Resources For IT Professionals
Post an article
Wikis - Page Details
  • First published by
  • When: 14 Aug 2011 9:34 AM
  • Last revision by (aMicrosof)
  • When: 29 Nov 2011 7:25 AM
  • Revisions: 4
  • Comments: 1
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  How to Restore Settings if You Accidentally Modify the GPO Permissions and Give Deny Access to Enterprise Admin and Domain Administrators

How to Restore Settings if You Accidentally Modify the GPO Permissions and Give Deny Access to Enterprise Admin and Domain Administrators

How to Restore Settings if You Accidentally Modify the GPO Permissions and Give Deny Access to Enterprise Admin and Domain Administrators


 

Accidentally modified The GPO permission and give deny access to Enterprise admin and domain administrators:

:In my test Environment I simulated the same.

I gave Full deny access to Authenticated users in default domain controller policy.


 

It can be corrected it by  Start Active Directory users and computers(Dsa.msc). Choose View and select advanced features. browse to system \ policies. Select the guid starting with  6AC1 (that the default domain controller policy), open properties and select the security tab. click on advanced. There on the top of the list you should see the Deny permission for Administrator . Double click the entry and remove the "deny" permission.



The Policy looks like above in aduc console.Right click and Select Properties and then select Security to change the ACL:

Look at that. It's coming back:


Then I browse to Sysvol (the path will be like this: \\domain.com\SYSVOL\Domain.com\Policies).


In the security tab of policy, starting with  6AC1, I removed deny permission for the Administrator.

The policy is okay now.








, , [Edit tags]
Leave a Comment
  • Please add 3 and 1 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • 29 Nov 2011 7:25 AM

    Ed Price - MSFT edited Revision 2. Comment: Title, tags, some minor edits

Page 1 of 1 (1 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Posted by
    on 29 Nov 2011 7:25 AM

    Ed Price - MSFT edited Revision 2. Comment: Title, tags, some minor edits

Page 1 of 1 (1 items)