Re: Error trying to copy Default Domain Policy

Howdie!

Saucer Man schrieb:
I recently came on board here and found that the GPOs have been modified by prior staff that wasn't 100% sure of Group Policy Management. They made changes in the Default Domain Controller Policy, the Default Domain Policy, and others. They made redundant changes for logon restrictions in multiple policies, changed service StartUp behaviors, blocked inheritance, etc.

I understand. But rather than wiping out the Default Domain Policy and the Default Domain Controllers Policy, I'd go for the work and try to crawl through the mess they left you alone with. Although I haven't had any major issues with dcgpofix, I'd use that only in disaster situations .

For example, I tried to set the License Logging service to disabled in our 2003 domain but it reverted back to automatic. I found that the default policies had this service changed to automatic. Then I found that many services were changed. They made so many changes that they are not sure what they did. I don't know of any other way reset them and just implement the changes that we need because they modified all the default policies.

I'd start with making a plan of all settings and policies in place. GPMC scripting helps you out with this. Based on that, you start all over and plan your own design - before implementing, you can use GPMC to back up all the policies (in the Group Policy Objects node, right-click the policy, "Back up...") and then start all over. Replace the old settings step by step with your new ones rather than wiping everything out at once (~ but that depends on your strategy and the size of the organization, number of policies, etc.)

I'm quite sure you won't come around building a test environment and working it all over piece by piece.

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
.

Relevant Pages

  • Re: Registry tatooing
    ... It can list and clean true policies, ... Speed Group Policy Troubleshooting with the NEW GPHealth Reporter tool at http://www.sdmsoftware.com/products.php ... Well, to his disliking, the settings remained. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Group Policy question
    ... Policies" and Local Security Policy that is a subset of local Group Policy. ... the registry directly unless given direct and cohesive instructions ...
    (microsoft.public.windowsxp.security_admin)
  • RE: security policy not specified option
    ... Resultant Set of Policy does not in any way change the processing of Group ... processing different parts of group policy. ... Machine parses local policy and applies any settings contained in the ... parses computer configuration settings in those policies. ...
    (Focus-Microsoft)
  • Re: Multiple settings configured in one ou group policy
    ... The more policies that you have the more ... create a policy for every setting, as the more policies processed can have ... If you have policy settings that are going to change on a regular basis ... the group policy guide. ...
    (microsoft.public.windows.group_policy)
  • Re: Reset GP back to "out of box" ??
    ... Administrative Template policies (as opposed to ... select Import Policy and choose that setup security.inf file. ... you should remove the settings in the domain ... Group Policy Management solutions at http://www.sdmsoftware.com ...
    (microsoft.public.windows.group_policy)