Re: Access is Denied to win2k3 GPO's - really stumped!!
- From: "Glenn LeCheminant" <the.only(delete)@gmail dot com>
- Date: Mon, 27 Jun 2005 19:54:06 -0700
Verify the share level permissions on SYSVOL on the PDC has administrators
full control.
verify your SMB signing config is not out of whack
see http://support.microsoft.com/?kbid=839499
--
Glenn LeCheminant
CCNA, MCSE 2000/2003 + Security
"a_user" <auser@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:00A5C8C6-2B50-4212-9231-E1A51E57821F@xxxxxxxxxxxxxxxx
> Hello all,
>
> Problem: I receive an error when trying to open Group Policy via Group
> Policy Manager or from the default GPO editor since upgrading from Windows
> 2000 SP4 to Windows 2003 SP1 on my Domain Controllers.
>
> Background: Since upgrading my two Windows 2000 SP4 DC servers to Windows
> 2003 with SP1 I cannot open to edit my gpo's. On one server I installed
> the
> new GPO Manager, when I try and edit the default domain policy I receive
> this
> message under the settings tab of the administrative template of both
> computer and user configurations:
>
> An unknown error occurred while data was gathered for this extension.
> Details: Access to the path
> "\\acsbackup01.acs2k\sysvol\acs2k\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\adm"
> is denied.
>
> When I try and edit GPO's through ADUC on the second win2k3 SP1 domain
> controller I get an access denied after being prompted to select the PDC
> Emulator server or the current selection server or any writable DC. I
> have
> tried all three. The event viewer is showing tons of 1030 and 1058's.
> the
> 1058's say the following:
>
> Windows cannot access the file gpt.ini for GPO
> CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=System,DC=acs2k.
> The
> file must be present at the location
> <\\acs2k\sysvol\acs2k\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\gpt.ini>.
> (Access is denied. ). Group Policy processing aborted.
>
> I followed the knowledge base articles windows help pointed to, I called
> and
> received the hotfix but it would not install stating my system is newer
> then
> the patch. Article reference: http://support.microsoft.com/kb/842804/
>
> Also, I physically applied an enterprise admin account to the sysvol
> folder
> as well as the policy folder stated above with FC permissions just to
> ensure
> somehow it wasn't a permission problem that made no difference. Other
> things
> I have done is stop the DFS Server Service and tried the temp fix it
> suggested for purging DFS, made no difference either.
>
> I would really appreciate if someone could help out here - as it stands I
> cannot access group policy on my domain controllers as I receive access is
> denied, it should be noted I am accessing with an enterprise admin account
> and a domain account these two accounts have always worked up to this
> point.
>
> Thank you!
>
.
- Follow-Ups:
- References:
- Access is Denied to win2k3 GPO's - really stumped!!
- From: a_user
- Access is Denied to win2k3 GPO's - really stumped!!
- Prev by Date: Re: using NTDS:\\ in IE to browse Active Directory
- Next by Date: Re: printing based on OU
- Previous by thread: Access is Denied to win2k3 GPO's - really stumped!!
- Next by thread: Re: Access is Denied to win2k3 GPO's - really stumped!!
- Index(es):
Relevant Pages
|
