Re: Group policy still applying even though disable on domain
- From: Meinolf Weber <meiweb(nospam)@gmx.de>
- Date: Fri, 2 May 2008 11:20:47 +0000 (UTC)
Hello boe,
If you will go back to the default you can use dcgpofix from MS:
http://technet2.microsoft.com/windowsserver/en/library/b9db0ae7-3d25-4e5e-9320-e5db0b0c9f8a1033.mspx?mfr=true
http://technet2.microsoft.com/windowsserver/en/library/48872034-1907-4149-b6aa-9788d38209d21033.mspx?mfr=true
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Meinolf,
Thanks for the reply. Unfortuantly, I was not the implementor of all
of the gpo's on this domain and from what I heard, when they were
created, it was more of a quick build by the previous sys admin. And
all of the policy modifications were done on the Default Domain Policy
instead of a different policy and applying it to an OU. The default
gpo had many settings configured that were opposite of what is
required by our security checklist. I have made everything as 'not
defined' with the exception of the Password policies and have built a
new gpo and am applying it specifcally on the computer OU that I had
created. I was able to fix one issue by modifying the sceregvl.inf to
create a new gpo setting. However, the other one involving removing
the 'optional' key in "HKLM\system\currentcontrolset\control\session
manager\subsystems" has been my biggest pain so far...although at the
time of writing this reply, it appears to have stopped reappearing
after policy is applied. Will have to test it for a couple days to
ensure that this is resolved.
"Meinolf Weber" wrote:
Hello boe,
If you play aorund with the default policies, you can not go back
easily to the startup settings. If you like to change settings in a
GPO you have to UNDO the change, if a setting was enabled you have to
disable it. So create for your needs always your own policies and
think about if it should effect the complete domain or better link it
to OU's built on your needs. Then you have to move the users or
computers to the special OU's. Also the Password policy has to be set
on the domain level and on NO other place. It will no twork if you
configure it to another OU.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
I am having issues with the default domain policy applying to my
computer even though it is disabled on the domain and am looking for
a way to to remove all references to it on the local machine if
possible.
Here is a brief synopsis of what I have done that led me to this
point:
1.Machine was currently on the domain while I used Security
Configuration
and Analysis tool to make some changes to the local machine as part
of
a
security checklist.
2.Noticed that changes were not applying on this machine, so I
grabbed
a
.sdb file I had created on another workstation and copied it over to
this one.
3.I was able to make all the changes needed while using the new .sdb
file.
Once everything was done, I removed it from the domain in
preparation
to
build an image of the drive.
4.After removing it from the domain and building the image of the
drive, I
then went forth and re-added it to the domain. After the reboot and
login, I
noticed that the changes I had made have been reverted back to what
they were
before.
5.After running a gpresult /v on the computer, I noticed that the
Default
Domain Policy was still being applied to this workstation.
I am not sure what my next course of action should be. Any help
would
be greatly appreciated. If you need more info, please let me know.
Thank You,
Boe
.
- Prev by Date: Re: password
- Next by Date: Re: Security Group Settings/Usage
- Previous by thread: Re: Group policy still applying even though disable on domain
- Next by thread: Security Group Settings/Usage
- Index(es):
Relevant Pages
|
