Windows 7 Group Policy problem

[ddecoursey]

Running win7 64 bit
We have a Domain GP one restriction is the Windows installer is disabled
so withthat said.... on my laptop I am disconnected from the coporate LAN...and I want to install my new VPN client so I can connect when at home via my in homw wireless netowrk ...and I cannot install the client.

I am logged in using my "local administrator account" still no dice
I run the RSoP snap in and it tells me the "installer disabled policy (its called Standard User Setup: and is applied to all OU's in our AD) is still in effect (no kidding)
In the past I have seen where a domain GP will alter the local GP and in the past I have been exasperated that locally set policies (if you dont know how to do it corerectly) get applied to even, the local administrator. when this is the case my workaround is to deny read and execute to the local group loicy folder.........
I have done this also and the installer will still not run and the RSoP still reports the standard User setup policy has my windows installer disabled

It may sound like I know what I am doing ...but obviously I dont ....any help on how to get ny windows installer to work again ( I dont want "unjoin" my domain ) will be greatly appreciated

 

[Captain Jack]

Hello and Welcome to W7F !

Did you speak with your IT support about this problem ?

 

[ddecoursey]

Rrr Capt'n I am the IT department scallywag

 

[Trouble]

You may want to revisit your group policy regarding "Standard User Setup" and consider how it is applied with respect to your laptop. Group polices are applied in a specific order (LSD-O) local, site, domain and then organizational unit. If you are the I.T. department then you might want to exclude your machine(s) from this policy, either by moving it to an (or creating a seperate) OU that does not have this GP applied or in the case of a domain or site GP, consider addressing this by applying the GP more granularly by creating an OU where you really need this policy to apply and then moving the computers that you want it to apply to into that OU (then apply the GPO) to that OU, rather that blanketing all workstations.

 

[ddecoursey]

I have an OU in AD called "ExculisonZone" this OU does not have the" Standard Users GP" linked to it..... and the computer and user are both in that OU just for grins

this is my entire problem ..... between the laptop not being on my internal LAN right now and just using a wireless internet router /DLS internet connection.....(equvilentto a hot spot) I dont know what or how one of the policy objects that has been defined in my NETWORK GP..seems ti still be in effect ......when I am foir all intenets and purposed completely disconnected

THis hot spot has DHCP'd all the TCPIP particualrs ......there ought to be no trace of this setting from my internal Domain being enforced

 

[Trouble]

OK, while you are connected to your domain force a gpupdate (normally a logoff and logon or reboot will do this but force one just in case) and check RSoP and see what it looks like and confirm that the software restriction policy is not being applied. Since this particular product impacts the network topology, double check and make sure that there are not additional policies in place that might restrict such actions.

 

[ddecoursey]

I un joined the domain and did my install then re joined .......... when not connected to the compnay network , and logged in as the local admin I should not be hindered ny Domain GP restrictions.....but Oh welll the work arounf worked

thanks to all