Wednesday, February 21, 2007
Dangers of Group Policy
As any powerful tool, Group Policy may cause trouble if used inappropriately. Once I have set the following parameters in our domain's default policy: Computer Configuration - Administrative Templates - Network - DNS Client - DNS Servers and DNS Suffix Search List to the values appropriate to our LAN. I must admit that in doing so I didn't pursue any particular purpose, since these settings were configured on all client computers either manually or with DHCP. It just seemed a right thing to do. Wrong. Recently we started using a laptop computer to access the Internet wirelessly via GPRS while on the road. All went well until the laptop was joined to the domain. Suddenly GPRS connection no longer worked. Investigation revealed the following: once the laptop was joined to the domain, Group Policy applied to it, including our internal LAN DNS Server setting. Then, unexpectedly, the computer continued using this DNS Server even when disconnected from the LAN and connected via GRPS, which, of course, didn't work. To resolve the problem I simply removed these settings from the Group Policy, then connected the laptop to the LAN and ran gpupdate to update Group Policy settings. I guess if I did need these settings in the Group Policy I would have to move the laptop to another OU in the Active Directory so that this particular policy would not apply to it.