locked
Cant delete default domain policy RRS feed

  • Question

  • Hello.  I am a relative newcomer to AD administration.  I deleted the default domain policy and implemented my own.  Now in the group policy editor it still shows under group policy objects. I assume this is somehow a ghost entry.  When I try to delete it from the group policy objects it fails with the message The Server is Unwilling to Process the Request.

     

    Any ideas?



    ---
    Regards,
    NumbLock Et Al
    --------
    There are only 10 kinds of people in the world. Those who understand binary and those who don't
    --------
    Thursday, June 30, 2011 6:47 PM

Answers

  • Hello,

     I deleted the default domain policy and implemented my own

    AFAIK, the default domain policy can not be deleted but can be unlinked.

    Now in the group policy editor it still shows under group policy objects.

    Perfectly normal.

    There is nothing to do to delete it. It can just be unliked.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator

    Thursday, June 30, 2011 6:52 PM

All replies

  • Hello,

     I deleted the default domain policy and implemented my own

    AFAIK, the default domain policy can not be deleted but can be unlinked.

    Now in the group policy editor it still shows under group policy objects.

    Perfectly normal.

    There is nothing to do to delete it. It can just be unliked.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator

    Thursday, June 30, 2011 6:52 PM
  • Hi Mr X.

     

    Thanks for your quick response.  I had already unlinked it but just wanted to do a little housekeeping.  I disabled it in the gp objects container just for good measure.

     

    Thanks again!  Have a great holiday weekend.



    ---
    Regards,
    NumbLock Et Al
    --------
    There are only 10 kinds of people in the world. Those who understand binary and those who don't
    --------
    Thursday, June 30, 2011 7:54 PM
  • I agree with Mr X. The Default Domain Policy and the Default Domain Controller policies can't be deleted. You can unlink or disable them, but it's not suggested. It's by design. More detailed info:

    You receive a "Failed to delete Group Policy Object" error message when you try to delete the default domain policy or the default domain controller policy in Windows Server 2003 and in Windows 2000 Server"
    "... the default domain Group Policy object (GPO) and the default domain controller Group Policy object cannot be deleted."
    http://support.microsoft.com/kb/910201

    Curious, any reason you can't just keep it for what it's intended, then remove the default settings from your policy?

     

    FYI, while on the topic of Default GPOs, if either Default policy gets corrupted, you can re-create them with the dcgpofix utility.

    Default Group Policy objects become corrupted: disaster recovery
    http://technet.microsoft.com/en-us/library/cc739095(WS.10).aspx

    Ace

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Friday, July 1, 2011 6:08 AM
  • Thanks, Ace.  It did let me delete it from the domain container but not the GPO container.  Probably should have just disabled and unlinked it.

     

    Thanks again for your help!



    ---
    Regards,
    NumbLock Et Al
    --------
    There are only 10 kinds of people in the world. Those who understand binary and those who don't
    --------
    Friday, July 1, 2011 12:03 PM
  • Thanks, Ace.  It did let me delete it from the domain container but not the GPO container.  Probably should have just disabled and unlinked it.

     

    Thanks again for your help!



    ---
    Regards,
    NumbLock Et Al
    --------
    There are only 10 kinds of people in the world. Those who understand binary and those who don't
    --------


    Hmm... I would suggest to run the dcgpofix tool to recreate it so it doesn't cause any problems.

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Friday, July 1, 2011 3:12 PM
  • although possible to delete, disable, whatever, I think it is not even supported to not apply the default GPOs
    My suggestion: make sure those GPOs do apply
     
    <META name=Generator content="Microsoft Word 14 (filtered)"> <STYLE> </STYLE>

     

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    BLOG (WEB-BASED) --> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test ANY suggestion in a test environment before implementing!
    -------------------------------------------------------------------------------------------------------

    "pcgalen" wrote in message news:ec502e71-8eeb-4962-bfb3-5932609e11ed...

    Hi Mr X.

     

    Thanks for your quick response.  I had already unlinked it but just wanted to do a little housekeeping.  I disabled it in the gp objects container just for good measure.

     

    Thanks again!  Have a great holiday weekend.



    ---
    Regards,
    NumbLock Et Al
    --------
    There are only 10 kinds of people in the world. Those who understand binary and those who don't
    --------

    Jorge de Almeida Pinto [MVP-DS] (http://blogs.dirteam.com/blogs/jorge/default.aspx)
    Saturday, July 9, 2011 5:22 PM
  • Thank you all for your replies.  Guess it was a mistake to delete the default policy.  I have a very small network and did not notice that the logon  script  was not executing on some server 2k3 machines.  Reenabling the default policy solved this.  Thanks again.  Any day you can learn something is a good day.  Well I guess every day is a good day as it is good to be alive.

     

    Thanks Again.



    ---
    Regards,
    NumbLock Et Al
    --------
    There are only 10 kinds of people in the world. Those who understand binary and those who don't
    --------
    Saturday, July 9, 2011 8:55 PM