Re: Group Policy object - Inaccessible?

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: "Mark Heitbrink [MVP]" <spam-only@xxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 19 Nov 2007 23:31:56 +0100

Hi,

Christine Cruz schrieb:

I did something really stupid. I accidentally changed the Read permissions
to Deny for (I think) all authenticated users for the default Group Policy.
I meant to change the permissions for just one user. Now, I cannot access
the group policy - it just says "Inaccessible". Does anyone know of a way I
can gain access to this again?

You can use dsacls.exe
http://support.microsoft.com/kb/294257/en-us

The GUID of the DDP is:
{31B2F340-016D-11D2-945F-00C04FB984F9}
and DDCP:
{6AC1786C-016F-11D2-945F-00C04fB984F9}

You can use adsiedit.msc aswell or dsa.msc -> View -> extended (advanced?)
and then you will find the Policies in \system\policies
There you will find the familiar tab "security" on the properties of the
GPO. But I think dsacls will do this job more easily, because the KB
article will guide you ;-)

Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy

Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
.

Prev by Date: Re: Can't Edit Domain Policy
Next by Date: Re: Proxy settings
Previous by thread: User GPO not applying
Next by thread: Re: Group Policy object - Inaccessible?
Index(es):
- Date
- Thread

Relevant Pages

Remove Add or Remove Programs GPO Question
... Programs" GPO but with the following stipulations: ... I have created an OU with the desktop computer accounts and an OU with the ... Authenticated Users - Allow Apply Group Policy ...
(microsoft.public.windows.server.active_directory)
Re: Group Police Effect
... Other things to check for a Group Policy problem include that the GPO is linked to ... read/apply permissions and no "deny" permissions to the GPO in the ... Domain computers are also members of the authenticated users group. ...
(microsoft.public.win2000.security)
Re: GP Is inaccessable
... >authenticated users would have both and if authenticated users does not try ... >you have Group Policy loopback processing enabled in the GPO linked to the ... >> server on windows 2003 server w/sp1. ...
(microsoft.public.windows.group_policy)
RE: Logon script not running for group policy
... regarding to your suggestion of a couple of checks: ... verify that the user*is found in the OU where GP is created ... > and Apply Group Policy) or is a member of one of the groups with these ... > (e.g. Authenticated Users) ...
(microsoft.public.win2000.advanced_server)
Re: Authenticated users
... all user and computer accounts are included in Authenticated Users. ... Check out http://www.gpoguy.com -- The Windows Group Policy Information Hub: ... "Mike" wrote in message ...
(microsoft.public.win2000.group_policy)