Therefore make sure you have a current back of your default domain so you can easily undo this change if needed (see below). NOTE: Even though we are restoring the default domain GPO’s back to a default setting doing so may still cause more issues. Well the tool that allows you to do this is called DCGPOFIX and it can be found on any Windows Server 2003 or later windows server. Of course you have a backup of the GPO’s which are good and you simply restore them….īUT… You have never backed up the default GPO’s and you need to reset the setting…. So… Lets assume you have done everything wrong and either the Default Domain and/or the Default Domain Controller Group Policy objects have been modified and you want to reset them back. Instead, create a new GPO at the domain level and set it to override the default settings in the default policies. TechNet: Establishing Group Policy Operational Guidelinesĭo not modify the default domain policy or default domain controller policy unless necessary. The only exception I would make to this rule is when you want to modify the default domain password policy but even then you can create a new password policy GPO linked at the domain level (See Tutorial: How to setup Default and Fine Grain Password Policy )Įven if you don’t want to take my word for it here is a reference on the TechNet web site say pretty much the same thing… If you have ever read my Best Practice for Group Policy blog post then you will know that I encourage you to edit the default domain GPO’s sparingly.
0 kommentar(er)
