Default Domain Controllers Policy reverts to previous settings

Giganews Newsgroups
Subject: Default Domain Controllers Policy reverts to previous settings
Posted by:  ke…@visi.com
Date: Tue, 30 Jan 2007

This one is driving me off the deep end, I hope someone has an idea on
this. Our forest is an empty root with three domain under it. In the
domain I manage both DDP and DDCP policies are enforced. Auditng
settings are defined in both policies, not my idea I inherited this
config from previous administrators. What I need to accomplish is
this.

1) Create new auditing policy linked to the domain. (not enforced)
This is to allow sys-admins of member servers to audit aditional
events as needed.
2) Remove all auditng policies from DDP.
3) Set auditing policies for the DCs to prevent event log overfill. So
I need to set a slightly different set of auditing policies in the
DDCP to accomplish this.

Everything worked great in the test forest, doesnt it always. When I
made the change in the production domain I found that the DDCP
auditing settings would revert to their previous settings within an
hour after change. The other DAs assure me that non of them are
running anything to affect the DDCP. At this point I can only assume
that it is something corupt on one of my DCs. I have determined that
there are no morhped folders in any sysvol location.

Domain and forest are at Windows 2000 Native mode.
Domain caontains a mix of Windows 2000 sp4 and Windows 2003 sp1 DCs
(Upgrade starts next year, yeah!)
5 DCs located in my central datacenter where I am at and anothor 90
DCs located around the country.

I am stumped at this point about what to look at next. And of course
managment wants me to exhaust ALL avenues before they will let me open
a case with Microsoft.

Ken Zalewski

Replies