Solved

Group Policy Problem - Default Domain Policy

Posted on 2006-11-30
4
376 Views
Last Modified: 2012-08-13
I made a change to a policy within our default domain policy. Whats strange is some computers get the update and some dont. Even though when I run a gpresult they are pulling from the same DC. When I do a gpresult, I do see two default domain policies being applied. Is that normal?  Can a group policy become corrupt?

I only have two DC in this site...

Windows 2003 Server and XP clients
0
Comment
Question by:bonadio171
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 6

Accepted Solution

by:
d50041 earned 200 total points
ID: 18046646
run gpotool.exe /dc:dcname

and review the results.

generally don't use the default domain policy or default domain server policy, make your own GPO's.

In the gpo mmc run the wizward againt a computer that is not getting the gpo.

Yes it is normal to have several GPO's listed, yes a group policy can become corrupt, its a file.
0
 
LVL 6

Assisted Solution

by:trippleO7
trippleO7 earned 200 total points
ID: 18047465
Sure policies can become corrupt, especially when making changes through the SYSVOL dir instead of using Group Policy Management Console (GPMC).

I'm unsure if you're aware, but there are two default policies created during an AD install.  Defaut Domain Policy and Default Domain CONTROLLER Policy.  The controller policy is automatically applied to the "Domain Controllers" OU and your DC's are automatically added to that.  If you are seeing two default domain policies being applied, is there a chance that you have applied both of the default policies to your computers on accident?  That could render adverse affects....

Another thing that could be happening is Policy Inheritance.  When you create an OU under your Domain name, and create a new policy to that OU, it will inherit the default domain policy as well by default, unless you explicitly told that OU to block policy inheritance.

If you haven't done so alread, I suggest downloading GPMC from MS via http://www.microsoft.com/downloads/details.aspx?familyid=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

This will give you a clear picture of what's going on as it's displayed better than the built in GP editor in 2000/2003.

Verify this info then let me know if that looks OK.  I'll go from there.  We just need to start with some basics first.

Thanks!
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question