[gptalk] Re: Default Domain Policy inaccessible
- From: "James Kagele" <james.kagele@xxxxxxxxx>
- To: gptalk@xxxxxxxxxxxxx
- Date: Sat, 21 Apr 2007 09:58:34 +0200
Piet,
Hi, its James from the (US) but working in Holland. I have my orange
T-shirt on!
I would use this as only a last resort and I think it is only for W2003 --
not 100% sure though. Perhaps someone else in the group knows for sure if
it will work on W2k.
The Recreatedefpol.exe was for W2k (ONLY). Not sure what server version
your DC's are.
Do you have any backups of the GPO's?
Here are some other articles to review before making the decision which
route you want to take.
http://technet2.microsoft.com/WindowsServer/en/library/b9db0ae7-3d25-4e5e-9320-e5db0b0c9f8a1033.mspx?mfr=true
http://support.microsoft.com/default.aspx?kbid=833783
http://support.microsoft.com/kb/226243
James Kagele
On 4/21/07, Robert Mariani <rmariani@xxxxxxxxxxx> wrote:
Piet,
Take a look at this article
http://technet2.microsoft.com/WindowsServer/en/library/06f38ca3-7b67-433d-be24-947a28614c3e1033.mspx?mfr=true
I believe the tool that you are looking for is Dcgpofix.exe - it will
allow you to recreate the default domain policy and default DC policy
Regards
Robert
On Sat, April 21, 2007 1:08 pm, Piet Slaghekke said:
Hello everyone,
I am new to this list! My name is Piet (from Holland) but working at a
small boarding school here in the US.
I am having problems entering my default domain policy (I know, it is bad
practice editing this policy!, I have learned the hard way ) Anyways.... I
had been editing this policy with no problems and all of sudden I get the
message that I don't have the right security privileges to enter this gpo
anymore. So I believe it is corrupt.
I need to make changes to it and would like to recreate the default policy
and then start with the good practice of creating separate gpo's and not
touching the default gpo anymore.
How can I best go by doing this?
thanks in advance for any help I can get on this.
Piet
Other related posts:
