Well, I’ve effectively shot myself in the foot–or possibly heart–by inadvertantly removing access to the default GPO object.
Let me explain: I’ve implemented Automatic Update for our network, but did not want our server to be automatically updated (I didn’t want them to auto-reboot, if that was necessary). Well, implementing AU requires the use of a Group Policy. For the servers to be excluded from that policy, I copied the default GPO (my first mistake) and changed its name, security access and the AU policy.
Some of you may already see where this is leading…
When I copied the default Domain Policy, another policy was listed, but it was really just another instance of the GPO that was already. When I changed (what I thought was) the new policy, I was actually changing the ONLY policy. Thinking it was a newly created policy, I removed all names from the security tab except CREATOR OWNER (thinking that was me) and the names of the servers I was creating this new policy for. So now, I have a group policy in effect that has AU disabled, but nobody really has access to it. Evidently, I am not the CREATOR OWNER.
The only good thing about this is that we didn’t have any special policy settings, except for AU.
So…
How can I correct my mistake? Can I correct my mistake? Should I just submit my 2-week notice now???
