Solved

AD Group Policy issue reverse best practise

Posted on 2015-02-15
12
53 Views
Last Modified: 2015-02-26
we have 2008 ad running and connected with windows xp very few pcs , windows 7 and 8 on the client Pcs . I have notice that some issues like restart/shutdown option not available in the win 7 start menu level .
we have few changes in the default policy level in DC/domain . how can I check the applied policies in the AD level and the client end to go back to the AD default policy ,

I hope recommended way is to crate the new policies and keep the original or the default ones as it is .
0
Comment
Question by:cur
  • 5
  • 4
12 Comments
 
LVL 24

Accepted Solution

by:
VB ITS earned 500 total points
ID: 40611712
I usually use gpresult /r (you'll need to use gpresult /v on the XP machines) along with RSoP.msc to check what Group Policies and settings are applying.

Run both of these commands in an elevated Command Prompt window when you are logged in as the user so you can see what computer-level GPOs are applying as well.
0
 

Author Comment

by:cur
ID: 40611744
thanks I will check that way . I have realized that some times above result will not show anything block from the policy level . but reality is my pc's CD rom got block and still the deny access
I have remove the pc membership affect the same and working . it seems be in AD policy will not removing after policy remove  . Anything we can do for that
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 500 total points
ID: 40611791
That generally happens when somebody has implemented a non-standard setting, either through registry entries or some sort of custom ADM file.

You can look at deleting the below keys from the registry on your machine to clear out any orphaned Group Policy settings. Make sure you take a backup of these registry keys before deleting them:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft Key
HKEY_CURRENT_USER\Software\Policies\Microsoft
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

Open in new window

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:cur
ID: 40611819
thanks for your information . Is there any way we can rollback the AD policies back to the original . I can remember some kind of template to apply  ?  there are some standard template in win 2003 . how about in 2008 r2 AD
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 500 total points
ID: 40611827
You can use the dcgpofix command to reset the Default Domain Policy and Default Domain Controllers Policy back to their default settings. These are the only two policies that come shipped with Windows by default.

More information on this command can be found here: https://technet.microsoft.com/en-us/library/hh875588.aspx

You'll then need to browse through each OU in the Group Policy Management Console and either unlink or delete the GPO from applying, with the exception of the Default Domain Policy at the root of the domain and Default Domain Controllers Policy in the Domain Controllers OU.
0
 

Author Comment

by:cur
ID: 40611830
is there any best tool I can used to monitor any changes to AD will written to log or email to the next reporting  level  . with the AD I would like to have something in the windows auditing or third party tool . I hope theses tools or audit report will not affecting the AD performance
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40611895
This is more suited for a separate question on EE to be honest, as this will give other experts the chance to have their input. The more opinions, the better I say!
0
 

Author Comment

by:cur
ID: 40613885
I hope this will come under the same category . Can any one give us any reference in to this
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40613943
Well your original question was how to check which Group Policies were applying in your environment.

You would now like suggestions for AD auditing tools which is completely different from your original question.

I will use the Request attention feature to get some input from a moderator so we can then decide what should be done next as I believe I have answered your original question.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question