Re: Access is Denied to win2k3 GPO's - really stumped!!
- From: a_user <auser@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 28 Jun 2005 09:11:12 -0700
Hi Glenn,
That article resolved the problem. It was the SMB signing. I would like to
know why Windows 2003 disabled some of the stuff that was originally enabled
under windows 2000, especially when it caused these particular problems.
Regardless, everything is running again, now I can focus on my forest
restructuring.
Thank you.
"Glenn LeCheminant" wrote:
> Verify the share level permissions on SYSVOL on the PDC has administrators
> full control.
> verify your SMB signing config is not out of whack
> see http://support.microsoft.com/?kbid=839499
>
> --
> Glenn LeCheminant
> CCNA, MCSE 2000/2003 + Security
>
> "a_user" <auser@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:00A5C8C6-2B50-4212-9231-E1A51E57821F@xxxxxxxxxxxxxxxx
> > Hello all,
> >
> > Problem: I receive an error when trying to open Group Policy via Group
> > Policy Manager or from the default GPO editor since upgrading from Windows
> > 2000 SP4 to Windows 2003 SP1 on my Domain Controllers.
> >
> > Background: Since upgrading my two Windows 2000 SP4 DC servers to Windows
> > 2003 with SP1 I cannot open to edit my gpo's. On one server I installed
> > the
> > new GPO Manager, when I try and edit the default domain policy I receive
> > this
> > message under the settings tab of the administrative template of both
> > computer and user configurations:
> >
> > An unknown error occurred while data was gathered for this extension.
> > Details: Access to the path
> > "\\acsbackup01.acs2k\sysvol\acs2k\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\adm"
> > is denied.
> >
> > When I try and edit GPO's through ADUC on the second win2k3 SP1 domain
> > controller I get an access denied after being prompted to select the PDC
> > Emulator server or the current selection server or any writable DC. I
> > have
> > tried all three. The event viewer is showing tons of 1030 and 1058's.
> > the
> > 1058's say the following:
> >
> > Windows cannot access the file gpt.ini for GPO
> > CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=System,DC=acs2k.
> > The
> > file must be present at the location
> > <\\acs2k\sysvol\acs2k\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\gpt.ini>.
> > (Access is denied. ). Group Policy processing aborted.
> >
> > I followed the knowledge base articles windows help pointed to, I called
> > and
> > received the hotfix but it would not install stating my system is newer
> > then
> > the patch. Article reference: http://support.microsoft.com/kb/842804/
> >
> > Also, I physically applied an enterprise admin account to the sysvol
> > folder
> > as well as the policy folder stated above with FC permissions just to
> > ensure
> > somehow it wasn't a permission problem that made no difference. Other
> > things
> > I have done is stop the DFS Server Service and tried the temp fix it
> > suggested for purging DFS, made no difference either.
> >
> > I would really appreciate if someone could help out here - as it stands I
> > cannot access group policy on my domain controllers as I receive access is
> > denied, it should be noted I am accessing with an enterprise admin account
> > and a domain account these two accounts have always worked up to this
> > point.
> >
> > Thank you!
> >
>
>
>
.
- References:
- Access is Denied to win2k3 GPO's - really stumped!!
- From: a_user
- Re: Access is Denied to win2k3 GPO's - really stumped!!
- From: Glenn LeCheminant
- Access is Denied to win2k3 GPO's - really stumped!!
- Prev by Date: Re: Memberof not returning any groups
- Next by Date: RE: connecting remotly to ADAM
- Previous by thread: Re: Access is Denied to win2k3 GPO's - really stumped!!
- Next by thread: win2k server questions
- Index(es):
Relevant Pages
|
