Well, I've effectively shot myself in the foot by inadvertantly removing access to the default GPO object.
Let me explain: I've implemented Automatic Update for our network, but did not want our server to be automatically updated (I didn't want them to auto-reboot, if that was necessary). Well, implementing AU requires the use of a Group Policy. For the servers to be excluded from that policy, I copied the default GPO (my first mistake) and changed its name, security access and the AU policy.
Some of you may already see where this is leading...
When I copied the default Domain Policy, another policy was listed, but it was really just another instance of the GPO that was already on the list. When I changed (what I thought was) the new policy, I was actually changing the ONLY policy. Thinking it was a newly created policy, I removed all names from the security tab except CREATOR OWNER (thinking that was me) and the names of the servers I was creating this new policy for. So now, I have a group policy in effect that has AU disabled, but nobody really has access to it. Evidently, I am not the CREATOR OWNER. As administrator, I would have thought that I would have the rights to "Take Ownership" of the GP Object, but can't find any options that will allow me to do that.
The only good thing about this is that we didn't have any special policy settings, except for AU.
So...
How can I correct my mistake? Can I correct my mistake? Should I just submit my 2-week notice now???
Randy Davis, MCP
Data Analyst
Let me explain: I've implemented Automatic Update for our network, but did not want our server to be automatically updated (I didn't want them to auto-reboot, if that was necessary). Well, implementing AU requires the use of a Group Policy. For the servers to be excluded from that policy, I copied the default GPO (my first mistake) and changed its name, security access and the AU policy.
Some of you may already see where this is leading...
When I copied the default Domain Policy, another policy was listed, but it was really just another instance of the GPO that was already on the list. When I changed (what I thought was) the new policy, I was actually changing the ONLY policy. Thinking it was a newly created policy, I removed all names from the security tab except CREATOR OWNER (thinking that was me) and the names of the servers I was creating this new policy for. So now, I have a group policy in effect that has AU disabled, but nobody really has access to it. Evidently, I am not the CREATOR OWNER. As administrator, I would have thought that I would have the rights to "Take Ownership" of the GP Object, but can't find any options that will allow me to do that.
The only good thing about this is that we didn't have any special policy settings, except for AU.
So...
How can I correct my mistake? Can I correct my mistake? Should I just submit my 2-week notice now???
Randy Davis, MCP
Data Analyst