Cant delete default domain policy

All replies

• 

  

  0

  Sign in to vote

  Hello,

   I deleted the default domain policy and implemented my own

  AFAIK, the default domain policy can not be deleted but can be unlinked.

  Now in the group policy editor it still shows under group policy objects.

  Perfectly normal.

  There is nothing to do to delete it. It can just be unliked.

   

  ---

  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

  Microsoft Student Partner 2010 / 2011
  Microsoft Certified Professional
  Microsoft Certified Systems Administrator: Security
  Microsoft Certified Systems Engineer: Security
  Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
  Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
  Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
  Microsoft Certified Technology Specialist: Windows 7, Configuring
  Microsoft Certified IT Professional: Enterprise Administrator

  • Marked as answer by Arthur_LiMicrosoft contingent staff Friday, July 1, 2011 9:03 AM

  Thursday, June 30, 2011 6:52 PM
• 

  

  0

  Sign in to vote

  Hi Mr X.

   

  Thanks for your quick response.  I had already unlinked it but just wanted to do a little housekeeping.  I disabled it in the gp objects container just for good measure.

   

  Thanks again!  Have a great holiday weekend.

  ---

  
  ---
  Regards,
  NumbLock Et Al
  --------
  There are only 10 kinds of people in the world. Those who understand binary and those who don't
  --------

  Thursday, June 30, 2011 7:54 PM
• 

  

  1

  Sign in to vote

  I agree with Mr X. The Default Domain Policy and the Default Domain Controller policies can't be deleted. You can unlink or disable them, but it's not suggested. It's by design. More detailed info:

  You receive a "Failed to delete Group Policy Object" error message when you try to delete the default domain policy or the default domain controller policy in Windows Server 2003 and in Windows 2000 Server"
  "... the default domain Group Policy object (GPO) and the default domain controller Group Policy object cannot be deleted."
  http://support.microsoft.com/kb/910201

  Curious, any reason you can't just keep it for what it's intended, then remove the default settings from your policy?

   

  FYI, while on the topic of Default GPOs, if either Default policy gets corrupted, you can re-create them with the dcgpofix utility.

  Default Group Policy objects become corrupted: disaster recovery
  http://technet.microsoft.com/en-us/library/cc739095(WS.10).aspx

  Ace

   

  ---

  Ace Fekay
  MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

  Friday, July 1, 2011 6:08 AM
• 

  

  0

  Sign in to vote

  Thanks, Ace.  It did let me delete it from the domain container but not the GPO container.  Probably should have just disabled and unlinked it.

   

  Thanks again for your help!

  ---

  
  ---
  Regards,
  NumbLock Et Al
  --------
  There are only 10 kinds of people in the world. Those who understand binary and those who don't
  --------

  Friday, July 1, 2011 12:03 PM
• 

  

  0

  Sign in to vote

  Thanks, Ace.  It did let me delete it from the domain container but not the GPO container.  Probably should have just disabled and unlinked it.

   

  Thanks again for your help!

  ---

  
  ---
  Regards,
  NumbLock Et Al
  --------
  There are only 10 kinds of people in the world. Those who understand binary and those who don't
  --------

  
  Hmm... I would suggest to run the dcgpofix tool to recreate it so it doesn't cause any problems.

  Ace

  ---

  Ace Fekay
  MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

  Friday, July 1, 2011 3:12 PM
• 

  

  1

  Sign in to vote

  although possible to delete, disable, whatever, I think it is not even supported to not apply the default GPOs

  My suggestion: make sure those GPOs do apply

   

  <META name=Generator content="Microsoft Word 14 (filtered)"> <STYLE> </STYLE>

   

  Cheers,
  (HOPEFULLY THIS INFORMATION HELPS YOU!)
  Jorge de Almeida Pinto | MVP Identity & Access - Directory Services
  
  BLOG (WEB-BASED) --> http://blogs.dirteam.com/blogs/jorge/default.aspx
  BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
  -------------------------------------------------------------------------------------------------------
  * This posting is provided "AS IS" with no warranties and confers no rights!
  * Always test ANY suggestion in a test environment before implementing!
  -------------------------------------------------------------------------------------------------------

  "pcgalen" wrote in message news:ec502e71-8eeb-4962-bfb3-5932609e11ed...

  Hi Mr X.

   

  Thanks for your quick response.  I had already unlinked it but just wanted to do a little housekeeping.  I disabled it in the gp objects container just for good measure.

   

  Thanks again!  Have a great holiday weekend.

  ---

  
  ---
  Regards,
  NumbLock Et Al
  --------
  There are only 10 kinds of people in the world. Those who understand binary and those who don't
  --------

  ---

  Jorge de Almeida Pinto [MVP-DS] (http://blogs.dirteam.com/blogs/jorge/default.aspx)

  Saturday, July 9, 2011 5:22 PM
• 

  

  0

  Sign in to vote

  Thank you all for your replies.  Guess it was a mistake to delete the default policy.  I have a very small network and did not notice that the logon  script  was not executing on some server 2k3 machines.  Reenabling the default policy solved this.  Thanks again.  Any day you can learn something is a good day.  Well I guess every day is a good day as it is good to be alive.

   

  Thanks Again.

  ---

  
  ---
  Regards,
  NumbLock Et Al
  --------
  There are only 10 kinds of people in the world. Those who understand binary and those who don't
  --------

  Saturday, July 9, 2011 8:55 PM