The title says it all and in the spirit of keeping my blog brief, here is what you need to exclude:
D:\Windows\SYSVOL
D:\Windows\NTDS
C:\Windows\NTFRS (yes that is the C: drive, its the temporary workspace)
C:\Windows\SYSTEM32\DNS
C:\ProgramData\NTUser.POL
C:\Windows\Security\Database
C:\Windows\SoftwareDistribution\DataStore
C:\Windows\System32\GroupPolicy
One added note, these are not just exclusions for the usual reasons, there are a number of anti-virus products that specifically munge the ACL information on group policy files with SYSVOL including Microsoft's own AV product Forefront.
Cheers!
No comments:
Post a Comment