Re: Local Policy reverting back to old settings
- From: Fastenal-LPT Tech <FastenalLPTTech@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 20 Sep 2006 07:41:02 -0700
Yes we've tried it both ways:
A reg hack to fix the user on the spot and get the user to what they need,
knowing that this would revert back.
but:
Have also made the changes via gpedit thinking that this would change the
policy, but after the password change, not expired, it reverts back to the
original settings, it definately relates to the password change, so it seems
that every three months when that password chg GPO comes into play it also
puts the original local settings back into play.
Is it possible that it creates a backup of the original policy file and
every time this happens it goes back to the backup of the original and
rewrites the registry.pol files?
We do a scripted install, then apply and local policy settings, and put
software in place. Next we sysprep the machine, then shoot the image up to
our Ghost server. This image is then used on all the laptops to follow of
that particular type and model.
This policy went out for the first 3 months before the problem was noticed
and caught, we since had redone the image without the login sync setting, so
the machines to follow do not have the problem. I'm not sure if that will
shed any light into what happens, other than those first machines revert back
to that original policy they were born with. The only sure fix has been to
reimage one with the newer image, but we put out about 60 machines in that 3
month period, so maybe the Domain GPO to all laptops might be the only sure
fix with re-doing all 60.
"Roger Abell [MVP]" wrote:
So you are saying that if the user changes their password, then the.
reversions you have done get undone (or is it only if the password
has been expired and then changed).
I notice that you are discussing two User policy settings, and also,
you stated initially
. . . and either by reg hack or gpedit would makeClearly, if the reversion were done my "reg hack" they would be
the change and turn it off.
undone at the first time policy is reapplied. The local policy would
still be in force, but with hacked effect, until then, and it would say
to set things as originally configured.
Are you sure this is happening on machines where use of gpedit
was the method for making the reversions?
And again, reverting those settings with an AD based GPO would
be one way to overrule the local settings without use of per-machine
gpedit.
"Fastenal-LPT Tech" <FastenalLPTTech@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:F1C653C1-67B4-41D1-98AC-7632B84FF030@xxxxxxxxxxxxxxxx
Based on domain GPO, passwords are required to be changed every 3 months,
and
it seems that as soon as the user does this, the old local policy settings
come back even tho they have been manually changed in gpedit prior. So it
would seem that the machines revert back to the original local policy
settings from the image. We create an image for each model of laptop we
use,
included in the image is a local policy, and this is where it gets the
original settings. One would think that when changes are made thru gpedit
that it would edit .POL files which write these to the registry. We have
also
noticed in the past that we have the c: drive hidden from the users since
they're profile and user data is stored on the d: drive. If we unhide
these,
these settings also revert back to hidden.
"Roger Abell [MVP]" wrote:
What is this "every three month mandatory password change" ?
More specifically, are you sure it only changes passwords??
Why not apply a reversing setting via AD based GPO? Once
this is seen by a machine being local, it will be cached and so
remain in force even when the machine is non-local, and if the
"every three month" thing fires off, if it is tweaking local settings
those also would still be below the AD based setting in pecking
order.
"Fastenal-LPT Tech" <Fastenal-LPT Tech@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in
message news:E5DEC335-7667-4457-8D6B-0E47827F3A10@xxxxxxxxxxxxxxxx
We have 700+ laptops in our network, last year in the local policy one
tech
thought it would speed up the login process by running login scripts
sycronously.
This caused the laptops that received the image with this to take 10
minutes
before loading up the desktop when not plugged into the network. We
since
figured out this was the cause and either by reg hack or gpedit would
make
the change and turn it off.
But every 3 months after the mandatory password change it reverts back
to
the old local policy and brings back these settings, does anyone know
why
this happens even after going in and changing the local policy setting?
What
are the steps to completely wipe out old local policy and replace with
a
new
one.
- Follow-Ups:
- Re: Local Policy reverting back to old settings
- From: Gerry Hickman
- Re: Local Policy reverting back to old settings
- References:
- Re: Local Policy reverting back to old settings
- From: Roger Abell [MVP]
- Re: Local Policy reverting back to old settings
- From: Roger Abell [MVP]
- Re: Local Policy reverting back to old settings
- Prev by Date: Re: Local Policy reverting back to old settings
- Next by Date: Re: Uninstall Windows Live Messenger
- Previous by thread: Re: Local Policy reverting back to old settings
- Next by thread: Re: Local Policy reverting back to old settings
- Index(es):
Relevant Pages
|
