Re: Deleting a GPO directly from the sysvol

Hello Owen7@xxxxxxxxxxxxxxxxxxxxxxxxx,

Why not using GPMC? Then can be sure that it is done correctly, because not only SYSVOL is used also Active directory service.

Each Group Policy object (GPO) is stored partly in the Sysvol folder on the domain controller and partly in the Active Directory directory service. GPMC, Group Policy Object Editor, and the old Group Policy user interface that is provided in the Active Directory snap-ins present and manage a GPO as a single unit. For example, when you set permissions on a GPO in GPMC, GPMC sets permissions on objects both in Active Directory and in the Sysvol folder. For each GPO, the permissions in Active Directory must be consistent with the permissions in the Sysvol folder. You must not change these separate objects outside GPMC and Group Policy Object Editor. If you do so, this may cause Group Policy processing on the client to fail, or certain users who generally have access may no longer be able to edit a GPO.

Additionally, file system objects and directory service objects do not have the same available permissions because they are different types of objects. When permissions mismatch, it may not be easy to make them consistent. To help you make sure that the security for the Active Directory and for the Sysvol components of a GPO is consistent, GPMC automatically checks the consistency of the permissions of any GPO when you click the GPO in GPMC. If GPMC detects a problem with a GPO, you receive one of the messages that is described in the "Symptoms" section, depending on whether or not you have permissions to modify security on that GPO:

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

I am running a mix of 2003 sp2 and 2000 sp 4 server domain.
I was wondering if I can delete GPO's directly from the Sysvol folder?
Is there anything that I need to worry about?
for ex: never delete the domain GPO.
Any thoughts?
Regards,


.

Relevant Pages

  • Re: Deleting a GPO directly from the sysvol
    ... because not only SYSVOL is used also Active directory service. ... Each Group Policy object (GPO) is stored partly in the Sysvol folder ... GPMC, Group Policy Object Editor, and the old Group Policy ... permissions on a GPO in GPMC, GPMC sets permissions on objects both ...
    (microsoft.public.win2000.group_policy)
  • Re: Deleting a GPO directly from the sysvol
    ... Each Group Policy object (GPO) is stored partly in the Sysvol ... folder on the domain controller and partly in the Active Directory ... permissions on objects both in Active Directory and in the Sysvol ...
    (microsoft.public.win2000.group_policy)
  • Re: Deleting a GPO directly from the sysvol
    ... Each Group Policy object (GPO) is stored partly in the Sysvol folder on the ... domain controller and partly in the Active Directory directory service. ... For example, when you set permissions on a GPO in GPMC, GPMC ...
    (microsoft.public.win2000.group_policy)
  • Re: Deleting a GPO directly from the sysvol
    ... Windows cannot access the file gpt.ini for GPO ... because not only SYSVOL is used also Active directory service. ... GPMC, Group Policy Object Editor, and the old Group Policy ... permissions on a GPO in GPMC, GPMC sets permissions on objects both ...
    (microsoft.public.win2000.group_policy)
  • Re: Re-instating a GPO
    ... The group policy object in the Active Directory domain partition is still missing than. ... Either you go for an authoritative restore of your AD or you us a commercial Recovery tool like Quest Recovery Manager for Active Directory. ... The reply address is a spam trap. ...
    (microsoft.public.windows.group_policy)