?
Solved

recreate GPO's

Posted on 2013-01-18
2
Medium Priority
?
301 Views
Last Modified: 2013-01-19
win2008 r2 domain and win7 clients.

would like to tidy and recreate some of my GPOs. if a previous policy was set as 'enabled' am I correct thinking if its configured  state is 'disabled' i need to  'disable' this policy rather than make it unconfigured as this would just leave it as 'enabled' on computers that have previously had that policy applied?

is there a simple way to revert all my computers back to default settings so they can apply the new policy from fresh? don't want to image them all.

hope that makes sense!
0
Comment
Question by:Pete
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Expert Comment

by:imkottees
ID: 38795171
0
 
LVL 40

Accepted Solution

by:
footech earned 2000 total points
ID: 38795603
It really depends on the settings configured by your GPOs.  Many group policy settings (true "policies") are removed whenever the GPO no longer applies, but then there are preferences which tattoo their settings, and the setting does not revert when the GPO is gone.  To undo these preferences, you have to set the GPO to reverse the setting it previously made.
Here's a couple links which explain the difference between GP policy, preferences, and GP Preferences.
http://blogs.technet.com/b/grouppolicy/archive/2008/03/04/gp-policy-vs-preference-vs-gp-preferences.aspx
http://www.gpoguy.com/faqs/whitepapers/tabid/63/articletype/articleview/articleid/5/understanding-policy-tattooing.aspx

So, to directly answer your questions:
 - no, you don't always have to reconfigure a GPO to reverse whatever setting it was making.  Often it's enough to just have the setting not applied anymore, which can be done by a few methods, including:  changing the setting to "not configured"; modifying the GPO (not the settings inside the GPO) so that all settings are disabled; disabling or deleting the link between an OU and the GPO; changing the security filtering of the GPO so it is no longer applied.
 - No.  Unless all settings were true policies, in which case simply not applying the GPOs would remove their effects.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question