We inherited a network with badly damaged GPOs across 3 DC's (all WinServ 2016). We receive an "Access Denied" error when using GPOs, and the permissions of the SYSVOL folder show signs of tampering. I have attempted a D2 and D4 restore, following these instructions: https://docs.microsoft.com/en-US/troubleshoot/windows-server/group-policy/force-authoritative-non-authoritative-synchronization
However the issue persists.
The thing is, there are no group policies present other than the default 2. So what I would really like to do is reset the entire GPO system to default, rebuild the SYSVOL folder entirely from scratch to receive default permissions, and then perform another D4 authoritative sync. Is this possible? How can it be done?
Best Answer
That's quite a broad question. Recreating SYSVOL is not just one simple step. Here is the documentation for this whole process: https://docs.microsoft.com/en-us/troubleshoot/windows-server/group-policy/rebuild-sysvol-tree-and-content-in-a-domain
Resetting the default domain policies is much easier. Use the
dcgpofixtool: