Looking for any ideas, we discovered that our group policies (default policy) was no longer applying our account policies (password age/complexity/history etc). Our DCs still had the local policy locally defined so AD users were still held to the policies, but we can't come up with an explanation for why the settings disappeared.
Any thoughts or suggestions on where to check would be appreciated. We recreated the policies and confirmed they are being distributed across the domain.
Best Answer
GptTmpl.inf is where the security settings are stored, so if that file is not present that would explain why the settings were gone. Hard to determine who or what did this unless you have auditing enabled. Restoring the GPO from backup using Group Policy Management Console is preferred over re-creating it.
I would check the antivirus product to ensure it is excluding that folder (both the actual folder and the network path).
It's possible that if multiple persons are editing the same GPO at the same time, bad things can happen. If there is a conflict, it will appear under the following hidden folder:
C:\windows\sysvol_dfsr\domain\dfsrprivate\conflictanddeleted\
or
C:\windows\sysvol\domain\dfsrprivate\conflictanddeleted\
Use the following to clear the conflicts folder in SYSVOL:
http://blogs.technet.com/b/askds/archive/2008/10/06/manually-clearing-the-conflictanddeleted-folder-in-dfsr.aspx