Adding GPOs to Default Domain Controllers Policy

---

• From: Robert Lindholm <RobertLindholm@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Fri, 2 May 2008 06:58:04 -0700

---

Hello:

I'm trying to configure the Windows Firewall on two Domain Controllers in my
AD test lab based on KB555381, which recommends using GPMC to create/manage
the GPO, but have run into a problem and need some assistance.

In an effort to setup this GPO, I attempted to edit the Default Domain
Controllers Policy Object by adding the firewall configuration settings
outlined in KB555381.

While the adjusted policy did get applied to the "primary" DC where I ran
GPMC from, it didn't get replicated to the "second" DC as expected.

I used the Default Domain Controller Policy Object because it seemed like
the logical thing to do since it was already there and I assumed that
everything was already linked properly, but that may not be correct.

While trying to resolve this issue, I read that editing this GPO may not be
best practice and have undone the changes I made.

These leaves me with the following questions:

1) Is adding this type of addition to the Default Domain Controller Policy
Object appropriate or should I create a separate GPO for this policy?

2) Do I need to create a new OU or can I add this under the existing Domain
Controllers OU?

3) How do I verify that the policy is properly linked to the intended
objects?

4) To ensure that the policy is pushed out to the intended objects, does it
need to be enforced or will it just replicate?

As this is my first exposure to GPMC or AD GPOs, any suggestions would be
greatly appreciated.

Thanks,

Bob
--
Robert Lindholm
University of Rochester
.

---

• Follow-Ups:
  • Re: Adding GPOs to Default Domain Controllers Policy
    • From: Florian Frommherz [MVP]

• Prev by Date: Re: problem overwriting user rights assignment with secedit
• Next by Date: Group Policy in 2003 domain
• Previous by thread: Re: problem overwriting user rights assignment with secedit
• Next by thread: Re: Adding GPOs to Default Domain Controllers Policy
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: GPO - Access denied after changing a GP setting ... You are about to restore Default Domain policy and Default domain Controller po ... This may render some server applications to fail. ... Unable to open the GPO due to access denied. ... You are about to restore Default Domain controller policy for the following domain ... (microsoft.public.windows.server.security) Re: GPO - Access denied after changing a GP setting ... This may render some server applications to fail. ... y Unable to open the GPO due to access denied. ... This tool was unable to re-create the EFS Certificates in the Default D omain Policy GPO Access is denied. ... You are about to restore Default Domain controller policy for the following domain Do you want to continue: ... (microsoft.public.windows.server.security) Re: Help with GPO problem!! PLEASE!! ... > Reposting as we tried in the GPO thread, but after an exhausted attempt, I ... I am racking my brain on this problem with a Windows 2003 Standard ... > Controller Security Policy or the GPO. ... > Domain Controller Security Policy: Failed to open the Group Policy Object. ... (microsoft.public.windows.server.active_directory) RE: Block Policy Inheritance not working as anticipated ... >> I have a Domain Controller running Windows 2000 Server. ... The Domain container has a GPO (Default Domian ... Policy) with password policies defined (complexity, ... >> I am still unable to create a new user account in the EM ... (microsoft.public.win2000.group_policy) RE: GPO settings are not applied ... Microsoft Windows XP Operating System Group Policy Result tool v2.0 ... GPO: Automatic_Updates ... GPO: Default Domain Policy ... Secure Proxy Server: N/A ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.group_policy  > 2008-05