[gptalk] Re: Compatible Security Template applied twice?

  • From: "Nelson, Jamie" <Jamie.Nelson@xxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Tue, 21 Oct 2008 12:53:54 -0500

That would definitely be easier than doing it through the console. It
shouldn't cause any problems.

 

Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon
Energy Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 |
http://www.dvn.com <http://www.dvn.com/> 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Steve Chambers
Sent: Tuesday, October 21, 2008 12:47 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Compatible Security Template applied twice?

 

I found the GPTTmpl.ini file, it has 890 (approx) entries listed and
everything is duplicated.

 

I guess my question at this point is do I just remove all of the
duplicate entries?

 

Steve



 

On Sat, Oct 18, 2008 at 7:11 AM, Steve Chambers
<schambers1969@xxxxxxxxx> wrote:

Is there an easy way to see what File and Registry settings are being
applied by the security policy? Guess if i knew that i could just delete
everything else.

 

Thanks!

 

Steve



 

On Fri, Oct 17, 2008 at 4:15 PM, Steve Chambers
<schambers1969@xxxxxxxxx> wrote:

Tell me about it, this is something that was already in place when I
started with the company. In fact I have a feeling it has been this way
for quite some. Nobody seems to know anything about it and I don't know
if the file and registry security policy is even being utilized. I will
make a point of verifying that though. 

From what research I have done, it looks like it was imported from the
Compatible (compatws.inf) Security Template? 

Steve

 

On Fri, Oct 17, 2008 at 3:54 PM, Darren Mar-Elia <darren@xxxxxxxxxx>
wrote:

850? Ouch. Even half that number is a lot of keys to be re-permissioning
using GP. Keep in mind that security policy re-applies itself every 16
hours by default, not to mention at other times when it may refresh.
That means that every key is being re-permissioned each time GP
refreshes. Generally speaking I recommend avoiding the use of File and
Registry security policy for large numbers of keys or files. What
template did you deploy that uses all these permissions?

In terms of cleaning it up, you can certainly do it manually from the
UI, or you can edit the underlying GPTTmpl.inf file that stores the
settings within the SYSVOL part of that GPO.


Darren

-----Original Message-----
From: "Steve Chambers" <schambers1969@xxxxxxxxx>
To: gptalk@xxxxxxxxxxxxx

Sent: 10/17/2008 3:40 PM
Subject: [gptalk] Re: Compatible Security Template applied twice?

Thanks Darren,

Kind of sounds dumb but what would the recommended method be for
cleaning it
up? Looks like there is approximately 850 Registry Keys listed so cut
that
in half.

Steve


On Fri, Oct 17, 2008 at 3:35 PM, Darren Mar-Elia <darren@xxxxxxxxxx>
wrote:

> Steve-
> It does not sound normal to me and at the very least could cause
confusion
> down the line and extra work on the client if its not cleaned up.
>
> Darren
>
> -----Original Message-----
> From: "Steve Chambers" <schambers1969@xxxxxxxxx>
> To: gptalk@xxxxxxxxxxxxx
> Sent: 10/17/2008 3:32 PM
> Subject: [gptalk] Compatible Security Template applied twice?
>
> Hi!
>
> Upon reviewing our companies Default Domain Policy i noticed that all
> Registry Key entries are duplicated in Group Policy (Hope that makes
> sense)***********************
> You can unsubscribe from gptalk by sending email to
> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field
OR by
> logging into the freelists.org <http://freelists.org/>  Web interface.
Archives for the list are
> available at http://www.freelists.org/archives/gptalk/
> ************************
>

***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org <http://freelists.org/>  Web
interface. Archives for the list are available at
http://www.freelists.org/archives/gptalk/
************************

 

 

 


Confidentiality Warning: This message and any attachments are intended only for 
the use of the intended recipient(s), are confidential, and may be privileged. 
If you are not the intended recipient, you are hereby notified that any review, 
retransmission, conversion to hard copy, copying, circulation or other use of 
all or any portion of this message and any attachments is strictly prohibited. 
If you are not the intended recipient, please notify the sender immediately by 
return e-mail, and delete this message and any attachments from your system. 

Other related posts: