I'm really frustrated with this ongoing issue. I've been making changes to our Default Domain policy, but after a few days to a week, they always revert back to their previous settings. The logs show that 'SYSTEM' is making these changes, but I've ruled out Silverfort and other third-party apps. I don't think it's related to Azure either. Anyone have any ideas on what's causing this? I'm open to any wild theories or suggestions!
3 Answers
You might want to look into potential replication issues within your Active Directory. Here's a useful link that might help diagnose if there are any replication failures: https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/diagnose-replication-failures. Also, check if you have automated backups or restores happening on your domain controllers or sysvol share—it could be resetting the policies too.
Thanks mate, great suggestion!
Have you checked the local security policies on your domain controllers? Those could be causing the defaults to reset when they apply.
Another good suggestion, I'll look into it.
It seems like you're modifying the default policy directly, which isn't ideal. You should actually copy it and make your modifications to create a company-specific policy instead. Keeping the default as standard as possible is crucial for recovery purposes. If you're still seeing the 'SYSTEM' changes, it likely indicates AD is reverting it autonomously. And don't forget to check your "Inheritance Stack" to see if other GPOs are overriding it.
Replication was my first instinct too.