I just got done helping a friend in Mequon with an Exchange server that would no longer work as an Exchange server.
The Exchange services would not start. Fortunately, he had already figured out that a group policy was part of the problem. The IT guy who came before had tried to secure the network by restricting some rights. He changed the “Access this computer over the network” such that “Everyone” was no longer in the list. Now, that sounds like a great idea. Why would Microsoft allow EVERYONE to access this server over the network? Being an Exchange server, however, certain services would not start. We changed the policy back to default and a FEW of the Exchange services worked again.
Next, the AD Topology service would not start. Looking through the event logs and searching for the error codes led me to this… The Domain Controllers policy “Manage auditing and security log” did not include “Exchange Servers” in the permissions. I fixed that, applied the policy to the domain controllers, and we were back to normal – Which is a HUGE relief!
The moral of this little technobabble story is: If you change Group Policy on a Windows domain, be CAREFUL! Document what it was before, what you changed it to, and when you changed it. You may run into unintended consequences!