[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 20
  • Last Modified:

Unsaved Default Domain Policy GPO settings applied while GPO editor still open

Had a very strange experience with Server 2012 R2 Group Policy this morning.  Last night, I opened the Default Domain Policy in the Group Policy Editor and made a change to Windows Settings\Security Settings\Local Policies\Security Options.  I enabled the setting "Network access: Do not allow stroage of passwords and credentials for network authentication", but I did not close the policy editor.

This morning, I received several calls that this setting appeared to be applied throughout the domain.  Correct me if I am wrong, but aren't GPO changes supposed to remain uncommitted until the GPO Editor window is closed?  Has anyone else seen this phenomenon?
0
Skip
Asked:
Skip
  • 4
4 Solutions
 
Joseph MoodyBlogger and wearer of all hats.Commented:
Nope - GPO changes occur in realtime while the editor is opened.
0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
Often, you will see a best practice for editing GPOs that states you should only create/edit unlinked GPOs.
0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
Also - Advanced Group Policy Management (AGPM) has a check in/check out feature that allows you edit a GPO. To do so, you check it out first - it  makes a copy of the existing GPO, you edit it/test it/etc. When you check it back in, it replaces the first GPO with your new changes.
0
 
Adam BrownSr Solutions ArchitectCommented:
Also, Microsoft recommends not changing the Default Domain policy or Default Domain Controllers policy, since the settings in each are required for proper domain functioning. If you need to make setting changes, it's best to do so in a different GPO linked to the domain.
0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
question has been answered.
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now