You’ve made changes to the Default Domain Security Policy, Default Domain Controller Security Policy, or both, and now want to reset them to their original configuration.
This tool can be run only from a Windows Server 2003 domain controller.
The following command
would replace both the Default
Domain Security Policy and Default Domain Controller Security Policy.
You can specify
Both, to only restore one or the other.
> dcgpofix /target:Both
Note that this must be run from a domain controller in the target domain where you want to reset the GPO.
If you’ve ever made changes to the default GPOs and
would like to revert back to the original settings, the
is your solution.
works with a particular version of the schema. If the version it
expects to be current is different from what is in Active Directory,
it will not restore the GPOs. You can work around this by using
switch, which will restore the GPO according to the
dcgpofix thinks is
current. The only time you might experience this issue is if you
install a service pack on a domain controller (dc1) that extends the
schema, but have not installed it yet on a second domain controller
(dc2). If you try to run
dcgpofix from dc2,
you will receive the error since a new version of the schema and
utility was installed on dc1.