Solved

recreate GPO's

Posted on 2013-01-18
2
293 Views
Last Modified: 2013-01-19
win2008 r2 domain and win7 clients.

would like to tidy and recreate some of my GPOs. if a previous policy was set as 'enabled' am I correct thinking if its configured  state is 'disabled' i need to  'disable' this policy rather than make it unconfigured as this would just leave it as 'enabled' on computers that have previously had that policy applied?

is there a simple way to revert all my computers back to default settings so they can apply the new policy from fresh? don't want to image them all.

hope that makes sense!
0
Comment
Question by:Pete
2 Comments
 
LVL 13

Expert Comment

by:imkottees
Comment Utility
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
Comment Utility
It really depends on the settings configured by your GPOs.  Many group policy settings (true "policies") are removed whenever the GPO no longer applies, but then there are preferences which tattoo their settings, and the setting does not revert when the GPO is gone.  To undo these preferences, you have to set the GPO to reverse the setting it previously made.
Here's a couple links which explain the difference between GP policy, preferences, and GP Preferences.
http://blogs.technet.com/b/grouppolicy/archive/2008/03/04/gp-policy-vs-preference-vs-gp-preferences.aspx
http://www.gpoguy.com/faqs/whitepapers/tabid/63/articletype/articleview/articleid/5/understanding-policy-tattooing.aspx

So, to directly answer your questions:
 - no, you don't always have to reconfigure a GPO to reverse whatever setting it was making.  Often it's enough to just have the setting not applied anymore, which can be done by a few methods, including:  changing the setting to "not configured"; modifying the GPO (not the settings inside the GPO) so that all settings are disabled; disabling or deleting the link between an OU and the GPO; changing the security filtering of the GPO so it is no longer applied.
 - No.  Unless all settings were true policies, in which case simply not applying the GPOs would remove their effects.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A procedure for exporting installed hotfix details of remote computers using powershell
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now