A: Microsoft provides the Dcgpofix (dcgpofix.exe) utility in Windows Server 2008 and Windows Server 2003 that let you reset the default domain and default domain controllers policies to their original states. You must be logged in as a domain or enterprise administrator to run the tool.
 |
Click to expand |
When you run the tool, you'll lose all changes you made to the Default Domain Policy and Default Domain Controllers Policy after you brought the first DC in your domain online. Be aware that the tool doesn't return the security settings in the Default Domain Controllers Policy to their original states. As such, Microsoft advises you manually check the security settings in the Default Domain Controllers Policy after you run the tool. See this Microsoft article for more details.
As a general best practice, you should always have a backup of the Default Domain Policy and Default Domain Controllers Policy and use Dcgpofix only as a last resort. You can easily backup and restore Group Policy Objects from Group Policy Management Console (GPMC), as shown here for a backup of the Default Domain Controllers Policy.