Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

recreate GPO's

Posted on 2013-01-18
2
Medium Priority
?
302 Views
Last Modified: 2013-01-19
win2008 r2 domain and win7 clients.

would like to tidy and recreate some of my GPOs. if a previous policy was set as 'enabled' am I correct thinking if its configured  state is 'disabled' i need to  'disable' this policy rather than make it unconfigured as this would just leave it as 'enabled' on computers that have previously had that policy applied?

is there a simple way to revert all my computers back to default settings so they can apply the new policy from fresh? don't want to image them all.

hope that makes sense!
0
Comment
Question by:Pete
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Expert Comment

by:imkottees
ID: 38795171
0
 
LVL 41

Accepted Solution

by:
footech earned 2000 total points
ID: 38795603
It really depends on the settings configured by your GPOs.  Many group policy settings (true "policies") are removed whenever the GPO no longer applies, but then there are preferences which tattoo their settings, and the setting does not revert when the GPO is gone.  To undo these preferences, you have to set the GPO to reverse the setting it previously made.
Here's a couple links which explain the difference between GP policy, preferences, and GP Preferences.
http://blogs.technet.com/b/grouppolicy/archive/2008/03/04/gp-policy-vs-preference-vs-gp-preferences.aspx
http://www.gpoguy.com/faqs/whitepapers/tabid/63/articletype/articleview/articleid/5/understanding-policy-tattooing.aspx

So, to directly answer your questions:
 - no, you don't always have to reconfigure a GPO to reverse whatever setting it was making.  Often it's enough to just have the setting not applied anymore, which can be done by a few methods, including:  changing the setting to "not configured"; modifying the GPO (not the settings inside the GPO) so that all settings are disabled; disabling or deleting the link between an OU and the GPO; changing the security filtering of the GPO so it is no longer applied.
 - No.  Unless all settings were true policies, in which case simply not applying the GPOs would remove their effects.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question