Re: Aftermath of RDIRCMP.EXE?

In news:9798691D-86D1-4A7E-B262-4932E2B6E207@xxxxxxxxxxxxx,
Mygposts <Mygposts@xxxxxxxxxxxxxxxxxxxxxxxxx>, posted the following:
There is a group of machines that need to be on the domain that have
all the policies set through dozens of unique local policies and they
want to be abslutely sure none of thse local policies are changed by
a domain group policy.
So, they want every domain based group policy to be blocked for this
group of machines. They don't want us to make changes to the default
domain policy or attempt to make domain polices to match the local
polices. They just want assurance that none of the preconfigured
policies are changed on this group of special machines.


Local Policies? Local Policies do not provide centralized control. But then again, when you block the Default Domain Policy, you are blocking necessary domain based settings.

How many machines? What type of settings?

If the settings in the local policy do not conflict with any settings in the Default Domain Policy, then there are no worries. Run an RSOP on one of these machines, then block inheritance, and run it again. Compare the results.

You can also create a GPO with those settings, create an OU, apply this GPO to the OU, and move the machines in the OU. This will give you centralization, and ease of administration. All you have to do it is once, then move machines in and out of the OU as needed.

Ace


.