none
C:\Windows\SYSVOL Recovery with one DC

    Question

  • So, I manage a small client with a handful of users, and their only Domain Controller recently suffered a ransomware attack.

    We were able to restore all files from backup, except for the SYSVOL folder. The actual folder, not the share.

    Here's my question: If I only have one DC, and the whole SYSVOL folder and all of its subdirectories are rendered absolutely useless, how the heck do I fix that? I've heard everyone talking about the registry key that restores the file share, but sharing useless files is not what I want to do.

    My current option, it seems, is to run dcgpofix in Command Prompt, but I'm having trouble wrapping my head around exactly what it does. Yes, all of our GPOs are scrambled to heck, but I want to know a few things about it before I pull the trigger.

    1: It's supposed to restore the GPOs to their default state, but apparently it doesn't quite do that. So... What's the difference? I could work with the default state, but I don't know if there are any other changes I need to worry about.

    2: It says it will replace all User Rights Assignments in the GPOs. I know that's not file/folder permissions, but it IS things like, you know, being able to log on remotely. How will it change that?

    And given that, how have I been able to log in through RDP and do things as an administrator in normal administrator ways given the state of SYSVOL and Group Policy, and will I still be able to log in after I run this command?

    Thanks in advance for the help.

    Tuesday, October 18, 2016 12:50 AM

Answers

  • > My current option, it seems, is to run dcgpofix in Command Prompt, but
    > I'm having trouble wrapping my head around exactly what it does. Yes,
    > all of our GPOs are scrambled to heck, but I want to know a few things
    > about it before I pull the trigger.
     
    It restores the 2 default policies (DDP/DDCP) to their initial state.
    Nothing else.
     
    Any custom policies are lost.
     
    Tuesday, October 18, 2016 9:40 AM
  • Hi,
    The Sysvol folder is used to deliver the policy and logon scripts to domain members. By default sysvol includes 2 folders
    1.Policies - (Default location - %SystemRoot%\Sysvol\Sysvol\domain_name\Policies)
    2.Scripts - (Default lcation - %SystemRoot%\Sysvol\Sysvol\domain_name\Scripts)
    Under Policies folder all the Group policies which are defined in a particular domain exist. When you create new group policy in your active directory then a set of folder are created under Policies folder.
    After restoring in your case, only DDP and DDCP GPT file can be found under policies folder under Sysvol folder, other GPOs which you configured before will lost. And any settings which are configured in DDP and DDCP GPO, except for default settings will lost, too.
    As you can see the content in the Sysvol folder, based on my knowledge, I doubt that administrator login will be affected
    You could see more details about Sysvol folder from: https://social.technet.microsoft.com/wiki/contents/articles/8548.sysvol-and-netlogon-share-importance-in-active-directory.aspx
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 19, 2016 2:23 AM
    Moderator

All replies

  • > My current option, it seems, is to run dcgpofix in Command Prompt, but
    > I'm having trouble wrapping my head around exactly what it does. Yes,
    > all of our GPOs are scrambled to heck, but I want to know a few things
    > about it before I pull the trigger.
     
    It restores the 2 default policies (DDP/DDCP) to their initial state.
    Nothing else.
     
    Any custom policies are lost.
     
    Tuesday, October 18, 2016 9:40 AM
  • Lost as in deleted, or lost as in unaffected/unfixed? And more to the point, will  it affect my ability to log in remotely, if I'm using an administrator account?
    Tuesday, October 18, 2016 6:31 PM
  • Hi,
    The Sysvol folder is used to deliver the policy and logon scripts to domain members. By default sysvol includes 2 folders
    1.Policies - (Default location - %SystemRoot%\Sysvol\Sysvol\domain_name\Policies)
    2.Scripts - (Default lcation - %SystemRoot%\Sysvol\Sysvol\domain_name\Scripts)
    Under Policies folder all the Group policies which are defined in a particular domain exist. When you create new group policy in your active directory then a set of folder are created under Policies folder.
    After restoring in your case, only DDP and DDCP GPT file can be found under policies folder under Sysvol folder, other GPOs which you configured before will lost. And any settings which are configured in DDP and DDCP GPO, except for default settings will lost, too.
    As you can see the content in the Sysvol folder, based on my knowledge, I doubt that administrator login will be affected
    You could see more details about Sysvol folder from: https://social.technet.microsoft.com/wiki/contents/articles/8548.sysvol-and-netlogon-share-importance-in-active-directory.aspx
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 19, 2016 2:23 AM
    Moderator
  • Hi,

    I am checking how the issue going, if you still have any questions, please feel free to contact us.

    Appreciate for your feedback.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 24, 2016 9:41 AM
    Moderator