Conflicting network GPO issues

[meanoldman]

Hello,

I've searched and don't see a solution so far.

I have users on my network who, for work have to connect to our customers networks while onsite. In one such scenario the customer is pushing policies that are for lack of a better description a PITA. One of the items they push is the removal of the Connections tab in Internet Explorer, which my users actually need to have access to. The only way I know to reset the Connections tab it through the registry, but since my users do not have Administrator level privileges they can't do this themselves.

So my two part question is:

1) how can I keep the customer's GPO from applying to my users computers
2) how can I allow my users to reset the Connections tab without admin rights?

Thanks

[jeremym]

1. Ensure that your machine isn't domain joined. No domain join = no GPOs.
2. You can also log on as admin and BLOCK (Writeeny) the registry spots that are being affected.

In that way, there's no way that GP will apply down to that machine.

[meanoldman]

Thanks Jeremy,

I'll give the registery suggestion a try.

When you say make sure the machine isn't bound to a domain, I'm not following. The computers are all members of my AD domain, should they not be? Sorry for the ignorance.

[jeff_longley]

If the machines are joined to YOUR domain, your polices apply. The customers policies will never apply. The customer's policies can be the biggest PITA policies, but they shouldn't be touching your machines.

[meanoldman]

If the machines are joined to YOUR domain, your polices apply. The customers policies will never apply. The customer's policies can be the biggest PITA policies, but they shouldn't be touching your machines.

That is what I would expect, but somehow when my users connect to the customer's network through a Cisco VPN connection a policy somewhere is removing the 'Connections' tab from IE. I don't think they have been connecting to the customers network by any other means than the Cisco client. I am pretty sure it is some GP on the customers side only based on the fact that I overheard one of my associates on the phone with their help desk and he was asked to run gpupdate on the customers network. I instructed him to never do that again, no matter what.

[jeff_longley]

ahhhh..... I imagined you simply sitting "on top" of the customers network; Your actually authenticating to the network, so any user polices could now be pushed at you.