14 April, 2015

What Happens When You Run DCGPOFIX ?


Ever wonder what happens when you run DCGPOFIX on a Domain Controller ?

DCGPOFIX is use to Recreate the Default Group Policies (Default Domain Controller and Default Domain Policy)

Once we run DCGPOFIX, we see that the Group Policies has been recreated. But what happens in the background. Lets See....

Currently, I am running DCGPOFIX for Default Domain Controller Policy



To understand the background, we will run Procmon (Process Monitor)

So, the first thing what DCGPOFIX will do is to take all the default settings from the "DefltDC.INF" file



Lets confirm... The DefltDC.INF file will have all the Default Security Settings for the Domain Controller Group Policy

 
 
Next, it will write the progress in a log file"scedcpro.log"
(C:\Windows\Security\Logs\scedcpro.log)



It will now write the changes in the Security Database "secedit.edb"  (C:\Windows\Security\Database\secedit.edb)



And Finally will create the Group Policy in SYSVOL