Help understanding Group Policy
Posted on 2015-02-19
I have an Active Directory on Windows 2008R2 with a replicated second server which has collected many Policies over the years. I am trying to clean them up but first need to understand a few things and unleash some mysteries.
I will explain my issues and questions with as much information as possible.
1.) I checked the GUID of each policy and then checked the \\domain\sysvol\policies directory and there is a corresponding folder for each except for one folder which has no corresponding Policy in GP. I checked the Machine and User subfolders and they are empty. Is this safe to delete from Windows Explorer?
2.) Also when I run a Group Policy Results, there are some policies which come up with the name of the policy while others come up with the GUID. Any idea why and how to have the name show for all of them.
3.) Some policies appear twice in the Applied GPO section. Is this a problem?
4.) Some policies appear in the section Denied GPO with reason Inaccessible. I actually deleted one of these and renamed the other one from GP. Why are they appearing here and how do I clean this up?
5.) Some policies appear in Denied GPO as Inaccessible. I realized that the Security Filter was for a Group of users, but the policy was linked to the Computer OU,
5A.) I changed one Policy to link to the top level OU domain name which includes all OU underneath. It seemed like this worked because the policy was simply to assign the default printer to a specific printer and when I logged in as the user it changed to that printer. However, it still appears as a Denied policy with inaccessible. How can I fix this as I would like to use the Group Policy Results tool to make sure all the policies are assigned and working properly?
5B.) I changed another policy from the User Group in the security Filter to Authenticated Users. This still shows denied, but I am not sure if it is working because it involves too many changes to check. Is there a way to make sure that the Group Policy Results tool reflects the current GPO or is there a better tool to use?
6.) If I want to create a policy with User settings to apply to specific users in a specific OU of Computers, what is the best way to do this?
7.) If I want to delete a policy, either because I don't need it any more or because I combined the settings into another policy, Can I simply Delete it from GPO or is there a better way?
8.) I always thought that I had to set the setting under Computer Configuration for System/Group Policy/User Group Policy loopback processing mode to Merge since I have many policies. But I noticed that not all have this. Do I need this for policies which only have user settings? Is there a simple rule when I use this and when not?