Default Domain Policy Permissions

I am having some issues with Windows 8 and Windows 10 on my domain.  The domain level is 2008 R2.  My question is in the default domain policy I have in the Computer - File System section permissions set for both %programfiles% and %systemroot%.  I do not know why these are set and feel they may be legacy left overs since this domain started as a 2000 domain and has been upgraded to every version until this one.  See attached to see what permissions are set.   I think having this set is stripping off newer permissions windows 8 and 10 are using for these folders.   Does anyone else have these specifed?  And obviously without knowing my domain, do you feel it would be safe to take these out of the default domain policy?

Thanks
systemroot.JPG
LVL 1
Tim LewisNetwork ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kevinhsiehCommented:
I would suggest that you copy whatever settings you have in the Default Domain Policy that you want to use to other GPOs and disable the default domain policy. My default domain policy has been disabled for many years. This makes it easy to re-enable the policy, but you shouldn't have to, and any NTFS settings would stick on any current machines anyway.

Yes, I would generally feel okay with removing that GPO setting.
dan_blagutCommented:
Hello

disabling default domain policy can cut your rigth to set some parameters. You can save an HTML rapport of default domain policy, then recreate a new policy
here you will find the prcedure:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/e8a7c194-d3bf-4e1c-857c-7f779cc86705/how-to-reset-default-domain-policy

Dan
Tim LewisNetwork ManagerAuthor Commented:
I ended up copying the entries in from the registry section and file system section to a new policy in case I found I needed them in the future.  I did not apply the new policy anywhere as of now.  So without those registry settings and File System permissions being applied by GP everything seems to be running great.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Tim LewisNetwork ManagerAuthor Commented:
Found that these legacy Group Policy settings were causing the issues in Win 8 and Win 10.  Removed and life is good.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.