AD Group Policy issue reverse best practise

we have 2008 ad running and connected with windows xp very few pcs , windows 7 and 8 on the client Pcs . I have notice that some issues like restart/shutdown option not available in the win 7 start menu level .
we have few changes in the default policy level in DC/domain . how can I check the applied policies in the AD level and the client end to go back to the AD default policy ,

I hope recommended way is to crate the new policies and keep the original or the default ones as it is .
curAsked:
Who is Participating?
 
VB ITSConnect With a Mentor Specialist ConsultantCommented:
I usually use gpresult /r (you'll need to use gpresult /v on the XP machines) along with RSoP.msc to check what Group Policies and settings are applying.

Run both of these commands in an elevated Command Prompt window when you are logged in as the user so you can see what computer-level GPOs are applying as well.
0
 
curAuthor Commented:
thanks I will check that way . I have realized that some times above result will not show anything block from the policy level . but reality is my pc's CD rom got block and still the deny access
I have remove the pc membership affect the same and working . it seems be in AD policy will not removing after policy remove  . Anything we can do for that
0
 
VB ITSConnect With a Mentor Specialist ConsultantCommented:
That generally happens when somebody has implemented a non-standard setting, either through registry entries or some sort of custom ADM file.

You can look at deleting the below keys from the registry on your machine to clear out any orphaned Group Policy settings. Make sure you take a backup of these registry keys before deleting them:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft Key
HKEY_CURRENT_USER\Software\Policies\Microsoft
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

Open in new window

0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
curAuthor Commented:
thanks for your information . Is there any way we can rollback the AD policies back to the original . I can remember some kind of template to apply  ?  there are some standard template in win 2003 . how about in 2008 r2 AD
0
 
VB ITSConnect With a Mentor Specialist ConsultantCommented:
You can use the dcgpofix command to reset the Default Domain Policy and Default Domain Controllers Policy back to their default settings. These are the only two policies that come shipped with Windows by default.

More information on this command can be found here: https://technet.microsoft.com/en-us/library/hh875588.aspx

You'll then need to browse through each OU in the Group Policy Management Console and either unlink or delete the GPO from applying, with the exception of the Default Domain Policy at the root of the domain and Default Domain Controllers Policy in the Domain Controllers OU.
0
 
curAuthor Commented:
is there any best tool I can used to monitor any changes to AD will written to log or email to the next reporting  level  . with the AD I would like to have something in the windows auditing or third party tool . I hope theses tools or audit report will not affecting the AD performance
0
 
VB ITSSpecialist ConsultantCommented:
This is more suited for a separate question on EE to be honest, as this will give other experts the chance to have their input. The more opinions, the better I say!
0
 
curAuthor Commented:
I hope this will come under the same category . Can any one give us any reference in to this
0
 
VB ITSSpecialist ConsultantCommented:
Well your original question was how to check which Group Policies were applying in your environment.

You would now like suggestions for AD auditing tools which is completely different from your original question.

I will use the Request attention feature to get some input from a moderator so we can then decide what should be done next as I believe I have answered your original question.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.