Solved

2008 Windows Domain Controller is missing GPO Setting needed for older 2003 servers.  How do I set this?

Posted on 2016-10-11
5
45 Views
Last Modified: 2016-10-11
Greetings,

I'm being asked to set this GPO setting and value: System objects: Default owner for objects created by members of the Administrators group' to 'Object creator'.  This is in Windows Server 2003.

however, my GPM and Domain Controllers in 2008 fail to show this line item.  How do I get it visible so I can set it for my 2003 servers?  
Thanks.
0
Comment
Question by:Evan Cutler
  • 2
  • 2
5 Comments
 
LVL 83

Expert Comment

by:oBdA
ID: 41838861
This article describes how to make it visible again for W2k3/XP (it will still not apply to anything running Vista or later):
A Group Policy setting is not available in the security policy settings list on a computer that is running Windows Server 2008
https://support.microsoft.com/en-us/kb/947721
0
 
LVL 9

Author Comment

by:Evan Cutler
ID: 41838886
Thank you.
Is there any way to do this in a standard registry push in GPO, vice changing the server itself?
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 150 total points
ID: 41838937
Yes, use group policy preferences


Computer\Preferences\Windows\Registry
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
nodefaultadminowner (REG_DWORD)
The supported values are 0 for Administrators group, or 1 for Object creator
0
 
LVL 83

Accepted Solution

by:
oBdA earned 350 total points
ID: 41838942
According to the changes suggested, it looks like it's a REG_DWORD "NoDefaultAdminOwner" in HKLM\SYSTEM\CurrentControlSet\Control\Lsa
0=Administrators group, 1=Object Creator
0
 
LVL 9

Author Closing Comment

by:Evan Cutler
ID: 41839045
Thanks guys.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now