Solved

GPO Removal Question

Posted on 2008-10-23
7
238 Views
Last Modified: 2012-05-05
In our institute we end users that do either administrative functions or work in labs.  All of which need the ability to logon with their domain credentials.  So we've setup two OU's for those workstations called Admin and Lab.  The computers that the admin persons use have 5 group policy objects applying down to them.  Contained in those GPO's are hunders of federally mandaded settings.  Computes in the LAB ou's CAN NOT have the Federally mandated policies applied to them out of fear these settings will break scientific applicaitons.  
So here's my question  If a comptuer object is moved into the "Admin" OU, thus inheriting those settings, then moved back into the LAB OU, will those federally mandated policies go back to what they were before?
0
Comment
Question by:esbfern
  • 4
  • 2
7 Comments
 
LVL 18

Expert Comment

by:flyingsky
ID: 22789286
To answer your question, yes. They should go back to what they were, unless those GPO for Admin group install some software.
0
 

Author Comment

by:esbfern
ID: 22789355
Can you please show me a microsoft document of this.  I think this depends on the OS and what policy is applied.
0
 
LVL 38

Accepted Solution

by:
Shift-3 earned 500 total points
ID: 22789371
If they are all standard settings then yes, they should go away once the GPO no longer applies to that computer.  However, if that GPO contains custom administrative templates which edit registry entries that aren't under the four dedicated Policies keys then those changes can persist even after the policy is removed.  This is called tattooing the registry.

See these pages for more information:
http://support.microsoft.com/kb/323639
http://www.gpoguy.com/FAQs/Whitepapers/tabid/63/articleType/ArticleView/articleId/5/Understanding-Policy-Tattooing.aspx
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 18

Expert Comment

by:flyingsky
ID: 22789419
One simple way of knowing for sure is do a test. setup a machine in Lab ou, make sure everything works fine, move it to admin ou, force to gpupdate to apply all the GPOs , then take it out and put back to lab.
0
 

Author Comment

by:esbfern
ID: 22789666
It's a little more complicated than that.  Just found this http://technet.microsoft.com/en-us/library/cc736484.aspx
0
 

Author Comment

by:esbfern
ID: 22790813
Shift-3:  How do I know which Group Policies will be put in these locations:  

HKEY_LOCAL_MACHINE\Software\Policies
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

Are all policies under the administrative templates in these locations?
0
 

Author Comment

by:esbfern
ID: 22797584
Here's the answer for the administrative Templates section of a GPO.  Shift-3 is correct http://technet.microsoft.com/en-us/library/cc736484.aspx 
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question