none
Windows 2003 domain functionality - GPO question

    Question

  • Hi,

    In our Domain environment, all servers run windows 2008 r2, yet the domain functional level is set to windows 2003.

    I want to create a GPO that allows only specific apps to be run by user. A GPO to set the homepage default. A GPO to lock down usb mass storage devices. Now our client machines are of various versions, we have windows 7, windows 8 and windows 10.

    Can I implement these GPOs successfully on these machines under domain functionality of windows 2003?

    Thanks!

    Monday, March 21, 2016 2:07 AM

Answers

  • Hi,
     
    Am 21.03.2016 um 03:07 schrieb Janus Barinan:
    > In our Domain environment, all servers run windows 2008 r2, yet the
    > domain functional level is set to windows 2003.
     
    Why? There is no reason to do so, but at least one big reasons to
    switch. -> AD Recycle Bin!
     
    > Can I implement these GPOs successfully on these machines under domain
    > functionality of windows 2003?
     
    Yes, because your GPEditor is the Windows 10 machine or any other
    /NEWER/ than 2003 ...
     
    DFL and FFL are only targeting the Domain Controllers Replication
    information. You can not replicate new data tables and information to a
    older DC Operating System.
    Switching to a new FFL or DFL kicks all older DCs out of replication.
     
    The clients just don´t care about the level.
     
    Mark
    --
    Mark Heitbrink - MVP Windows Server - Group Policy
     
    GPO Tool: http://www.reg2xml.com - Registry Export File Converter
     
    Monday, March 21, 2016 7:55 AM

All replies

  • Hi,
     
    Am 21.03.2016 um 03:07 schrieb Janus Barinan:
    > In our Domain environment, all servers run windows 2008 r2, yet the
    > domain functional level is set to windows 2003.
     
    Why? There is no reason to do so, but at least one big reasons to
    switch. -> AD Recycle Bin!
     
    > Can I implement these GPOs successfully on these machines under domain
    > functionality of windows 2003?
     
    Yes, because your GPEditor is the Windows 10 machine or any other
    /NEWER/ than 2003 ...
     
    DFL and FFL are only targeting the Domain Controllers Replication
    information. You can not replicate new data tables and information to a
    older DC Operating System.
    Switching to a new FFL or DFL kicks all older DCs out of replication.
     
    The clients just don´t care about the level.
     
    Mark
    --
    Mark Heitbrink - MVP Windows Server - Group Policy
     
    GPO Tool: http://www.reg2xml.com - Registry Export File Converter
     
    Monday, March 21, 2016 7:55 AM
  • Thanks guys!
    Wednesday, April 6, 2016 1:20 AM