SBS 2008 and GPO

Posted on 2013-09-23
Medium Priority
Last Modified: 2013-10-03

Environnement: single server Windows 2008 SBS SP2, 25 client PCs

I am planning to add a second DC  to the SBS domain
It will be either Windows 2008 R2 standard Edition or Windows 2012 Standard Edition. No more SBS

Both servers (old SBS and new Standard Edition) will be DCs of the same domain

The question is that I do not want GPOs of the SBS 2008 Server to replicate in the 2008  or 2012 Standard Edition Server. I want to have a STANDARD GPOs on the new 2008/2012 server

Is it possible?

Maybe before integrating the new server in the SBS domain I should delete or disable special SBS GPOs? but I do not know how to do that

Since I have littre experience with GPOs

Thank you for your help
Question by:gadsad
  • 3
  • 3
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 39514172
The answer is no.   A DC replicates all objects from others DCs to ensure consistent AD infrastructure.  What you could do is either migrate to new domain or keeps the same domain and disable undesired GPOs and create new ones.  As curious, why do want to start with no policies?
LVL 18

Expert Comment

by:Emmanuel Adebayo
ID: 39514329
Yes you could add Windows Server 2012 to an existing SBS 2008 domain and also promote it as an addition DC. And SBS 2008 must own all of the forest and domain FSMO roles.


Regarding place one GPO on Windows 2008/2012, this is not possible, you the GPO used in a domain will be replicated to all the DCs.

What you can you is to check the existing GPO on the domain and modify or delete and finally create a new one as needed.

To get started with GPO, please check the link below


Author Comment

ID: 39514370
I want to disable SBS GPO since they are restrictive for PC connected to the SBS domain, and some options are "in grey" (no changeable) in connected PC (like Firewall Options, Remote Desktop OPtions...)

Is there an easy way to disable all SBS special GPO?

Thank you
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

LVL 18

Expert Comment

by:Emmanuel Adebayo
ID: 39514392
Are you checking this on the PC connected to the SBS domain?

You need to do it in the Group Policy management console on the SBS server.
Start>>Administrative Tools>>Group Policy Management

Then configure the Default Domain and Default Domain Controller Policies.
Look for all the option to set


But ensure you backup the policy before you starting the modification.


Author Comment

ID: 39514411
yes I am checking this on the PC connected to the SBS domain

THe link you gave me is for creating all special SBS GPO

I am looking for a solution to disable or delete these special SBS GPOs

LVL 18

Accepted Solution

Emmanuel Adebayo earned 2000 total points
ID: 39514432
You cannot disable or delete the applied GPO from the PC as mentioned earlier, you will need to go to the server and edit the GPO. The link below shows how to get to Group policy all you need to do is to disable the policy that you don't want. I don't know them but you know this special SBS GPO that you want to disable.

To disable user or computer policy settings in a Local Group Policy object

Open Microsoft Management Console.

Click File and then click Add/Remove Snap-in .

In the Add/Remove Snap-in dialog box, in the Available Snap-ins list box, click Group Policy Object Editor , and then click Add .

In the Select Group Policy Object dialog box, click Browse .

To specify Local Computer Policy, click OK and then click Finish . Proceed to Step 7.

To specify Local Computer Policy for users or groups, click the Users tab, and select from the following Local Group Policy objects:
¿Administrators : Predefined Local Group Policy that applies to users included in the Administrators group.

¿Non-Administrators : Predefined Local Group Policy that applies to users not included in the Administrators group.

¿User-Specific : Local Group Policy objects associated with a specific local user account.

Right-click the name of the Local Group Policy object, and then click Properties .

Click Disable Computer Configuration settings or Disable User Configuration settings .

Click OK , and then close Microsoft Management Console.


Author Closing Comment

ID: 39542570
thank you

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Exchange database can often fail to mount thereby halting the work of all users connected to it. Finding out why database isn’t mounting is crucial and getting the server back online. Stellar Phoenix Mailbox Exchange Recovery is a champion product t…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question