Reset the Default Domain Policy GPO

Dear All,

I would like to Reset the default settings of “Default Domain Policy” GPO in windows 2008 R2 domain controllers. This is due a lot of settings which we change in this Policy.

Thanks
Arabsoft_SecurityAsked:
Who is Participating?
 
ShareefHuddleConnect With a Mentor Commented:
Use dcgpofix.exe it comes with Windows 2008. If you get a schema error follow this KB: http://support.microsoft.com/kb/947053
0
 
AwinishConnect With a Mentor Commented:
DCgpofix is used in disaster recovery situation, as running dcgpofix doesn't restore the proper security permission. I haven't tried with windows 2008 R2.

http://support.microsoft.com/kb/833783

I would suggest restore the default GPO from backup or from another DC.

You can use gpotool.exe to check the GPO's are healthy.

http://blogs.technet.com/b/grouppolicy/archive/2008/10/16/restoring-default-domain-policies-to-their-defaults.aspx

Note: MS never recommends to do any settings in default domain & default domain controller policy.


0
 
Mike KlineConnect With a Mentor Commented:
Just a note about that, if you are running exchange in your environment take a look at these links (you will have to run domainprep again)

http://www.activedir.org/ListArchives/tabid/55/forumid/1/postid/31224/view/topic/Default.aspx
Thread on activedir last year

http://www.frickelsoft.net/blog/?p=25
Good entry by Florian about it.

Thanks
Mike
0
 
balmasriConnect With a Mentor Commented:
in your lab, prepare a domain and backup the "Default Domain Policy GPO " and restore it to your domain .

run DcGPOFix [/ignoreschema] [/Target: Domain | DC | Both].  will keep the same settings.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.