My GPO implementor created a GPO that tried to assign permissions to those items which are owned by trusted installer -- the permissions that were attempted to be assigned were the default permissions. The thought was that if anyone tried to change them, then they would get changed back.
In the meantime, audit failures are also turned on.
So I'm getting 100,000 audit failures every couple hours as the GPO tried to apply and the GPO can't set the file permissions. So, for example, in system32 and syswow64 the gpo's can't apply.
To further complicate the matter, "Propagate inheritable permission to all subfolders and files" is enabled on system32 and syswow64.
So two questions:
What is the best way to undo this while leaving the audit failures turned on and still retaining the correct permissions on all the files?
and
What happens to the files that aren't owned trustedinstalled than now have the trustedinstaller default permissions under system32 and syswow64 if I were to remove the gpo? What file permissions would be retained?
Thanks,
Thy