So, I manage a small client with a handful of users, and their only Domain Controller recently suffered a ransomware attack.
We were able to restore all files from backup, except for the SYSVOL folder. The actual folder, not the share.
Here's my question: If I only have one DC, and the whole SYSVOL folder and all of its subdirectories are rendered absolutely useless, how the heck do I fix that? I've heard everyone talking about the registry key that restores the file share, but sharing useless files is not what I want to do.
My current option, it seems, is to run dcgpofix in Command Prompt, but I'm having trouble wrapping my head around exactly what it does. Yes, all of our GPOs are scrambled to heck, but I want to know a few things about it before I pull the trigger.
1: It's supposed to restore the GPOs to their default state, but apparently it doesn'tquite do that. So... What's the difference? I could work with the default state, but I don't know if there are any other changes I need to worry about.
2: It says it will replace all User Rights Assignments in the GPOs. I know that's not file/folder permissions, but it IS things like, you know, being able to log on remotely. How will it change that?
And given that, how have I been able to log in through RDP and do things as an administrator in normal administrator ways given the state of SYSVOL and Group Policy, and will I still be able to log in after I run this command?
Thanks in advance for the help.