When I issue the following command: GPUPDATE /TARGET:COMPUTER /FORCE I
receive the following error:

The processing of Group Policy failed because of lack of network
connectivity to a domain controller.

While the computer is joined to a Win2k3 domain, it is currently
disconnected and I am logged in with a local machine account with
administrative privileges.

I am making changes via the local group policy editor MMC snapin but they
are not being applied.

If I perform the same function on an XP machine, it works fine. Once the
machine has access to the domain, the local group policy settings, along with
domain group policy settings are properly applied.

What must I configure so the local group policy can be applied when
disconnected from the Domain?

REF: Windows Vista Ultimate 64 SP1

Yes, this is expected behavior. If you are on a machine that is joined
to an AD domain, then GP processing will not occur at all if you are not
connected to the domain and a DC, in some way. Furthermore, if you try
to effectively circumvent domain policy by modifying the local GPO, it
is basically ignored by the system. That is, no local GP processing is
done while you are disconnected from the domain. This is understandable,
given that any user could simply unplug from the domain if they ever
want to circumvent GP.

Darren
'Group Policy Tools and Information from GPOGUY.COM'
(http://www.gpoguy.com)


--
gpoguy

Expected only on VISTA? It works fine on XP and Server 2003. I do not buy
the security argument here. If you have the capability to change the local
GP, then you have the ability to change the registry. If I edit the registry
manually, rather than having the GP do it for me, then I get the desired
change in system behavior. If that’s MS idea of security by inconvenience,
then I will simply use a different door. Now I see why administrators are
not adopting this software.

"gpoguy" wrote:


Yes, this is expected behavior. If you are on a machine that is joined
to an AD domain, then GP processing will not occur at all if you are not
connected to the domain and a DC, in some way. Furthermore, if you try
to effectively circumvent domain policy by modifying the local GPO, it
is basically ignored by the system. That is, no local GP processing is
done while you are disconnected from the domain. This is understandable,
given that any user could simply unplug from the domain if they ever
want to circumvent GP.

Darren
'Group Policy Tools and Information from GPOGUY.COM'
(http://www.gpoguy.com)


--
gpoguy

Actually, I first observed this behavior on XP so no, not just Vista. If
you are somehow getting around it, I'd love to see a userenv.log file
from the XP system because that's not the way its supposed to work.

As for your comment about security, you are coming from the perspective
of someone running as administrator on the box. In that scenario, I
can't imagine why you would even use Group Policy because it is
absolutely worthless. Not only can you override any Group Policy
settings at will, but any malicious code running as you can as well. So,
in your scenario, it really doesn't matter whether GP processing works
locally or not when disconnected from the network. This behavior that I
described is really for folks that are not admins, that are trying to
tinker around the edges.

Darren


--
gpoguy