Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Reseting default GPO and AD permissions

Status
Not open for further replies.
yizhar

yizhar

MIS
Sep 1, 2001
2,282
IL
HI.

*** Background:
A small network - 2 * W2K SP3 servers both acting as DC, both upgraded from NT4 several month ago.
About 30 workstations (Win95,98,2000,XP).
Single site: all servers + workstations in the same LAN.

The servers had many problems with AD replication for a long time, so I was asked to help (I work for solution provider, I'm not the administrator there).

After several hours of investigation trial and error, I found the main problem was missing permissions on the AD itself and I added permissions for "ENTERPRISE DOMAIN CONTROLLERS" using AD Users and Computers.

Now the main problems are fixed, but there are still some minor issues that I would like to ask about, to prepare for my next visit there.

*** Questions:
1) The AD permissions were corrupted and changed manually, I think that the corruption was at the top level of the domain (and inherited to child objects), but I'm not sure.
The question is:
Is there a tool/method to reset AD permission to default values?
The only way I can think of is to manualy compare the permissions on each container (there are only few of them as in a default AD install with single domain) to a sample clean install that I can make on a test server (my laptop).

2) During trial and error that was done some time ago by other people the "Default Domain" and "Default Domain Controllers" GPO were deleted and replaced with new manually edited GPO objects.
The question is: Is there a tool/method to reset GPO with default settings?
(There were no custom settings in GPO so there is no problem to delete the current GPO objects).

Thanks for any tips.


Yizhar Hurwitz
 
Sort by date Sort by votes
HI.

> You might be able to use ldp.exe to make changes in AD
It does not seem to help.
What can I do with ldp.exe that can be done via normal usage of AD Users and Computers regarding my issue on a simple single domain scenario?

> This article shows how to restore default security settings via Security Config & Analysis snap-in
I've done that already but it does not seem to touch AD permissions - only NTFS file system and registry settings.

Or have I missed something?

Anyway thanks for your comments.



Yizhar Hurwitz
 
Upvote 0 Downvote
The short answer is that, no, there is no way to reset AD permissions back to default.

What you have above are ways to reset NTFS permissions and the group policies themselves.

Windows 2003 comes with a command line switch to recreate the group policies automatically, so Q267553 and Q226243 are kinda deprecated for the latest OS.

/Siddharth
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
292
suncit
suncit
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
136
DrB0b
DrB0b
ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
144
technome
technome
on3mansh0w
  • Locked
  • Question
[HELP] AD GPO not applied unexpectedly
Replies
0
Views
110
on3mansh0w
on3mansh0w
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
108
RRankin355
RRankin355

Part and Inventory Search

Sponsor

Back
Top