Re: Default domain policy

From: Gary Mudgett [MSFT] (garymu_at_online.microsoft.com)
Date: 07/16/04 

Date: Fri, 16 Jul 2004 08:43:25 -0400

None of the default policies specify any permission settings.

In the Default Domain Policy the only things defined by default are the
password policies.
In the Default Domain Controllers policy the only things defined by default
are UserRights and a couple of Security Options.

Any other settings would have been added to the policies after the fact
manually (accidentally) or by importing a security template.

So if you don't need them then they can be removed from the policy.

Please look at the following articles for FRS information pertaining to the
events you were seeing:
315045 FRS Event 13567 Is Recorded in the File Replication Service Event Log
    http://support.microsoft.com/?id=315045
284947 Antivirus programs may modify security descriptors and cause
excessive
    http://support.microsoft.com/?id=284947
279156 The Effects of Setting the File System Policy on a Disk Drive or
Folder
    http://support.microsoft.com/?id=279156 

-- 
Gary Mudgett, MCSE, MCSA
Windows 2000/2003 Directory Services
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
"pdk" <anonymous@discussions.microsoft.com> wrote in message
news:2d5e401c46b19$f01997a0$a601280a@phx.gbl...
> The default domain policy sets security settings on the
> sysvol directory on a given DC, however this triggers
> staging files to grow excessivly as it alters ACL
> information.
> If you alter the Default Domain Policy not to replace any
> security setting on the sysvol directory + subfolders
> everything runs smootly and FRSDiag stops reporting errors.
>
> 1. Are these settings intended by Microsoft in this case
> why ??
> 2. Why does the Default Domain Policy specify the path
> c:\winnt\*** insted of %systemroot%??
>

Relevant Pages

  • Please help, "security settings" in GPO for default domain policy does not get processed
    ... I've added registry settings in "security settings">registry. ... Group Policy was applied from: ... The user received "Internet Explorer Branding" settings from these GPOs: ... Default Domain Policy ...
    (microsoft.public.win2000.group_policy)
  • Re: Aftermath of RDIRCMP.EXE?
    ... Why not just make the Default Domain Policy back to default, which wiill eliminate any possibility that anything you change in there will affect the domain adversely. ... Then create the OU, and as Jorge suggested, link the GPO you previously created, or if you haven't created one, create one with the necessary settings. ... Also, just an FYI, there was another thread recently posted with a similar question, including an OU/GPO design question. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Aftermath of RDIRCMP.EXE?
    ... extensive policies set as local policies for testing purposes and ... they do not want any of those local settings undone or overrided by ... Keep in mind, certain settings in this policy cannot be blocked, such as account settings, security, Kerberos settings, etc. ... If you are trying to block a certain setting, then I'm assuming that you've added settings to the Default Domain Policy. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Default domain policy
    ... It is puzzling how those settings were made. ... gpttmpl.inf file for the Default Domain Policy. ... > the default settings for the security templates. ... >>>>Please look at the following articles for FRS ...
    (microsoft.public.win2000.group_policy)
  • Internet Explorer Proxy Settings
    ... Bis vor kurzem waren unsere Proxysettings ueber die Default Domain Policy ... wird mir bei dem lokalen User als ausschlaggebendes Objekt die Default ... Die Settings wurden aber richtig uebernommen... ...
    (microsoft.public.de.german.win2000.gruppen_richtlinien)