Computers & ProgrammingComputers & NetworkingWindows Server

Restoring the Default Domain GPOs

If you have reached this article, you probably have made changes to the Default Domain and/or Default Domain Controller group policy object and know you want to restore them back to their original settings.

If you would have followed best practices, rather than modifying these GPOs, you would have created new custom GPOs and linked them to the relevant containers. In any case, if you’ve already modified these GPOs and want to restore the default content, follow these steps:

  • Log on as a domain administrator to a domain controller (DC).
  • Open a command prompt (Start –> Run –> CMD).
  • Reset the GPO(s).
    • To reset the Domain GPO, type: dcgpofix /target:Domain
    • To reset the Default DC GPO, type: dcgpofix /target:DC
    • To reset both the Domain and Default Domain Controller GPOs, type: dcgpofix /target:both
  • After you enter the appropriate command for reseting, enter Y to both prompts.
  • Close the command prompt.

If you type the command dcgpofix /target:both, you should expect to see the following output:

Microsoft(R) Windows(R) Operating System Default Group Policy Restore Utility v5.1


Copyright (C) Microsoft Corporation. 1981-2003

Description: Recreates the Default Group Policy Objects (GPOs) for a domain

Syntax: DcGPOFix [/ignoreschema] [/Target: Domain | DC | BOTH]

This utility can restore either or both the Default Domain policy or the Default Domain Controller policy to the state that exists immediately after a clean install. You must be a domain administrator to perform this operation.

WARNING: YOU WILL LOSE ANY CHANGES YOU HAVE MADE TO THESE GPOs. THIS UTILITY IS INTENDED ONLY FOR DISASTER RECOVERY PURPOSES.

You are about to restore Default Domain policy and Default Domain Controller policy for the following domain


itgeared.com


Do you want to continue: ? Y


WARNING: This operation will replace all 'User Rights Assignments' made in the chosen GPOs. This may render some server applications to fail.


Do you want to continue: ? Y


The Default Domain Policy was restored successfully.

Note: Only the contents of the Default Domain policy was restored. Group Policy links to this Group Policy Object were not altered. By default, the Default Domain policy is linked to the Domain.

The Default Domain Controller policy was restored successfully.

Note: Only the contents of the Default Domain Controller policy was restored. Group Policy links to this Group Policy Object were not altered.

By default, the Default Domain Controller policy is linked to the Domain Controllers OU.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top