Solved

Renaming Default Domain and Default Domain Controller Policies

Posted on 2010-08-17
5
1,569 Views
Last Modified: 2012-05-10
Hello, I am trying to troubleshoot slow logon issues with a Windows 2008 R2 Domain. I noticed that both the default domain policy and default domain controller policy have been renamed to Default Domain PolicyDONOTMod and Default Domain Controller PolicyDONOTMod respectively. These policies have also been modified. Should I be renaming these policies back? Are they OK renamed? Should I use the GPOfix tool to repair the policies? Thanks in advance.
0
Comment
Question by:njtreker1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 15

Expert Comment

by:JBond2010
ID: 33456965
To narrow down the root cause:

 1.     Login your DC, open Group Policy Management in the Administrative Tools

2.     Verify whether the problematic GPO is configured correctly.

3.     Run "rsop.msc" on the DC to check whether the problematic GPO is applied correctly.

4.     Go to Group Policy Results, right click it and chose Group Policy Results Wizard, select target server name and user name which you are going to deploy GPO.
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 250 total points
ID: 33457070
The GPOs are referred to with its GUID and not friendly name, so I doubt it's the renaming that is the problem.

Here are some great blog entries about the subject:

http://blogs.technet.com/b/askds/archive/2009/09/23/so-you-have-a-slow-logon-part-1.aspx

http://blogs.technet.com/b/instan/archive/2008/04/17/troubleshooting-the-intermittent-slow-logon-or-slow-startup.aspx

0
 

Author Comment

by:njtreker1
ID: 33457116
I have disabled the suspected GPO and have discovered a dramatic improvement in the logon performance. My main question is whether it is OK to have the default policies renamed.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 33457252
It's a best practice to leave the default domain policy and default domain controller policy alone, but as I said they are not applied with the friendly name. If you look in the userenv.log on i.e. a XP machine the GUID to the GPO is used.

The GUID is not changed if you rename the friendly name.

If you run a RSOP or gpresult the friendly name is reported (in a friendly reading report).
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 250 total points
ID: 33459072
I would have to agree you really want to leave your default domain policy alone you should make changes to new polices that you add. The Default Domain Controller Policy I would 100% leave alone do not rename this policy this is a critical policy to your domain controllers.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question