Solved

recreate GPO's

Posted on 2013-01-18
2
296 Views
Last Modified: 2013-01-19
win2008 r2 domain and win7 clients.

would like to tidy and recreate some of my GPOs. if a previous policy was set as 'enabled' am I correct thinking if its configured  state is 'disabled' i need to  'disable' this policy rather than make it unconfigured as this would just leave it as 'enabled' on computers that have previously had that policy applied?

is there a simple way to revert all my computers back to default settings so they can apply the new policy from fresh? don't want to image them all.

hope that makes sense!
0
Comment
Question by:Pete
2 Comments
 
LVL 13

Expert Comment

by:imkottees
ID: 38795171
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 38795603
It really depends on the settings configured by your GPOs.  Many group policy settings (true "policies") are removed whenever the GPO no longer applies, but then there are preferences which tattoo their settings, and the setting does not revert when the GPO is gone.  To undo these preferences, you have to set the GPO to reverse the setting it previously made.
Here's a couple links which explain the difference between GP policy, preferences, and GP Preferences.
http://blogs.technet.com/b/grouppolicy/archive/2008/03/04/gp-policy-vs-preference-vs-gp-preferences.aspx
http://www.gpoguy.com/faqs/whitepapers/tabid/63/articletype/articleview/articleid/5/understanding-policy-tattooing.aspx

So, to directly answer your questions:
 - no, you don't always have to reconfigure a GPO to reverse whatever setting it was making.  Often it's enough to just have the setting not applied anymore, which can be done by a few methods, including:  changing the setting to "not configured"; modifying the GPO (not the settings inside the GPO) so that all settings are disabled; disabling or deleting the link between an OU and the GPO; changing the security filtering of the GPO so it is no longer applied.
 - No.  Unless all settings were true policies, in which case simply not applying the GPOs would remove their effects.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server 2008R2 Event logs for user sign on failures 11 43
ADFS for O365 login page 2 48
Office365 DirSync setup questions 4 32
Dropbox in Windows Server 2008 4 30
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question