Re: Help with GPO problem! PLEASE!!
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 22 Sep 2005 22:08:48 -0500
What I mean by a new GPO is not one to replace one of the default GPO's but
an additional one. The procedure differs depending on if you have the Group
Policy Man Console or not. If you don't use GPMC then open ADUC to select
the domain or an Organizational Unit, right click and select properties,
select Group Policy, select new and choose a name for your new Group Policy.
If you are using GPMC open it, select the domain or an OU, right click and
select create an link a GPO here. You should also be able to access the
sysvol share in My Network Places and drill down to the Group Polices and
all the subfolders including opening the registry.pol file in the machine
folder for the default domain policy that starts with 31B2F... You should be
able to open it with notepad though it will look like gibberish text with
the exception of the top line might display
\software\polices\Microsoft\systemcertificates. --- Steve
"Adam" <Adam@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1D25114E-F7A8-49C7-9DA1-78C14F3931C3@xxxxxxxxxxxxxxxx
>I did dcdiag, but I will try replmon. How do I create a new GPO? I tried to
> do DCGPOFIX. I did fix the sysvol share to full control and everything for
> the SYSTEM and administrator. I did what I found on the TechNET. This is
> why
> I am stumped.
>
> "Steven L Umbach" wrote:
>
>> Can you create a new GPO?? If so use it to compare permissions to the two
>> default GPO's by going to [in Active Directory Users and Computers]
>> system/policies where you will see the guids of the GPO's. Advanced
>> features
>> in view will need to be enabled if it is not already. You can right click
>> a
>> guid and select properties/security to see and manage security on a GPO.
>> You
>> also might try using replmon, add your domain controller to the list of
>> monitored servers and check "show Group Policy status" to see what is
>> shown
>> there. If you have not done so yet also run the support tool dcdiag. Make
>> sure that administrators and system have full control ntfs permissions to
>> the full sysvol folder structure and all files and that administrators
>> have
>> full control share permissions for sysvol share. --- Steve
>>
>>
>> "Adam" <Adam@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:7AD7E9E8-D06A-4795-8D41-FD85D08EF7A2@xxxxxxxxxxxxxxxx
>> > Hi all! I am racking my brain on this problem with a Windows 2003
>> > Standard
>> > server. Basically, it was setup fresh by another IT company and this
>> > problem
>> > never got corrected. I cannot setup permissions and security in the
>> > Domain
>> > Controller Security Policy or the GPO. I have done and searched every
>> > thing
>> > on the board that I can find. I have done a lot of things. i was
>> > wondering
>> > if
>> > anyone could HELP!! I do not want to have to redo an entire server this
>> > weekend!!
>> >
>> > Here is everything that I have done! Thanks for any insight to this
>> > problem!!
>> >
>> > NetDiag - ALL PASSED
>> >
>> > NetBT name test - PASSED
>> > [WARNING] You don't have a single interface with the <00> 'Workstation
>> > Service', <03> Messenger Service, <20> WINS names defined
>> >
>> > GPOTOOL:
>> > Validating DCs...
>> > Error: DC list is empty
>> >
>> > SysVol: has all correct subfolders and folders associated with GUIDs
>> > and
>> > domain name
>> >
>> > Attempted to manually restore the policies
>> > Attempted to automatically restore to default policies
>> >
>> > DCGPOFIX: Unable to read EFS certificates from Registry.pol file of the
>> > Default Domain Policy. The error was
>> > Configuration information could not be read from the domain controller,
>> > either because the machine is unavailable, or access has been denied.
>> > The restore failed.
>> >
>> > Domain Controller Security Policy: Failed to open the Group Policy
>> > Object.
>> > You may not have approriate rights.
>> > Windows cannot find the network path. Verify that the network path is
>> > correct and the destination computer is not busy or turned off. If
>> > Windows
>> > still cannot find the network path, contact your network administrator
>> >
>> > Event Log errors: 1030 & 1058
>> > Windows cannot query for the list of Group Policy objects. Check the
>> > event
>> > log for possible messages previously logged by the policy engine that
>> > describes the reason for this.
>> >
>> > Windows cannot access the file gpt.ini for GPO
>> > CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=executivereports,DC=com.
>> > The file must be present at the location
>> > <\\executivereports.com\sysvol\executivereports.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
>> > (Configuration information could not be read from the domain
>> > controller,
>> > either because the machine is unavailable, or access has been
>> > denied. ).
>> > Group Policy processing aborted.
>> >
>> >
>> >
>>
>>
>>
.
- Follow-Ups:
- Re: Help with GPO problem! PLEASE!!
- From: Adam
- Re: Help with GPO problem! PLEASE!!
- References:
- Re: Help with GPO problem! PLEASE!!
- From: Steven L Umbach
- Re: Help with GPO problem! PLEASE!!
- From: Adam
- Re: Help with GPO problem! PLEASE!!
- Prev by Date: GPOStatus
- Next by Date: Re: Help with GPO problem! PLEASE!!
- Previous by thread: Re: Help with GPO problem! PLEASE!!
- Next by thread: Re: Help with GPO problem! PLEASE!!
- Index(es):
Relevant Pages
|
