Solved

AD Group Policy issue reverse best practise

Posted on 2015-02-15
12
54 Views
Last Modified: 2015-02-26
we have 2008 ad running and connected with windows xp very few pcs , windows 7 and 8 on the client Pcs . I have notice that some issues like restart/shutdown option not available in the win 7 start menu level .
we have few changes in the default policy level in DC/domain . how can I check the applied policies in the AD level and the client end to go back to the AD default policy ,

I hope recommended way is to crate the new policies and keep the original or the default ones as it is .
0
Comment
Question by:cur
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
12 Comments
 
LVL 24

Accepted Solution

by:
VB ITS earned 500 total points
ID: 40611712
I usually use gpresult /r (you'll need to use gpresult /v on the XP machines) along with RSoP.msc to check what Group Policies and settings are applying.

Run both of these commands in an elevated Command Prompt window when you are logged in as the user so you can see what computer-level GPOs are applying as well.
0
 

Author Comment

by:cur
ID: 40611744
thanks I will check that way . I have realized that some times above result will not show anything block from the policy level . but reality is my pc's CD rom got block and still the deny access
I have remove the pc membership affect the same and working . it seems be in AD policy will not removing after policy remove  . Anything we can do for that
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 500 total points
ID: 40611791
That generally happens when somebody has implemented a non-standard setting, either through registry entries or some sort of custom ADM file.

You can look at deleting the below keys from the registry on your machine to clear out any orphaned Group Policy settings. Make sure you take a backup of these registry keys before deleting them:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft Key
HKEY_CURRENT_USER\Software\Policies\Microsoft
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

Open in new window

0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:cur
ID: 40611819
thanks for your information . Is there any way we can rollback the AD policies back to the original . I can remember some kind of template to apply  ?  there are some standard template in win 2003 . how about in 2008 r2 AD
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 500 total points
ID: 40611827
You can use the dcgpofix command to reset the Default Domain Policy and Default Domain Controllers Policy back to their default settings. These are the only two policies that come shipped with Windows by default.

More information on this command can be found here: https://technet.microsoft.com/en-us/library/hh875588.aspx

You'll then need to browse through each OU in the Group Policy Management Console and either unlink or delete the GPO from applying, with the exception of the Default Domain Policy at the root of the domain and Default Domain Controllers Policy in the Domain Controllers OU.
0
 

Author Comment

by:cur
ID: 40611830
is there any best tool I can used to monitor any changes to AD will written to log or email to the next reporting  level  . with the AD I would like to have something in the windows auditing or third party tool . I hope theses tools or audit report will not affecting the AD performance
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40611895
This is more suited for a separate question on EE to be honest, as this will give other experts the chance to have their input. The more opinions, the better I say!
0
 

Author Comment

by:cur
ID: 40613885
I hope this will come under the same category . Can any one give us any reference in to this
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40613943
Well your original question was how to check which Group Policies were applying in your environment.

You would now like suggestions for AD auditing tools which is completely different from your original question.

I will use the Request attention feature to get some input from a moderator so we can then decide what should be done next as I believe I have answered your original question.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question