Re: How safe is dcgpofix.exe?
- From: "Gregg Hill" <bogus@xxxxxxxxxxx>
- Date: Tue, 26 Dec 2006 08:48:38 -0800
When you refer to "security settings" being changed, are you referring to
changes made to the actual Default Domain and Default Domain Controllers
group policies?
If that is what you mean, then there would be no problem, since no changes
were ever made to the Default Domain and Default Domain Controllers group
policies.
Thank you for your help!
Gregg Hill
"Leuchtflux" <ephemeral.strobe@xxxxxxxxx> wrote in message
news:1167132419.516924.183960@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The main problem with it is that dcgpofix will not restore security
settings to the origin where origin is the state that was achieved by
running dcpromo. DCGPOFIX recreates two GPOs that were created by
default and recreates security settings that were created through DC
promotion operation. So if you ran dc promotion right after you
installed the Windows Server 2003 and haven't made any shanges in
security before promoting your server to recieve domain contoller
operation, you'll be returned to original state after running dcgpofix.
If not, and security changes were made, dcgpofix would return you to
this 'changed' state only. See KB833783
(http://support.microsoft.com/kb/833783) for details.
Gregg Hill wrote:
Hello!
I am helping a friend whose Server 2003 Standard single domain controller
had its Default Domain and Default Domain Controllers group policies get
hosed somehow. He noticed it after the server rebooted itself after a
scheduled Windows Update.He went to check the Windows Update settings in
the
GPO, and it is grayed out, even using the domain admin login.
There are no settings within the policies and I would like to reset them
to
their defaults. I do not mean that no settings have been altered, I mean
that Computer Configuration shows No Settings Defined when I do a report
from GPMC. I compared them to a known-good server and they are vastly
different.
I know about the dcgpofix tool, but I have never used it. If I run it on
the
only DC in the domain, what is the overall effect of it? If it restores
the
Default Domain and Default Domain Controllers group policies, does that
have
any effect on AD? I never change the Default Domain and Default Domain
Controllers group policies on my clients' servers because it can cause
recovery problems if I botch a setting, so I assume that recreating the
Default Domain and Default Domain Controllers group policies will just
make
the domain work the way it should, just as though I had just run dcpromo.
Are there any caveats to running this tool?
Thank you!
Gregg Hill
.
- References:
- How safe is dcgpofix.exe?
- From: Gregg Hill
- Re: How safe is dcgpofix.exe?
- From: Leuchtflux
- How safe is dcgpofix.exe?
- Prev by Date: Re: Sync time across forest
- Next by Date: RE: Failover Options and Recommendations
- Previous by thread: Re: How safe is dcgpofix.exe?
- Next by thread: Sync time across forest
- Index(es):
Relevant Pages
|
