Friday, May 29, 2009

How do we restore deleted Group Policy Object files on Windows Server?

How do we restore deleted Group Policy Object files on Windows Server?
A GPO is a container for policies that are applied to your domain. Each GPO is assigned a GUID and is stored at %SystemRoot%\Sysvol\Sysvol\DomainDirectory\Policies.
If you delete a GPO, the GUID folder is removed from the Sysvol.
To recover a deleted GPO:
01. Restart you computer and Press F8 to select Directory Services Restore

02. Logon as Administrator, using the Directory Services Restore Mode password.
03. Create a temporary folder on the root of %SystemDrive%.
04. Start /run / ntbackup / OK.
05. Select the Restore tab.
06. Select the proper backup media.
07. Check the System State box.
08. In the Restore Files to box, select Alternate location.
09. Press Browse and select the temporary folder from step 03.
10. Press OK.
11. Press Start Restore.
12. When the restore finishes, restart you server normally.
13. Start /run / dsa.msc / OK.
14. Right-click the appropriate domain name and press Properties.
15. Select the Group Policy tab.
16. Press New to create a new GPO.
17. Rename the new GPO and open its' Properties to write down the GUID.
18. Press OK and Close.
19. Close the Active Directory Users and Computers snap-in.
20. Open the temporary folder (step 03) that contains the restored System State data and navigate to:
SysVol\SystemDriveLetter\Winnt\Sysvol\Domain\Policies.
21. Locate the GUID of the GPO you want to restore.
22. Delete all the files in %SystemRoot%\Sysvol\Sysvol\DomainDirectory\Policies\GUID from step 17.
23. Copy all the policy files from the old GPO (step 21) to %SystemRoot%\Sysvol\Sysvol\DomainDirectory\Policies\GUID from step 17.
24. Restart your server normally.

DHCP Server provided IP & DNS properly to clients, but later only DNS IP gets changing to someother IP

Problem: DHCP Server provided IP & DNS properly to clients, but later only DNS IP gets changing to someother IP

Solution:

1. Use a network Analyzer, DHCPfind tool,Network Analyzer Tool (WIRESHARK) & find out, is there any other DHCP servers exist in Network with that DNS IP.

2. Else it will be virus,
3. Verify the logs in DHCP Server too ( C:\WINDOWS\SYSTEM32\DHCP)

Reset security policies on system.

You are facing issues after OS hardening and you want to revert the security policies back,

Eg: OWA issue on mailbox server after OS hardening or server accessibility issues after hardening.
below is the command which is useful
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose