Solved

Renaming Default Domain and Default Domain Controller Policies

Posted on 2010-08-17
5
1,542 Views
Last Modified: 2012-05-10
Hello, I am trying to troubleshoot slow logon issues with a Windows 2008 R2 Domain. I noticed that both the default domain policy and default domain controller policy have been renamed to Default Domain PolicyDONOTMod and Default Domain Controller PolicyDONOTMod respectively. These policies have also been modified. Should I be renaming these policies back? Are they OK renamed? Should I use the GPOfix tool to repair the policies? Thanks in advance.
0
Comment
Question by:njtreker1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 15

Expert Comment

by:JBond2010
ID: 33456965
To narrow down the root cause:

 1.     Login your DC, open Group Policy Management in the Administrative Tools

2.     Verify whether the problematic GPO is configured correctly.

3.     Run "rsop.msc" on the DC to check whether the problematic GPO is applied correctly.

4.     Go to Group Policy Results, right click it and chose Group Policy Results Wizard, select target server name and user name which you are going to deploy GPO.
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 250 total points
ID: 33457070
The GPOs are referred to with its GUID and not friendly name, so I doubt it's the renaming that is the problem.

Here are some great blog entries about the subject:

http://blogs.technet.com/b/askds/archive/2009/09/23/so-you-have-a-slow-logon-part-1.aspx

http://blogs.technet.com/b/instan/archive/2008/04/17/troubleshooting-the-intermittent-slow-logon-or-slow-startup.aspx

0
 

Author Comment

by:njtreker1
ID: 33457116
I have disabled the suspected GPO and have discovered a dramatic improvement in the logon performance. My main question is whether it is OK to have the default policies renamed.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 33457252
It's a best practice to leave the default domain policy and default domain controller policy alone, but as I said they are not applied with the friendly name. If you look in the userenv.log on i.e. a XP machine the GUID to the GPO is used.

The GUID is not changed if you rename the friendly name.

If you run a RSOP or gpresult the friendly name is reported (in a friendly reading report).
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 250 total points
ID: 33459072
I would have to agree you really want to leave your default domain policy alone you should make changes to new polices that you add. The Default Domain Controller Policy I would 100% leave alone do not rename this policy this is a critical policy to your domain controllers.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
FTP servers in Windows 2008 5 91
Can't ping new computer 17 48
Windows 2008 standard, Disk Cleanup, and Winsxs 30 47
DNS Record Manupluation 11 33
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question