Solved

Renaming Default Domain and Default Domain Controller Policies

Posted on 2010-08-17
5
1,485 Views
Last Modified: 2012-05-10
Hello, I am trying to troubleshoot slow logon issues with a Windows 2008 R2 Domain. I noticed that both the default domain policy and default domain controller policy have been renamed to Default Domain PolicyDONOTMod and Default Domain Controller PolicyDONOTMod respectively. These policies have also been modified. Should I be renaming these policies back? Are they OK renamed? Should I use the GPOfix tool to repair the policies? Thanks in advance.
0
Comment
Question by:njtreker1
5 Comments
 
LVL 15

Expert Comment

by:JBond2010
ID: 33456965
To narrow down the root cause:

 1.     Login your DC, open Group Policy Management in the Administrative Tools

2.     Verify whether the problematic GPO is configured correctly.

3.     Run "rsop.msc" on the DC to check whether the problematic GPO is applied correctly.

4.     Go to Group Policy Results, right click it and chose Group Policy Results Wizard, select target server name and user name which you are going to deploy GPO.
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 250 total points
ID: 33457070
The GPOs are referred to with its GUID and not friendly name, so I doubt it's the renaming that is the problem.

Here are some great blog entries about the subject:

http://blogs.technet.com/b/askds/archive/2009/09/23/so-you-have-a-slow-logon-part-1.aspx

http://blogs.technet.com/b/instan/archive/2008/04/17/troubleshooting-the-intermittent-slow-logon-or-slow-startup.aspx

0
 

Author Comment

by:njtreker1
ID: 33457116
I have disabled the suspected GPO and have discovered a dramatic improvement in the logon performance. My main question is whether it is OK to have the default policies renamed.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 33457252
It's a best practice to leave the default domain policy and default domain controller policy alone, but as I said they are not applied with the friendly name. If you look in the userenv.log on i.e. a XP machine the GUID to the GPO is used.

The GUID is not changed if you rename the friendly name.

If you run a RSOP or gpresult the friendly name is reported (in a friendly reading report).
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 250 total points
ID: 33459072
I would have to agree you really want to leave your default domain policy alone you should make changes to new polices that you add. The Default Domain Controller Policy I would 100% leave alone do not rename this policy this is a critical policy to your domain controllers.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question