Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

AD Group Policy issue reverse best practise

Posted on 2015-02-15
12
Medium Priority
?
57 Views
Last Modified: 2015-02-26
we have 2008 ad running and connected with windows xp very few pcs , windows 7 and 8 on the client Pcs . I have notice that some issues like restart/shutdown option not available in the win 7 start menu level .
we have few changes in the default policy level in DC/domain . how can I check the applied policies in the AD level and the client end to go back to the AD default policy ,

I hope recommended way is to crate the new policies and keep the original or the default ones as it is .
0
Comment
Question by:cur
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
12 Comments
 
LVL 24

Accepted Solution

by:
VB ITS earned 2000 total points
ID: 40611712
I usually use gpresult /r (you'll need to use gpresult /v on the XP machines) along with RSoP.msc to check what Group Policies and settings are applying.

Run both of these commands in an elevated Command Prompt window when you are logged in as the user so you can see what computer-level GPOs are applying as well.
0
 

Author Comment

by:cur
ID: 40611744
thanks I will check that way . I have realized that some times above result will not show anything block from the policy level . but reality is my pc's CD rom got block and still the deny access
I have remove the pc membership affect the same and working . it seems be in AD policy will not removing after policy remove  . Anything we can do for that
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 2000 total points
ID: 40611791
That generally happens when somebody has implemented a non-standard setting, either through registry entries or some sort of custom ADM file.

You can look at deleting the below keys from the registry on your machine to clear out any orphaned Group Policy settings. Make sure you take a backup of these registry keys before deleting them:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft Key
HKEY_CURRENT_USER\Software\Policies\Microsoft
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

Open in new window

0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:cur
ID: 40611819
thanks for your information . Is there any way we can rollback the AD policies back to the original . I can remember some kind of template to apply  ?  there are some standard template in win 2003 . how about in 2008 r2 AD
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 2000 total points
ID: 40611827
You can use the dcgpofix command to reset the Default Domain Policy and Default Domain Controllers Policy back to their default settings. These are the only two policies that come shipped with Windows by default.

More information on this command can be found here: https://technet.microsoft.com/en-us/library/hh875588.aspx

You'll then need to browse through each OU in the Group Policy Management Console and either unlink or delete the GPO from applying, with the exception of the Default Domain Policy at the root of the domain and Default Domain Controllers Policy in the Domain Controllers OU.
0
 

Author Comment

by:cur
ID: 40611830
is there any best tool I can used to monitor any changes to AD will written to log or email to the next reporting  level  . with the AD I would like to have something in the windows auditing or third party tool . I hope theses tools or audit report will not affecting the AD performance
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40611895
This is more suited for a separate question on EE to be honest, as this will give other experts the chance to have their input. The more opinions, the better I say!
0
 

Author Comment

by:cur
ID: 40613885
I hope this will come under the same category . Can any one give us any reference in to this
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40613943
Well your original question was how to check which Group Policies were applying in your environment.

You would now like suggestions for AD auditing tools which is completely different from your original question.

I will use the Request attention feature to get some input from a moderator so we can then decide what should be done next as I believe I have answered your original question.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question