Re: Error trying to copy Default Domain Policy
- From: "Saucer Man" <saucerman@xxxxxxxxxx>
- Date: Wed, 9 Jan 2008 11:36:40 -0500
Ok....but how do I know what most of the settings should be set at? For
example, ...
1) are all the Services set to not defined originally in the Default Domain
and Domain Controllers Policy?
2) if I set some services back to not defined, will the services revert to
whatever they were by default(like Disabled) or will they stay as Automatic
because the old policy changed them to Automatic?
3) if I set my own user logon settings in a new policy at the top level,
what should I set same settings for in the other OUs? I would like to have
them set to default so I don't get confused when I am looking at these
policies. I don't know what the defaults are? Are they set to not defined
by default?
--
Thanks!
"Florian Frommherz [MVP]" <florian@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:eNQJDOtUIHA.748@xxxxxxxxxxxxxxxxxxxxxxx
Howdie!
Saucer Man schrieb:
I recently came on board here and found that the GPOs have been modified
by prior staff that wasn't 100% sure of Group Policy Management. They
made changes in the Default Domain Controller Policy, the Default Domain
Policy, and others. They made redundant changes for logon restrictions
in multiple policies, changed service StartUp behaviors, blocked
inheritance, etc.
I understand. But rather than wiping out the Default Domain Policy and the
Default Domain Controllers Policy, I'd go for the work and try to crawl
through the mess they left you alone with. Although I haven't had any
major issues with dcgpofix, I'd use that only in disaster situations .
For example, I tried to set the License Logging service to disabled in
our 2003 domain but it reverted back to automatic. I found that the
default policies had this service changed to automatic. Then I found
that many services were changed. They made so many changes that they are
not sure what they did. I don't know of any other way reset them and
just implement the changes that we need because they modified all the
default policies.
I'd start with making a plan of all settings and policies in place. GPMC
scripting helps you out with this. Based on that, you start all over and
plan your own design - before implementing, you can use GPMC to back up
all the policies (in the Group Policy Objects node, right-click the
policy, "Back up...") and then start all over. Replace the old settings
step by step with your new ones rather than wiping everything out at once
(~ but that depends on your strategy and the size of the organization,
number of policies, etc.)
I'm quite sure you won't come around building a test environment and
working it all over piece by piece.
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
.
- Follow-Ups:
- Re: Error trying to copy Default Domain Policy
- From: Darren Mar-Elia
- Re: Error trying to copy Default Domain Policy
- References:
- Error trying to copy Default Domain Policy
- From: Saucer Man
- Re: Error trying to copy Default Domain Policy
- From: Florian Frommherz [MVP]
- Re: Error trying to copy Default Domain Policy
- From: Saucer Man
- Re: Error trying to copy Default Domain Policy
- From: Florian Frommherz [MVP]
- Re: Error trying to copy Default Domain Policy
- From: Saucer Man
- Re: Error trying to copy Default Domain Policy
- From: Florian Frommherz [MVP]
- Error trying to copy Default Domain Policy
- Prev by Date: Re: Error trying to copy Default Domain Policy
- Next by Date: Re: GPMC Results Error on other Domain Accounts
- Previous by thread: Re: Error trying to copy Default Domain Policy
- Next by thread: Re: Error trying to copy Default Domain Policy
- Index(es):
Relevant Pages
|
Loading
