Archived from groups: microsoft.public.win2000.group_policy (
More info?)
> > I wonder if there is a way to block the AD group policy on
> > the client so that the client registry settings won't be
> > constantly modified.
>
> With Group Policy, all changes to the client registry are transitive,
> in memory only.
This is not the case. Different extensions apply/remove their settings
however they see fit - registry or otherwise. The ADM Templates extension
sets registry settings in the registry - nothing unique about the settings.
> When the user logs off and/or shuts down, the client
> registry reverts back to its original form.
It may appear this way, but no Group Policy is processed at logoff or
shutdown. It's during a policy refresh that changes are made by various
extensions, including ADM Templates removal of its previously set policies.
> You can configure an OU to Block Policy Inheritance by using the
> check box on the container's Group Policy properties tab. This will
> block Group Policy settings from GPOs linked to the OU's parents.
Yes, but Local GPO cannot be set up to block network policy.
> You also could set up User Group Policy Loopback Processing Mode
> which can be set up to replace the user settings usually given
> to the user with the user settings defined in the computer's GPOs.
I'm not sure this would achieve the desired results.
To selectively stop Group Policy client-side processing, deregister the
appropriate client side extension (CSE) in the following location (you might
want to back it up first ;-):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\GPExtensions
Regards,
Eric Voskuil
Policy Maker
http://www.autoprof.com/policy
> Matt Hickman
> The simple life is all right for a few days vacation. But
> day in and day out it's just so much back breaking drudgery.
> Romantic? Hell, man, there's no time to be romantic about
> it, and damned little incentive.
> - Robert A. Heinlein (1907-1988)
> _Beyond this Horizon_ (c. 1942)