Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 516
  • Last Modified:

The GPO are not working

I've intalled windows 2003 server, but since the beginning, the GPO has never, ever works.

there was 3 gpo in this directory. But i've deleted all of them.
\\Boxiserver\SYSVOL\BOXICABLEWEB\Policies

There is a problem with the domain. Somentimes drop the conecction with the clientes, sometimes never load the computers, never load the wallpaper, desktop backgrown, let the user change propierties, doen't load the networ mapp.

I need to know step by step how to recover my GPO, and to be running the GPO in my LAN.


1.JPG
2.JPG
3.JPG
0
felny
Asked:
felny
  • 3
  • 3
1 Solution
 
oBdACommented:
To start with: Deleting folders from the Policies folder in the Sysvol was a *really* bad idea. You've deleted the folders for the Default Domain Policy as well as the Default Domain Controllers policy, but the references to those policies are still in AD. Restore these folders from backup. If you don't have a backup, you can try your luck with the dcgpofix tool.
The Dcgpofix tool does not restore security settings in the Default Domain Controller Policy to their original state
http://support.microsoft.com/kb/833783
Policies should only be managed through the GPMC, not on their physical locations.

All that aside, your main problems are resulting from your single-label DNS domain name "boxicableweb"; you have no tld like local., .intra, .whatever after boxicableweb. The domain can be reconfigured to allow for this, but you can expect other strange effects if you continue with this name.
Information about configuring Windows for domains with single-label DNS names
http://support.microsoft.com/kb/300684

Since this seems to be a fairly new installation, I'd recommend to wipe the domain and start from scratch with a proper DNS name; note that the 296250 article, despite the title, applies to most AD domains, not only SBS.

The Domain Name System name recommendations for Small Business Server 2000 and Windows Small Business Server 2003
http://support.microsoft.com/kb/296250

10 DNS Errors That Will Kill Your Network
http://redmondmag.com/features/article.asp?EditorialsID=413

Frequently asked questions about Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
0
 
felnyAuthor Commented:
Ok, your answer is full complety.

I have deleted the gpo. Can you tell me how can i restore the default GPO? I mean, how can i used to work with Dcgpofix tool? Where can i get it?

I couldn't recover my last gpo, but it doesn't matther to return the default, because likewise, the last  never work.

Can you tell me step by step how to use Dcgpofix???
0
 
oBdACommented:
dcgpofix.exe is a normal part of a W2k3 AD installation, in %Systemroot%\system32. You just run it; but as I said, I have no idea how it will react if only the physical folder has been deleted.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
felnyAuthor Commented:
Ok, i could recover the gpo in default setting. now, i have made changes  that don't wokr.

This was exactly what i did... (look at the picture)

What do i have to do for the gpo work in my LAN...
1.JPG
0
 
felnyAuthor Commented:
other
2.JPG
0
 
oBdACommented:
As I said before: your main problems are resulting from your single-label DNS domain name "boxicableweb"; you have no tld like .local, .intra, .whatever after "boxicableweb".
The absolute minimum you'll have to do that might get your domain (and the GPOs) to work in its current state is to follow the KB300684 article I linked above, but you're likely to encounter more problems related to this domain name as time goes on.

So again: Since this seems to be a fairly new installation, I'd recommend to wipe the domain and start from scratch with a proper DNS name; see the other links from my previous answer for details.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now