vrmanrtell
asked on
Group Policy Clean up @ My Company
Good morning everyone.
I have been tasked with cleaning up the disaster that is my company's group policy..... I'm in need of some clarification...
Easy Example:
Control Panel/Personalization/Prev
So If I understand group policy correctly, since this setting is "flipped on" (ive read this also referred to as "tattooed") even though I choose "not configured", it will stay "flipped on" until it is "flipped off" correct? So for me to clean this setting, I have to flip it to Disabled, let it sit for a while and then set it to "not configured". Is that correct?
Now, I am working in a Group Policy environment that has existed since this company went to active directory a thousand years ago.... It has been used and abused. I am thinking that there are probably settings all over the place that have been "flipped on" and never "flipped off". The only way I can think to get around this is to clear the GPO policy on the client machines and force a GPO update..... I've taken a look around and found I can do either of the following:
Delete C:\WINDOWS\security\Databa
GPupdate /force
or should i just delete
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
then a gupdate /force
Think I can add a script to their login .bat files that does this safely?
2nd Example:
Folder Redirection Downloads : Enabled
So even if I choose "not configured" now, it will still be "tattooed" on the computers that have ran this policy. I should flip it to disabled, let it sit, then flip to "not configured" correct?
One more question, if settings are set to "not configured" will they show up on the GPMC when click the "Settings" tab? (im thinking the answer is no...)
Thanks for your help!
I have been tasked with cleaning up the disaster that is my company's group policy..... I'm in need of some clarification...
Easy Example:
Control Panel/Personalization/Prev
So If I understand group policy correctly, since this setting is "flipped on" (ive read this also referred to as "tattooed") even though I choose "not configured", it will stay "flipped on" until it is "flipped off" correct? So for me to clean this setting, I have to flip it to Disabled, let it sit for a while and then set it to "not configured". Is that correct?
Now, I am working in a Group Policy environment that has existed since this company went to active directory a thousand years ago.... It has been used and abused. I am thinking that there are probably settings all over the place that have been "flipped on" and never "flipped off". The only way I can think to get around this is to clear the GPO policy on the client machines and force a GPO update..... I've taken a look around and found I can do either of the following:
Delete C:\WINDOWS\security\Databa
GPupdate /force
or should i just delete
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
then a gupdate /force
Think I can add a script to their login .bat files that does this safely?
2nd Example:
Folder Redirection Downloads : Enabled
So even if I choose "not configured" now, it will still be "tattooed" on the computers that have ran this policy. I should flip it to disabled, let it sit, then flip to "not configured" correct?
One more question, if settings are set to "not configured" will they show up on the GPMC when click the "Settings" tab? (im thinking the answer is no...)
Thanks for your help!
Aaron Tomosky
I'm going to lurk more than anything, but the first question I would have is what is the functional level if the domain. The second would be what os is on the clients.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.