How do I prevent or override a group policy on Windows 7?

A few months ago my company was purchased by a large corporation. We recently switched our network over to the large corporate network which has more ~~restrictions~~ requirements. One of these is the requirement to use a proxy server for Internet traffic. However, some of our internal servers are not recognized by the corporate DNS, so we need to provide the fully qualified domain name.

For W7, we make changes to the Internet Properties for IE8 and Chrome to include our domain name as an exception to the proxy server (e.g., *.foobar.com). The problem is that a group policy that does not include our domain name is continually pushed out to my systems throughout the day. This requires me to make the appropriate changes to the Internet Properties several times a day in order to access our internal servers.

Is there a way that I can prevent the group policy from being pushed to my systems or detect when the group policy is pushed and override it? I am an administrator on all of my systems. I do have Firefox installed which is not subject to the same group policy push, but I need to have IE8 and Chrome working.

Kevin

Posted 2010-04-27T15:57:04.450

Reputation: 241

3Discuss with sysadmins at large corporation? – Dave M – 2010-04-27T16:05:07.940

1Yes, they have promised to add our domain name to their proxy exceptions three weeks ago, but it has not happened yet. Let's assume that it is not going to happen. – Kevin – 2010-04-27T16:26:00.400

2I'm not sure there's a way beyond just removing yourself from the domain (which probably won't make your sysadmins happy) – Kravlin – 2010-04-27T17:19:29.383

edit your HOSTS file? – Ixobelle – 2010-07-14T05:51:07.410

Answers

Well these GPO's are changing settings in the registry and while I know this will work I don't condone it in any way.

If you find where the change is made, I'll let you do that footwork, you can then change the permissions on that registry key so that System can no longer write to it. I am rather certain it is System but I am not 100% right now. Make sure that your user still has full permissions or you will hose the whole thing, but by making it so the system doesn't have access to make the change you should be in the clear.

Again, talking to the sys admins is a much better way to go and won't get you in any hot water but there is another way that can work.

David Remy

Posted 2010-04-27T15:57:04.450

Reputation: 1 899

How is the network set up? Would it be possible for you to run a local DNS server, and have it send upstream lookups to the corporate DNS server? You could still route your traffic through the proxy, but use your own DNS.

nhinkle

Posted 2010-04-27T15:57:04.450

Reputation: 35 057