Re: AD Policy audit tool for Windows 2000

From: Raoul Armfield <armfield@xxxxxxxx>
Date: Thu, 25 May 2006 12:15:29 -0400

Ramsdell, Scott wrote:

Koolk3,

You want the "Group Policy Management" snap-in from Microsoft. Should
work on 2000 as well as 2003. The tool shows you what settings each GPO
sets. It doesn't, to my knowledge, provide a diff from an original
install, so it isn't "ideal". However, you can easily get a default
install config with a stand alone box and "dcpromo.exe" ;)

What we did was create an new Default domain policy and a new Default domain controller policy and use those to write our policies. This way if we ever need to go back to the default we can simply link the originals back and voila.

Raoul

--
Raoul Armfield
rarmfield at amnh dot org

References:
- RE: AD Policy audit tool for Windows 2000
  - From: Ramsdell, Scott

Prev by Date: sha-1 shell extension for W2003
Next by Date: RE: MS Audit logs
Previous by thread: RE: AD Policy audit tool for Windows 2000
Next by thread: RE: AD Policy audit tool for Windows 2000
Index(es):
- Date
- Thread

Relevant Pages

Re: Terminal Server with SBS 2K3
... The default domain controllers policy was "not defined" ... Do normal users try to install a network printer? ... when a normal user logs on the terminal server ... > the default domain controller policy to ensure that the "Prevent users ...
(microsoft.public.windows.server.sbs)
Re: Error trying to copy Default Domain Policy
... prior staff that wasn't 100% sure of Group Policy Management. ... They made changes in the Default Domain Controller Policy, the Default Domain Policy, and others. ... They made redundant changes for logon restrictions in multiple policies, changed service StartUp behaviors, blocked inheritance, etc. ...
(microsoft.public.windows.group_policy)
GPO Error
... Default Domain Controller Policy I get this error message: ... soon and I am getting so frustrated with this server (wish I was the one who ...
(microsoft.public.windows.server.sbs)
Re: Prohibit "Log on with local profile"
... I enabled this policy on my domain (Domain controller policy) and my ... Than I removed my Roaming profile. ... >> Ramon Niese ...
(microsoft.public.windows.server.active_directory)
Re: user directories through AD
... where the default domain controller policy has to be set to "disabled" on ... The default domain policy will not be changed. ... If that policy hasn't been disabled then you will not be able to use Mac ... OS X's built-in SMB client at all to connect to a Windows Server 2003 ...
(microsoft.public.macintosh.general)