JSI Tip 6493. Window Server 2003 Default Group Policy Restore Utility v5.1.

Jerold Schulman

March 30, 2003

2 Min Read
ITPro Today logo

NOTE: For Windows 2000, see 8061 The Windows 2000 Default Policy Restore Tool.

I had just destroyed my Default Domain Controller Group Policy, and the standard Windows 2000 Server methods for recovery where NOT fixing my problem.

Prior to restoring, I searched the local Help and Support and discovered Dcgpofix, which fixed myproblem:

Restores the default Group Policy objects to their original state (that is, the default state after initial installation).


This tool can restore default domain policy and default domain controllers policy to their original state after installation. When you run dcgpofix, you will lose any changes made to these Group Policy objects.
By specifying the /ignoreschema parameter, you can enable Dcgpofix.exe to work with different versions of Active Directory. However, default policy objects might not be restored to their original state. To ensure compatibility, use the version of Dcgpofix.exe that is installed with the current operating system.


dcgpofix [/ignoreschema][/target: {domain | dc | both}]


Optional. Ignores the Active Directory schema version number.

/target: {domain | dc | both}
Optional. Specifies the target domain, domain controller, or both. If you do not specify /target, dcgpofix uses both by default.


You must be a domain or enterprise Administrator to use this tool.

Dcgpofix.exe checks the Active Directory schema version number to ensure compatibility between the version of Dcgpofix you are using and the Active Directory schema configuration. If the versions are not compatible, Dcgpofix.exe will not run.

The following extension settings are maintained in a default Group Policy object: Remote Installation Services (RIS), security settings, and Encrypting File System (EFS).

The following extension settings are not maintained or restored in a default Group Policy object: Software Installation, Internet Explorer maintenance, scripts, folder redirection, and administrative templates.

The following changes are not maintained or restored in a default Group Policy object: Security settings made by Exchange 2000 Setup, security settings migrated to default Group Policy during an upgrade from Windows NT to Windows 2000, and policy object changes made through Systems Management Server (SMS).

You can run this tool only on servers running the Windows Server 2003 family.


The following example shows how you can use the dcgpofix command to restore the default domain policy object:

dcgpofix /target: domain

NOTE: See 7962 The Dcgpofix tool does not restore security settings in the Default Domain Controller Policy to their original state.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like