Score:1

GPO and SYSVOL reset

pt flag

We inherited a network with badly damaged GPOs across 3 DC's (all WinServ 2016). We receive an "Access Denied" error when using GPOs, and the permissions of the SYSVOL folder show signs of tampering. I have attempted a D2 and D4 restore, following these instructions: https://docs.microsoft.com/en-US/troubleshoot/windows-server/group-policy/force-authoritative-non-authoritative-synchronization

However the issue persists.

The thing is, there are no group policies present other than the default 2. So what I would really like to do is reset the entire GPO system to default, rebuild the SYSVOL folder entirely from scratch to receive default permissions, and then perform another D4 authoritative sync. Is this possible? How can it be done?

cn flag
dcgpofix https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/dcgpofix
joeqwerty avatar
cv flag
This is one of those times when the best course of action is to open a support case with Microsoft. Don't take action that may make things worse, or worse yet, make things unrecoverable.
Score:2
th flag

That's quite a broad question. Recreating SYSVOL is not just one simple step. Here is the documentation for this whole process: https://docs.microsoft.com/en-us/troubleshoot/windows-server/group-policy/rebuild-sysvol-tree-and-content-in-a-domain

Resetting the default domain policies is much easier. Use the dcgpofix tool:

dcgpofix /ignoreschema /target:both
TechnoNewbie avatar
pt flag
Upon running this I receive an error: Unable to create the file or directory C:\Windows\SYSVOL\domain.site\Policies. The system cannot find the path specified. I can confirm that a junction exists at c:\windows\sysvol\domain.site which points to c:\windows\sysvol\domain\
TechnoNewbie avatar
pt flag
I'll proceed with the link to rebuild SYSVOL and report back here.
TechnoNewbie avatar
pt flag
ultimately this answers my question to rebuild sysvol even if the access denied error persists.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.