Solved

Reset the Default Domain Policy GPO

Posted on 2010-11-09
4
2,750 Views
Last Modified: 2012-05-10
Dear All,

I would like to Reset the default settings of “Default Domain Policy” GPO in windows 2008 R2 domain controllers. This is due a lot of settings which we change in this Policy.

Thanks
0
Comment
Question by:Arabsoft_Security
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 8

Accepted Solution

by:
ShareefHuddle earned 125 total points
ID: 34099343
Use dcgpofix.exe it comes with Windows 2008. If you get a schema error follow this KB: http://support.microsoft.com/kb/947053
0
 
LVL 24

Assisted Solution

by:Awinish
Awinish earned 125 total points
ID: 34099446
DCgpofix is used in disaster recovery situation, as running dcgpofix doesn't restore the proper security permission. I haven't tried with windows 2008 R2.

http://support.microsoft.com/kb/833783

I would suggest restore the default GPO from backup or from another DC.

You can use gpotool.exe to check the GPO's are healthy.

http://blogs.technet.com/b/grouppolicy/archive/2008/10/16/restoring-default-domain-policies-to-their-defaults.aspx

Note: MS never recommends to do any settings in default domain & default domain controller policy.


0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 125 total points
ID: 34099534
Just a note about that, if you are running exchange in your environment take a look at these links (you will have to run domainprep again)

http://www.activedir.org/ListArchives/tabid/55/forumid/1/postid/31224/view/topic/Default.aspx
Thread on activedir last year

http://www.frickelsoft.net/blog/?p=25
Good entry by Florian about it.

Thanks
Mike
0
 
LVL 5

Assisted Solution

by:balmasri
balmasri earned 125 total points
ID: 34100075
in your lab, prepare a domain and backup the "Default Domain Policy GPO " and restore it to your domain .

run DcGPOFix [/ignoreschema] [/Target: Domain | DC | Both].  will keep the same settings.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Domain .local to .co.uk 2 54
remote desktop user rights 5 96
Extend C: drive space - Vmware 2 40
Powershell script to get number of reenabled users? 5 33
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question