Access is Denied to win2k3 GPO's - really stumped!!

Hello all,

Problem: I receive an error when trying to open Group Policy via Group
Policy Manager or from the default GPO editor since upgrading from Windows
2000 SP4 to Windows 2003 SP1 on my Domain Controllers.

Background: Since upgrading my two Windows 2000 SP4 DC servers to Windows
2003 with SP1 I cannot open to edit my gpo’s. On one server I installed the
new GPO Manager, when I try and edit the default domain policy I receive this
message under the settings tab of the administrative template of both
computer and user configurations:

An unknown error occurred while data was gathered for this extension.
Details: Access to the path
"\\acsbackup01.acs2k\sysvol\acs2k\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\adm" is denied.

When I try and edit GPO’s through ADUC on the second win2k3 SP1 domain
controller I get an access denied after being prompted to select the PDC
Emulator server or the current selection server or any writable DC. I have
tried all three. The event viewer is showing tons of 1030 and 1058’s. the
1058’s say the following:

Windows cannot access the file gpt.ini for GPO
CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=System,DC=acs2k. The
file must be present at the location
<\\acs2k\sysvol\acs2k\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

I followed the knowledge base articles windows help pointed to, I called and
received the hotfix but it would not install stating my system is newer then
the patch. Article reference: http://support.microsoft.com/kb/842804/

Also, I physically applied an enterprise admin account to the sysvol folder
as well as the policy folder stated above with FC permissions just to ensure
somehow it wasn’t a permission problem that made no difference. Other things
I have done is stop the DFS Server Service and tried the temp fix it
suggested for purging DFS, made no difference either.

I would really appreciate if someone could help out here – as it stands I
cannot access group policy on my domain controllers as I receive access is
denied, it should be noted I am accessing with an enterprise admin account
and a domain account these two accounts have always worked up to this point.

Thank you!

.

Relevant Pages

  • Re: SCW question.
    ... Created a new Server and installed IIS. ... and saw that the default rights for IUSR and IWAM users are there. ... Server to the domain without and GPO's applied...Local Security policy ... rights (which coincides with my Member server GPO settings). ...
    (microsoft.public.windows.server.security)
  • Re: Group Policy is now inhibiting the Administrator account
    ... under Group Policy Objects - those are the individual GPOs. ... You can apply any given GPO to one or more OUs, ... I use all of the default security in SBS, ... log on to the server with your own account. ...
    (microsoft.public.windows.server.sbs)
  • Re: User Profiles
    ... You can use Folder redirection for the Start Menu, ... Exactly what icons are you getting from the Default Domain Policy, ... and in which GPO setting are they defined? ... MCSE, CCEA, Microsoft MVP - Terminal Server ...
    (microsoft.public.windows.terminal_services)
  • Re: Group policy for windows 2000 pro and windows Xp pro..HELP>>!!!!!
    ... When you edit a GPO from a machine that has higher rev ... to which policy is applied, ... Windows 2000 Professional and windows XP professional, ... GP from the server, do i need some kind of updates for the server to work ...
    (microsoft.public.security)
  • Re: GPO - Access denied after changing a GP setting
    ... You are about to restore Default Domain policy and Default domain Controller po ... This may render some server applications to fail. ... Unable to open the GPO due to access denied. ... You are about to restore Default Domain controller policy for the following domain ...
    (microsoft.public.windows.server.security)
Loading