Corrupt registry.pol in Default Domain Policy


  • Hello,

    We are currently experiencing some issues with our Windows Server 2008 R2 DC.  For weeks we've been seeing the following message on the settings tab of the Group Policy Management console for the Default Domain Policy under COMPUTER CONFIGURATION > ADMINISTRATIVE TEMPLATES:

    An error has occurred while collecting data for Administrative Templates.

    The following errors were encountered:
    The file "\\DC01.corp.<MyDomain>.com\sysvol\corp.<MyDomain>.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol" is not in a valid format. The file might be corrupt. Use Group Policy Object Editor to reconfigure the settings in this extension.

    Despite running DCGPOFIX /target:Domain, this error does not go away.  Any advice on how we can repair/replace the registry.pol file?

    Many Thanks!


    Friday, March 05, 2010 6:58 PM


All replies

  • Would it be safe to copy the registry.pol from another machine?

    That policy was essentially untouched and had the out-of-the-box settings.
    Thursday, March 11, 2010 9:24 PM
  • Hi

    May be the reason of this corruption is the your antivirus you should exclude this path from virus scanning, please exclude it and then try to use DCGPOFIX again , don’t copy the registry.pol from another machine, please refer to the below articles to exclude this file from scanning and another one providing hot  fix   

   (hot fix for windows 2000)

    Sunday, March 14, 2010 10:24 AM
  • Hello,

    this seems to be a known error:

    Make sure the GPO settings are applied with rsop.msc and that you still can edit them when the GPO is opened.
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Sunday, March 14, 2010 5:07 PM
  • Please try out this KB with hotfix to resolve the above mentioned problem.

    Monday, November 08, 2010 6:12 AM
  • Make sure you have not enabled the Certificate Services Client - Certificate Enrollment Policy on the default domain GPO under Public key Policies. 

    I can confirm this will cause the above problem without fail. 

    Try it yourself. Turn it off if you enabled it. Refresh the policy view. Everything is back. 

    Turn it on and the registry.pol error comes back straight away! 

    You need to turn it off on both the Computer and user configuration. 


    Sort it out Microsoft this is a ridiculous bug. Added to which there are hundreds or forum entries about this on the web and all of them point to the wrong fix and AV settings and restoring the default policy settings etc. 


    If this works for you please reply here so we can get this cleared up. 



    • Proposed as answer by Scorpio_1357 Tuesday, March 08, 2011 6:43 AM
    Thursday, January 20, 2011 2:54 PM
  • Hi All,


    By disabling the Certificate Services Client - Certificate Enrollment Policy on the default domain GPO under Public key Policies. 

    This works no need to restore or fix the GP



    Niraj Mehta

    Regards Niraj Mehta
    Tuesday, March 08, 2011 6:44 AM
  • I confirmed Rob Delany's solution. It worked for me. Thanks.

    • Proposed as answer by commike Tuesday, June 21, 2011 1:48 PM
    • Unproposed as answer by commike Tuesday, June 21, 2011 1:48 PM
    Tuesday, June 21, 2011 1:47 PM
  • Rob Delany's solution worked for me too. Thanks

    Wednesday, September 14, 2011 7:45 PM
  • Sort it out Microsoft this is a ridiculous bug.


    There is now a hotfix:

    "You receive a "registry.pol" corruption error in Windows Server 2008 R2 and in Windows 7 if you enable the "Certificate Services Client – Certificate Enrollment Policy" policy"

    Thursday, February 23, 2012 8:55 AM
  • I have this error as well, however when I go to click the "edit" for Default domain policy I get a permissions error. I am the domain admin and have checked all permissions on the policy under Sysvol and everything is OK, all allow, no Deny. I can change/edit other policies just fine.

    This started happening after I changed the Default Domain Policy to include some PKI certificates and I see that has something to do with the registry.pol error so I can only assume it is causing my permissions problem as well? Nothing else has changed since it was working last.

    Any advice on how to implement this hotfix if I cannot "edit" the domain policy under GPMC? (I have also tried to backup the policy and restore it with no luck). Maybe change the key in registry for the Certificate Services Client???

    Thank You

    Monday, March 11, 2013 2:15 PM
  • Rob Delany, you are the man! Fixed my problem.

    And here is the kicker. I went back in, and enabled the Certificate Enrollment Policy again, and the problem did NOT reoccur, so now I have all settings as before, and a working Admin template view.



    Monday, April 01, 2013 2:12 PM