Default Domain Policy
-
@momurda said in Default Domain Policy:
I wish i did. The default domain policy here and the default domain controller policy have been modified heavily, rather than making new ones and leaving them default. I have been slowly getting them back to default(i think) by making other policies linked to the same OUs with similar settings then changing the default ones back to Not Configured.
There is dcgpofix from MS. I have been too scared to use it as i am not sure if there is some arcane existing setting that would break things if reset.
I've got a 2016 server that's not doing anything. I could spin it up as an AD controller and get the defaults for that if you want.
-
Iam on 2012 AD Schema.
-
Yeah, I think we need to initiate a team effort or something to collect defaults for 2008, 2012, and 2016.
-
@momurda I would do that if I really, really had everything ready.
http://i.imgur.com/y7Hm9.jpg -
You can restore it with gpofix. Not sure if I'd go that route though.
You could always fire up a 2008 R2 VM and promote it to a test domain and export the GPO.
-
let me see if I might help cause I use 2008 R2 SP1 as windows deployment role, and that for some reason requires AD, thus I have AD but I dont use it at all, so i never modify it.
-
We should also come up with a standard way of exporting the GPO configurations (quit laughing, I've never had to do this before! lol).
-
Import-Module activedirectory Import-Module grouppolicy Add-Type -AssemblyName "System.IO.Compression.FileSystem"; #Variables $Path = "" #Set to where ever you want the GPOs to be stored $gpoarray = Get-GPO -all | select Id, DisplayName #Gets all GPOs and puts their ID and Displayname in an array $Date = Get-Date -Format MM-dd-yy #Backup loop foreach($guid in $gpoarray){ $DisplayName = $guid.DisplayName $BackupPath = $Path + $Date + "\" + $DisplayName if(Test-Path $BackupPath){}else{mkdir "$BackupPath"} Backup-GPO -Guid $guid.Id -Path "$BackupPath" #This will place the GPOs in a specific path for example C:\GPOs\11-2-15\Machine Policy... } #Create individual folders for each GPO #Compression [System.IO.Compression.ZipFile]::CreateFromDirectory("$Path$Date", "$Path$Date.zip"); Remove-Item $Path$Date -Force -Recurse -
@coliver I like it!
I'll try to get a 2016 Default GPO list up today.
-
Server 2016 Default Policies located here:
https://github.com/dafyre/default_gpo_policies
Link updated to point to the GitHub Repo. No zip file to deal with now.
-
You have a checksum for the zip file?
-
-
@dafyre
Perfect, thanks! -
@dafyre said in Default Domain Policy:
Server 2016 Default Policies located here:
http://france.wellston.biz/DefaultPolicies_Server2016.zip
MD5 Checksum: 708c92da241ae1c7163125d7cdf96299Why not on a github or something?
-
@JaredBusch said in Default Domain Policy:
@dafyre said in Default Domain Policy:
Server 2016 Default Policies located here:
http://france.wellston.biz/DefaultPolicies_Server2016.zip
MD5 Checksum: 708c92da241ae1c7163125d7cdf96299Why not on a github or something?
Hindsight is 20/20, lol.
-
@dafyre said in Default Domain Policy:
@JaredBusch said in Default Domain Policy:
@dafyre said in Default Domain Policy:
Server 2016 Default Policies located here:
http://france.wellston.biz/DefaultPolicies_Server2016.zip
MD5 Checksum: 708c92da241ae1c7163125d7cdf96299Why not on a github or something?
Hindsight is 20/20, lol.
Why not NOW though?
-
@scottalanmiller said in Default Domain Policy:
@dafyre said in Default Domain Policy:
@JaredBusch said in Default Domain Policy:
@dafyre said in Default Domain Policy:
Server 2016 Default Policies located here:
http://france.wellston.biz/DefaultPolicies_Server2016.zip
MD5 Checksum: 708c92da241ae1c7163125d7cdf96299Why not on a github or something?
Hindsight is 20/20, lol.
Why not NOW though?
Link fixed.
https://github.com/dafyre/default_gpo_policies/blob/master/DefaultPolicies_Server2016.zip
MD5 checksum is the same.
-
@Tim_G Yeah, that is what I use (as last resort though)
https://technet.microsoft.com/en-us/itpro/powershell/windows/grouppolicy/restore-gpo
https://technet.microsoft.com/en-us/library/hh875588(v=ws.11).aspx -
@dafyre said in Default Domain Policy:
@scottalanmiller said in Default Domain Policy:
@dafyre said in Default Domain Policy:
@JaredBusch said in Default Domain Policy:
@dafyre said in Default Domain Policy:
Server 2016 Default Policies located here:
http://france.wellston.biz/DefaultPolicies_Server2016.zip
MD5 Checksum: 708c92da241ae1c7163125d7cdf96299Why not on a github or something?
Hindsight is 20/20, lol.
Why not NOW though?
Link fixed.
https://github.com/dafyre/default_gpo_policies/blob/master/DefaultPolicies_Server2016.zip
MD5 checksum is the same.
Issue created
-
@JaredBusch said in Default Domain Policy:
@dafyre said in Default Domain Policy:
@scottalanmiller said in Default Domain Policy:
@dafyre said in Default Domain Policy:
@JaredBusch said in Default Domain Policy:
@dafyre said in Default Domain Policy:
Server 2016 Default Policies located here:
http://france.wellston.biz/DefaultPolicies_Server2016.zip
MD5 Checksum: 708c92da241ae1c7163125d7cdf96299Why not on a github or something?
Hindsight is 20/20, lol.
Why not NOW though?
Link fixed.
https://github.com/dafyre/default_gpo_policies/blob/master/DefaultPolicies_Server2016.zip
MD5 checksum is the same.
Issue created
Issue fixed. See updated link, https://github.com/dafyre/default_gpo_policies
