Recreating Default Domain and Domain Controller Group Policy Objects

from here: http://technet.microsoft.com/en-us/library/cc739095(WS.10).aspx

Works with Windows Server Versions 2008, 2008 R2, and 2012 as well.

Default Group Policy objects become corrupted: disaster recovery

6 out of 9 rated this helpful – Rate this topic

Updated: March 2, 2005

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The default domain GPOs become corrupted and there are no GPO backups for the Default Domain Policy GPO and Default Domain Controller Policy GPO.

Cause

The default domain GPOs are corrupted (for example, because of misconfiguration) and you do not have backed up versions of the Default Domain Policy GPO or the Default Domain Controller Policy GPO.

Solution

If you are in a disaster recovery scenario, you may consider using the Dcgpofix tool. If you use the Dcgpofix tool, it is strongly recommended that as soon as you run it, you review the security settings in these GPOs and manually adjust the security settings to suit your requirements.

Dcgpofix restores the default Group Policy objects to their original default state after initial installation of a domain controller. The Dcgpofix tool recreates the two default Group Policy objects and creates the settings based on the operations that are performed only during Dcpromo. It is important to understand that Dcgpofix does not restore the security settings to the state they were in before you run Dcpromo.

ImportantImportant
The Dcgpofix tool is intended for use only as a last-resort disaster-recovery tool.To create regular backups of the default domain and all other GPOs, you must use Group Policy Management Console (GPMC).

It is also recommended that you backup the Sysvol directory with a regularly scheduled backup procedure.

 

To run Dcgpofix

  • Type the following at the command prompt: dcgpofix [/ignoreschema][/target: {domain | dc | both}]

Where:

/ignoreschema is an optional parameter. If you set this parameter, the Active Directory schema version number is ignored.

/target: {domain | dc | both} is an optional parameter that specifies the target domain, domain controller, or both. If you do not specify /target, dcgpofix uses both by default.

noteNote
Dcgpofix.exe is located in the C:\Windows\Repair folder.You must be a domain or enterprise Administrator to use this tool.

Dcgpofix.exe checks the Active Directory schema version number to ensure compatibility between the version of Dcgpofix you are using and the Active Directory schema configuration. If the versions are not compatible, Dcgpofix.exe does not run.

The following extension settings are maintained in a default Group Policy object: Remote Installation Services (RIS), security settings, and Encrypting File System (EFS). The following extension settings are not maintained or restored in a default Group Policy object: Software Installation, Internet Explorer maintenance, scripts, folder redirection, and administrative templates.

The following changes are not maintained or restored in a default Group Policy object: Security settings made by Exchange 2000 Setup, security settings migrated to default Group Policy during an upgrade from Windows NT to Windows 2000, and policy object changes made through Systems Management Server (SMS).

You can run this tool only on servers running the Windows Server 2003 family.

 

For more information about using GPMC to back up and restore GPOs, see the Administering Group Policy with the GPMC white paper on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=17528).

For more information about restoring system state data by using the Backup utility in Windows Server 2003, see Backing Up and Recovering Data on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=22347).

For more information about managing the Sysvol directory, see Best Practices for Sysvol Maintenance on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=39986).

For more information about use of Dcgpofix, see The Dcgpofix tool does not restore security settings in the Default Domain Controller Policy to their original state on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=35269).

BootCamp Brightness in Windows 7 and 8

If it seems like you just can’t get the screen bright enough, try this:

The problem is due to Adaptive Brightness.

 

This is what you need to do if the screen does not go past a certain brightness level on Windows 7 or Windows 8.

 

  1. Go to the Start bar on the Desktop and move your mouse all the way to the right to find the Battery icon.
  2. Click the battery icon. A little popup box should show up. Click “More Power Options”
  3. Select your plan and click “Change Plan Settings”
  4. Click “Change Advanced Power Settings”
  5. Scroll down to Display and click the little + sign next to it.
  6. Scroll down to “Enable Adaptive Brightness” and click the little + sign next to it.
  7. Change “On Battery” and “Plugged In” to make sure it is Off for both of them.

source: https://discussions.apple.com/thread/2669574?start=120&tstart=0

Office 2013 now transferable

In a response to user outcry, Microsoft has made Office 2013 licenses transferable.

Specifics:

Updated transferability provision to the Retail License Terms of the Software License Agreement for Microsoft Office 2013 Desktop Application Software:

Can I transfer the software to another computer or user? You may transfer the software to another computer that belongs to you, but not more than one time every 90 days (except due to hardware failure, in which case you may transfer sooner). If you transfer the software to another computer, that other computer becomes the “licensed computer.” You may also transfer the software (together with the license) to a computer owned by someone else if a) you are the first licensed user of the software and b) the new user agrees to the terms of this agreement before the transfer. Any time you transfer the software to a new computer, you must remove the software from the prior computer and you may not retain any copies.

reposted from: http://blogs.office.com/b/office-news/archive/2013/03/06/office-2013-retail-license-agreement-now-transferable.aspx

Cisco VPN Client and Windows 8

I found this while trying to get a Cisco ASA vpn tunnel up.  For some reason the secure mobility anyconnect tunnel would not encapsulate dns or dhcp traffic. This prevented me from being able to access my domain.  I figured I’d give the 64-bit legacy client a try and after the fix below, it worked fine.  Here is what you need to do after you install the legacy client to get it to work.

Reposted from: http://social.msdn.microsoft.com/Forums/en-US/windowsdeveloperpreviewgeneral/thread/6fe817f3-27fe-4068-995a-aced4508ee3e/

Avatar of Raman-MSFT
Microsoft

25 Points

 Answered
Sign In to Vote

3

Hi Everyone,

Just to update, the legacy Cisco VPN client (5.0.07.0440 for x64, 5.0.07.0410 for x86) is working for some people. You need to apply a small workaround as explained below –

 

·    Open Registry editor by typingregedit in Run prompt

·    Browse to the Registry Key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CVirtA

·    Select the DisplayName to modify, and remove the leading characters from the value data upto “%;” i.e.

o    For x86, change the value data from something like “@oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter” to “Cisco Systems VPN Adapter”

o    For x64, change the value data from something like “@oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter for 64-bit Windows” to “Cisco Systems VPN Adapter for 64-bit Windows”

·    Try connecting again

 

Please do revert back if this solution does not work.

 

Regards,

Raman