Sunday, May 28, 2006

Group Policy bits and pieces

Hi,

Here are just a few group policy basics which might help a few people.

Firstly, the way group policy is processed:

In a domain environment it goes like this...


Local
Site
Domain
OU

Whichever policy is applied last wins and its settings apply.

NOTE: Be careful though to remember that if for example you define a setting in the local policy, if none of the other policies explicitly define that same setting, then the local policy setting will be applied even though it is not last in the processing order.


Someone recently asked how to reset the local policy:

The best way I have found would be to script the deletion of the registry.pol files from the

%windir%\system32\grouppolicy\machine

and

%windir%\system32\grouppolicy\user

directories.

This would leave you with a clean local GPO so that new domain policies can be applied without having to define every setting.

Finally, a way to reset local security settings on a 2000/XP and 2003 machine:

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

(note the above should be one line)

See the link below for more info on this one:

Link

0 Comments:

Post a Comment

<< Home