User Mode: High privileged policy remains after admin loged off.
Hi there :)
We want to change our Client management from Computer Mode to User Mode.
While we made some tests to get concerend with it, we came accross a problem: When the Computer is in user mode, it always gets the policy from the Client that logs on, but if this client logoff he will keep the policy from the client that loged off lastly.
In our case this often causes a problem: We have many mobile computers for external missions that are often prepared by high priviliged administrator accounts that have no restrictions to execute applications and are able to disable the firewall. When a user logs on without connection the SEPM, the last used policy will be used, which is often the administrator's one.
Limitting the adminstrator account's policy is not an option!
Is there a way, to made the client always move back to a default group when a user logs off so that this case never will appear?