Group policy  failed to open Domain Controller policy and domain policy,

Posted on 2011-04-23
Medium Priority
Last Modified: 2012-05-11
th system path cannot find , how to rebuild default domain controller policy and default domain policy
Question by:harispm

Accepted Solution

ashutoshsapre earned 2000 total points
ID: 35455964
Did you check if they actually exists? Check if the permissions are messed up.
Unique ID for the policies are:
{31B2F340-016D-11D2-945F-00C04FB984F9} - Default Domain Policy
{6AC1786C-016F-11D2-945F-00C04FB984F9} - Default Domain Controllers Policy

You can also create a dummy domain, and copy the Default Domain Policy and Default Domain Controller Policy folders from that domain to this domain. The folder name for these two policies are same in any AD environment.

You can use DCGPOFIX tool. But use this as the last resort.
The Dcgpofix tool does not restore security settings in the Default Domain Controller Policy to their original state

Author Comment

ID: 35465557
I used DCGPfix tool , it is working now
LVL 74

Expert Comment

by:Glen Knight
ID: 37485306
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question