I am having some issues with Windows 8 and Windows 10 on my domain. The domain level is 2008 R2. My question is in the default domain policy I have in the Computer - File System section permissions set for both %programfiles% and %systemroot%. I do not know why these are set and feel they may be legacy left overs since this domain started as a 2000 domain and has been upgraded to every version until this one. See attached to see what permissions are set. I think having this set is stripping off newer permissions windows 8 and 10 are using for these folders. Does anyone else have these specifed? And obviously without knowing my domain, do you feel it would be safe to take these out of the default domain policy?