Sticky RIS settings in 'Default Domain Policies'?

Recently I faced a tiny issue inside my ‘Default Domain Policy’ which I had to revert the settings back to original configuration in order to fix. The problem however solved with reverting back and reconfiguring the ‘Default Domain Policy’, but after reintroducing ‘Default Domain Policy’ I noticed that there is a hidden configuration which I was not able to remove it. Doing some further investigations, turned out to be nothing but sticky RIS settings.

If you have done a dsgpofix command on your Windows Server 2012 R2 Active Directory, you will notice that all settings can be restored to default configuration, but there is a sticky configuration which belongs to RIS. Image below is what I am talking about:
However the problem is that if you intend to remove this settings, you will not be able to find it on GPMC. Here is an image of GPO tree but as you can see there is no configuration like that:
The solution to this fix is however really easy. You want to find the GUID of the ‘Default Domain Controller’ and using that GUID, start exploring SYSVOL, then simply search for that GUID and you will find the settings inside the folder representing ‘Default Domain Policy’.
Delete the folder and you will be good. 

About Mahdi

Post Archive

Sticky RIS settings in 'Default Domain Policies'?

Written By Mahdi Tehrani on Saturday, 13 January 2018 11:03

Limit Active Directory user login to 1 session

Written By Mahdi Tehrani on Wednesday, 02 August 2017 10:21

The auditor of auditors: 'LepideAuditor Suite'

Written By Mahdi Tehrani on Tuesday, 23 May 2017 10:56

Protect your domain against WannaCry malware

Written By Mahdi Tehrani on Sunday, 14 May 2017 09:42

‘List Object Mode’ in Active Directory, a myth or future settings?

Written By Mahdi Tehrani on Thursday, 13 April 2017 08:47