Re: Aftermath of RDIRCMP.EXE?

---

• From: "Ace Fekay [Microsoft Certified Trainer]" <firstnamelastname@xxxxxxxxxxx>
• Date: Mon, 2 Mar 2009 01:46:49 -0500

---

In news:A0A3580D-74DD-47BB-8681-4DF733E26ED7@xxxxxxxxxxxxx,
Mygposts <Mygposts@xxxxxxxxxxxxxxxxxxxxxxxxx>, posted the following:

The main issue is that thee is a special group of machines that had
extensive policies set as local policies for testing purposes and
they do not want any of those local settings undone or overrided by
domain policies.

You want to exclude the Default Domain Policy, too? Keep in mind, certain settings in this policy cannot be blocked, such as account settings, security, Kerberos settings, etc.

If you are trying to block a certain setting, then I'm assuming that you've added settings to the Default Domain Policy. This is usually not recommended. It's recommended to leave the Default Domain Policy alone, as well as the Default Domain Controller Policy (not in the scope of this thread, but wanted to point that out), and that you design your OUs for group policy. Keep in mind, anything you set at the Domain level will apply downhill, including personal settings and others, which also apply to your domain controllers and servers. In such a scenario, you may not want them to apply to these servers. I recommend to setup your OU structure to apply policies that you want to apply to certain users, computers, or both. With such a scenario, you won't need to block inheritance from the domain level.

Check out this example. It may help demonstrate it a little better
http://www.fekay.com/supportblogs/gpoflow.jpg


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@xxxxxxxxxxxxxxxxxxxxxxx

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.


.

---

• References:
  • Re: Aftermath of RDIRCMP.EXE?
    • From: Jorge Silva
  • Re: Aftermath of RDIRCMP.EXE?
    • From: Mygposts

• Prev by Date: Re: Why do I have to specify domain\username? tg
• Next by Date: Re: generic login
• Previous by thread: Re: Aftermath of RDIRCMP.EXE?
• Next by thread: Re: Aftermath of RDIRCMP.EXE?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Default domain policy ... >None of the default policies specify any permission ... >are UserRights and a couple of Security Options. ... >Any other settings would have been added to the policies ... >> The default domain policy sets security settings on the ... (microsoft.public.win2000.group_policy) Re: Default domain policy ... None of the default policies specify any permission settings. ... In the Default Domain Policy the only things defined by default are the ... manually or by importing a security template. ... (microsoft.public.win2000.group_policy) Re: Local GPO refreshes outside of refresh interval ... I looked through my GPO's Windows Settings section ... > Some policies, including IE policies, have a checkbox that defines if this ... > it should apply EVEN if the value defined in GPO did not change since the ... we are talking about one particular policy: ... (microsoft.public.windows.group_policy) Re: Assigning File and Folder Permissions Via Group Policy ... Putting all of our NTFS tweaks in one GPO is attractive to me because we ... rights" policy, and then if we need to break them out later we'll just cross ... my organization has not made a lot of use of group policies. ... A few policies with a lot of settings in each policy may not be the best ... (microsoft.public.windows.group_policy) Re: Assigning File and Folder Permissions Via Group Policy ... A few policies with a lot of settings in each policy may not be the best ... permissions changes into one group policy that gets pushed out to everyone, ... (microsoft.public.windows.group_policy)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)