Solved

The GPO are not working

Posted on 2008-11-03
6
499 Views
Last Modified: 2011-10-19
I've intalled windows 2003 server, but since the beginning, the GPO has never, ever works.

there was 3 gpo in this directory. But i've deleted all of them.
\\Boxiserver\SYSVOL\BOXICABLEWEB\Policies

There is a problem with the domain. Somentimes drop the conecction with the clientes, sometimes never load the computers, never load the wallpaper, desktop backgrown, let the user change propierties, doen't load the networ mapp.

I need to know step by step how to recover my GPO, and to be running the GPO in my LAN.


1.JPG
2.JPG
3.JPG
0
Comment
Question by:felny
  • 3
  • 3
6 Comments
 
LVL 83

Expert Comment

by:oBdA
ID: 22867810
To start with: Deleting folders from the Policies folder in the Sysvol was a *really* bad idea. You've deleted the folders for the Default Domain Policy as well as the Default Domain Controllers policy, but the references to those policies are still in AD. Restore these folders from backup. If you don't have a backup, you can try your luck with the dcgpofix tool.
The Dcgpofix tool does not restore security settings in the Default Domain Controller Policy to their original state
http://support.microsoft.com/kb/833783
Policies should only be managed through the GPMC, not on their physical locations.

All that aside, your main problems are resulting from your single-label DNS domain name "boxicableweb"; you have no tld like local., .intra, .whatever after boxicableweb. The domain can be reconfigured to allow for this, but you can expect other strange effects if you continue with this name.
Information about configuring Windows for domains with single-label DNS names
http://support.microsoft.com/kb/300684

Since this seems to be a fairly new installation, I'd recommend to wipe the domain and start from scratch with a proper DNS name; note that the 296250 article, despite the title, applies to most AD domains, not only SBS.

The Domain Name System name recommendations for Small Business Server 2000 and Windows Small Business Server 2003
http://support.microsoft.com/kb/296250

10 DNS Errors That Will Kill Your Network
http://redmondmag.com/features/article.asp?EditorialsID=413

Frequently asked questions about Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
0
 
LVL 2

Author Comment

by:felny
ID: 22922421
Ok, your answer is full complety.

I have deleted the gpo. Can you tell me how can i restore the default GPO? I mean, how can i used to work with Dcgpofix tool? Where can i get it?

I couldn't recover my last gpo, but it doesn't matther to return the default, because likewise, the last  never work.

Can you tell me step by step how to use Dcgpofix???
0
 
LVL 83

Expert Comment

by:oBdA
ID: 22922658
dcgpofix.exe is a normal part of a W2k3 AD installation, in %Systemroot%\system32. You just run it; but as I said, I have no idea how it will react if only the physical folder has been deleted.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 2

Author Comment

by:felny
ID: 22931925
Ok, i could recover the gpo in default setting. now, i have made changes  that don't wokr.

This was exactly what i did... (look at the picture)

What do i have to do for the gpo work in my LAN...
1.JPG
0
 
LVL 2

Author Comment

by:felny
ID: 22931929
other
2.JPG
0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 22932468
As I said before: your main problems are resulting from your single-label DNS domain name "boxicableweb"; you have no tld like .local, .intra, .whatever after "boxicableweb".
The absolute minimum you'll have to do that might get your domain (and the GPOs) to work in its current state is to follow the KB300684 article I linked above, but you're likely to encounter more problems related to this domain name as time goes on.

So again: Since this seems to be a fairly new installation, I'd recommend to wipe the domain and start from scratch with a proper DNS name; see the other links from my previous answer for details.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Learn about cloud computing and its benefits for small business owners.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now