Our old IT staff made some major changes to the default domain policy and default domain controller policies. Over the past few months we've broken most of the necessary settings into individual GPOs and applied them to the appropriate OUs.
There are still some settings that I can't seem to un-do in the Default policies, for example we have an "extra registry settings" section in our User Configuration\Administrati
ve Templates\Extra Registry Settings\ on both default domain policy and default DC policies.
To remedy these problems and start from scratch with default domain and default DC policies, I'd like to use dcgpofix to reset those two policies to an out of the box state.
The reason I'm doing this is because we're having some strange issues with policies not replicating to the clients, even when running gpupdate /force we still see a lot of computers that don't get the correct policies and that have problems with published applications. Many of the errors logged on the clients are generic, "Check to make sure that you have access to the installation folder, etc..." I know the access rights are configured correctly because not all clients are affected by these widespread issues. I'm not sure if this will fix or help to fix our problems, but I think it will be a good place to start.
I have a few questions that I haven't been able to find answers to so far:
I've never worked anywhere where the default domain policies have been so heavily modified, I'm just looking for someone who's done this before and the problems that they encountered as a result of this utility.
Will this utility reset the policies back to when we upgraded our DC's to 2003 or just the default out of the box configuration for 2003 server?
We're using RIS, will we need to reconfigure all of our RIS settings and start from scratch with RIS?
Will there be any negative impact on Exchange 2003 sp2?
Thanks in advance for your help.