Eprs_Admin
asked on
Default Domain COntroller Policy issues
Hi Experts,
I need some advise about the DefaultDomainControllerPol icy (DDCP).
At one customer I have seen, this policy was edited.
And of course they have some strange behaviors here with logon of personal domain admin users.
I have a named domain admin user, but I am not able to open DNS or AD or anything else from the administrative tools.
Can you show me the defaults of the DDCP ?
I need some advise about the DefaultDomainControllerPol
At one customer I have seen, this policy was edited.
And of course they have some strange behaviors here with logon of personal domain admin users.
I have a named domain admin user, but I am not able to open DNS or AD or anything else from the administrative tools.
Can you show me the defaults of the DDCP ?
I'm not 100% sure this is the defaults on this site but these are the recommended settings that should be set on both of the default policies.
The sure way to check is to stand up a lab with a new domain to see the default settings.
https://adsecurity.org/?p=3377
I would however recommend tracking down what the issue is rather than think it's a default policy issue as any number of policies could still be applying a setting that is causing the problems.
The sure way to check is to stand up a lab with a new domain to see the default settings.
https://adsecurity.org/?p=3377
I would however recommend tracking down what the issue is rather than think it's a default policy issue as any number of policies could still be applying a setting that is causing the problems.
more importantly, what's the errror you're getting when you try to open it?
ASKER
Someone has denied logging on locally or something by the looks of it.
Go into the event log and check the security log, let me know the details of the failure in there.
Go into the event log and check the security log, let me know the details of the failure in there.
ASKER
Hi Alex,
cannot open the security log, access denied. :-(
cannot open the security log, access denied. :-(
hahahahaha
What have you done to that default domain policy????
Whoever changed it, could you ask them what they changed or anything? I mean realistically you would hope they took a backup of the policy before they broke it in such a way.
What have you done to that default domain policy????
Whoever changed it, could you ask them what they changed or anything? I mean realistically you would hope they took a backup of the policy before they broke it in such a way.
ASKER
yes really strange.
I am a domain admin and cannot open the security log.
I have to solve this crap and nobody did anything, like always :-)
I am a domain admin and cannot open the security log.
I have to solve this crap and nobody did anything, like always :-)
Ok
Run this
Gpresult /h c:\temp\results.html
PM it to me as is. I understand it'll have domains etc in there but I need to see it before I can even try to understand what has happened.
Are you sure that the default domain policy was in fact modified. Everything points to a GPO issue but obviously I need to verify.
Regards
Alex
Run this
Gpresult /h c:\temp\results.html
PM it to me as is. I understand it'll have domains etc in there but I need to see it before I can even try to understand what has happened.
Are you sure that the default domain policy was in fact modified. Everything points to a GPO issue but obviously I need to verify.
Regards
Alex
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I've never seen that command before, Nice!
ASKER
Thanks, I will try the fix.
What if you rightclick e.g. DNS and click run as administrator?
HTH