Although not recommended, if you plan to manage GPOs in an untrusted domain from your local client console, the following limitations must be considered:
• File and directory browsing is performed locally on the client computer.
• Users and groups can only be selected from the client domain and trusted domains.
• Domain-specific information of work-flow enabled Group Policy Objects cannot be set.
• Internet Protocol Security (IPSec) do not load in the Group Policy editor when editing a work-flow
enabled Group Policy Object.
• Workflow disabled Group Policy Objects cannot be edited.
• Workflow disabled Group Policy Objects cannot be copied.
• Workflow disabled Group Policy Objects cannot be renamed.
• Workflow enabled Group Policy Object cannot be edited.
• Workflow enabled Group Policy Objects can only be copied to an untrusted domain when the
GPOADmin client and source Group Policy Object are in the same domain.
• Workflow enabled Group Policy Objects can only be moved to an untrusted domain when the
GPOADmin client and source Group Policy Object are in the same domain.
• Objects cannot be exported to the Live Environment of an untrusted domain.
• Objects cannot be imported from the Live Environment of an untrusted domain.