Restoring the Default Domain Policy

It’s a best practice not to alter the Default Domain Policy. The default settings in this policy are intended for all users and computers within the domain. By altering this the environment becomes unstable and unpredictable.

Recently I was troubleshooting a new environment.  There where all sorts of strange policy behavior. While I was browsing thru the domain I found that the Default Domain Policy was renamed and the default rights where also altered.

I wanted to restore the Default Domain Policy but preserve the settings that where set.

First I created an backup of the altered Policy and I saved the settings in an html report for future reference.
The next step is to open an command prompt and execute the following command:

dcgpofix /target: Domain

You can use the same command to restore the Default Domain Controller Policy, but then you use the following parameter:

dcgpofix /target: DC

In the case that you need to restore both the Default Domain Policy and the Default Domain Controller Policy you use the following parameter:

dcgpofix /target: Both

After you execute this command you need to confirm your choice. After that you can restore or recreate the policy settings in a new policy.

dcgpofix