[gptalk] Re: Compatible Security Template applied twice?

  • From: Darren Mar-Elia <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Fri, 17 Oct 2008 15:54:11 -0700

850? Ouch. Even half that number is a lot of keys to be re-permissioning using 
GP. Keep in mind that security policy re-applies itself every 16 hours by 
default, not to mention at other times when it may refresh. That means that 
every key is being re-permissioned each time GP refreshes. Generally speaking I 
recommend avoiding the use of File and Registry security policy for large 
numbers of keys or files. What template did you deploy that uses all these 
permissions?

In terms of cleaning it up, you can certainly do it manually from the UI, or 
you can edit the underlying GPTTmpl.inf file that stores the settings within 
the SYSVOL part of that GPO.

Darren 

-----Original Message-----
From: "Steve Chambers" <schambers1969@xxxxxxxxx>
To: gptalk@xxxxxxxxxxxxx
Sent: 10/17/2008 3:40 PM
Subject: [gptalk] Re: Compatible Security Template applied twice?

Thanks Darren,

Kind of sounds dumb but what would the recommended method be for cleaning it
up? Looks like there is approximately 850 Registry Keys listed so cut that
in half.

Steve


On Fri, Oct 17, 2008 at 3:35 PM, Darren Mar-Elia <darren@xxxxxxxxxx> wrote:

> Steve-
> It does not sound normal to me and at the very least could cause confusion
> down the line and extra work on the client if its not cleaned up.
>
> Darren
>
> -----Original Message-----
> From: "Steve Chambers" <schambers1969@xxxxxxxxx>
> To: gptalk@xxxxxxxxxxxxx
> Sent: 10/17/2008 3:32 PM
> Subject: [gptalk] Compatible Security Template applied twice?
>
> Hi!
>
> Upon reviewing our companies Default Domain Policy i noticed that all
> Registry Key entries are duplicated in Group Policy (Hope that makes
> sense)***********************
> You can unsubscribe from gptalk by sending email to
> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
> logging into the freelists.org Web interface. Archives for the list are
> available at http://www.freelists.org/archives/gptalk/
> ************************
>

***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: