>
> Thanks.
>
> David Walker


Top