Re: Group policy still applying even though disable on domain
- From: Boe <Boe@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 30 Apr 2008 13:04:01 -0700
Meinolf,
Thanks for the reply. Unfortuantly, I was not the implementor of all of the
gpo's on this domain and from what I heard, when they were created, it was
more of a quick build by the previous sys admin. And all of the policy
modifications were done on the Default Domain Policy instead of a different
policy and applying it to an OU. The default gpo had many settings configured
that were opposite of what is required by our security checklist. I have
made everything as 'not defined' with the exception of the Password policies
and have built a new gpo and am applying it specifcally on the computer OU
that I had created. I was able to fix one issue by modifying the
sceregvl.inf to create a new gpo setting. However, the other one involving
removing the 'optional' key in "HKLM\system\currentcontrolset\control\session
manager\subsystems" has been my biggest pain so far...although at the time of
writing this reply, it appears to have stopped reappearing after policy is
applied. Will have to test it for a couple days to ensure that this is
resolved.
"Meinolf Weber" wrote:
Hello boe,.
If you play aorund with the default policies, you can not go back easily
to the startup settings. If you like to change settings in a GPO you have
to UNDO the change, if a setting was enabled you have to disable it. So create
for your needs always your own policies and think about if it should effect
the complete domain or better link it to OU's built on your needs. Then you
have to move the users or computers to the special OU's. Also the Password
policy has to be set on the domain level and on NO other place. It will no
twork if you configure it to another OU.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
I am having issues with the default domain policy applying to my
computer even though it is disabled on the domain and am looking for a
way to to remove all references to it on the local machine if
possible.
Here is a brief synopsis of what I have done that led me to this
point:
1.Machine was currently on the domain while I used Security
Configuration
and Analysis tool to make some changes to the local machine as part of
a
security checklist.
2.Noticed that changes were not applying on this machine, so I grabbed
a
.sdb file I had created on another workstation and copied it over to
this one.
3.I was able to make all the changes needed while using the new .sdb
file.
Once everything was done, I removed it from the domain in preparation
to
build an image of the drive.
4.After removing it from the domain and building the image of the
drive, I
then went forth and re-added it to the domain. After the reboot and
login, I
noticed that the changes I had made have been reverted back to what
they were
before.
5.After running a gpresult /v on the computer, I noticed that the
Default
Domain Policy was still being applied to this workstation.
I am not sure what my next course of action should be. Any help would
be greatly appreciated. If you need more info, please let me know.
Thank You,
Boe
- References:
- Group policy still applying even though disable on domain
- From: Boe
- Re: Group policy still applying even though disable on domain
- From: Meinolf Weber
- Group policy still applying even though disable on domain
- Prev by Date: Security log in Event Viewer shows Failure Audits from other pcs????
- Previous by thread: Re: Group policy still applying even though disable on domain
- Next by thread: Finger print reader
- Index(es):
Relevant Pages
|
