Active Directory/Documentation/Security Policies When Offsite
Q: We have a lot of laptop users that we're migrating into our Active Directory (AD) domain. We'd like to use Group Policy to lock down their desktops and implement other security policies. However, we're concerned about what happens when these users disconnect from the network and boot their computers while traveling. What will happen to the desktop options that we've locked down and to other security policies we've defined through Group Policy Objects (GPOs) in the domain?
A: You're covered. Whenever a Windows computer applies Group Policy, the computer builds a Resultant Set of Policies (RsoP) showing all the GPOs that are in effect according to Windows' rules for Group Policy processing. Windows applies the RSoP to the local computer's effective settings and saves the RSoP locally. The next time Windows boots or needs to reapply Group Policy, if the computer can't reach a domain controller (DC) for up-to-date copies of GPOs, the computer reapplies the cached copy of the RSoP that it built the last time the computer contacted a DC. Consequently, policies you define through Group Policy will persist even when laptop users disconnect from the network.