[gptalk] Re: Default Domain Policy corrupt, with 13

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Fri, 18 Aug 2006 16:44:06 -0700

I've heard that best practice. I'm not sure I agree with it. The best
practice is to always back up your GPOs with GPMC before making a change.
Its true that its probably not a good idea to do things like disable or
delete the Default Domain or Default DC Policy, but not using them is not
really required. In fact, unless you have good change control, creating a
"twin" of the DDP can be confusing to people who come along afterwards.

Darren 

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of randy benson
Sent: Friday, August 18, 2006 1:56 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Default Domain Policy corrupt, with 13

Once you have the situation stabilized, you might want to consider
re-importing the MS default domain policy and leaving it unchanged. I've
been told that Best Practice is to create a new
'MyDomainDefaultDomainPolicy' and making all your customizations in it,
leaving the original Default Domain Policy in place, enabled and not
enforced, so that 'MyDomainDefaultDomainPolicy' customizations override the
OOTB policies.  

My 2 pence, HTH.

Randy Benson
W. R. Benson & Associates
Professional Land Surveyors
Los Angeles, CA 


-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of toddblake@xxxxxxxxxxxx
Sent: Friday, August 18, 2006 11:55 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Default Domain Policy corrupt, with 13

Hi everyone.

I have a problem with our "Default Domain Policy", specifically the user
portion.  We are running both W2K and W2K3 DC's in W2K Native mode.  Below
message appears while trying to edit the GPO on a W2K3 GPMC box.

START*****************
the file
"\\...\policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\User\registry.pol" is
not in a valid format. The file might be corrupt. Use Group Policy Object
Editor to reconfigure the settings in this extension.
END********************

Below is from the Application Log,
START***********************
EventID 1000
Windows cannot access the registry information at
\\...\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\User\registry.pol with
(13).
END*************************

Is there any way I can recover from this, I don't have a useable system
state and this has been happening for months.  I've googled and come up with
alot of hits but none with the (13) error.

Would it be possible for me to rename the registry.pol file and then fire up
GPMC and see if it notices there is no registry.pol, would this create a
blank one for this GP?

Or should I run "DCGPOFIX.EXE /TARGET:DOMAIN" on a W2K3 box and have it
recreate the default policy and then add all the modifications back in?

At this point I can't edit the gpo, it comes back with an "unspecified erro"

Thanks for any suggestions.....

Todd
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/
************************


***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: