Re: Not able to edit Group Policy Objects,

After 4 weeks of testing and diagnostics with Microsoft, and an additional 3
weeks previous of my own, we have solved the problem.

IBM Director when installed and bound to "All interfaces" on a server that
has more than one network interface will stop Group Policies from applying,
FRS will stop functioning, and DFS shares will not be visible (i.e.
\\fqdn.com\sysvol and \\fqdn.com\netlogon etc..)

Uninstalling Director will fix the problem, installing it bound only to the
local interface answering domain traffic should also work although i have not
re-installed yet.

Thanks IBM.

"Wade" wrote:

> Nevin,
>
> Check permissions.
>
> Make sure the client has "read" permissions so that the group policy can
> apply to them. Also make sure whatever account your trying to modify the
> GPOs with has permission to do so. For example, use a domain admin or
> enterprise admin account to make sure have appropriate permission to modify
> the GPOs; unless in your forest / domain the domain admins and enterprise
> admin groups have been removed from their default locations.
>
> Wade
>
>
> "Nevin Swan" <NevinSwan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:9E5C87E7-AF07-4BEC-B12F-95E98238ADD3@xxxxxxxxxxxxxxxx
> > Hi Damian,
> >
> > I opened a support incident with Microsoft a couple of weeks ago and we
> > are
> > still working on trying to resolve it.
> >
> > I will post here with any results that come from it.
> >
> > "Damian Jones" wrote:
> >
> >> I have the same problem on my 2k3 server network. Is there a way to
> >> rebuild
> >> the Group Policy Object? I didn't have many changes, but I need to make
> >> some
> >> now.
> >>
> >> Thanks,
> >> Damian
> >>
> >> "Nevin Swan" wrote:
> >>
> >> > That's what i thought to begin with.
> >> >
> >> > However i have no event viewer errors for DNS being logged on either of
> >> > my
> >> > DNS servers and i can resolve the domain from any computers, the DNS
> >> > tests
> >> > pass in DCDIAG etc...
> >> >
> >> > So i am at a loss where to go from here?
> >> >
> >> > "Danilo Bordini [MVP]" wrote:
> >> >
> >> > > Nevin,
> >> > > Reading about it, looks like some issue with DNS. If you cannot
> >> > > create new
> >> > > GPO's and existents GPO's are not being applied, the first step is to
> >> > > check
> >> > > if DNS is working (forward zones, reverses zones, SRV records, client
> >> > > configurations, server configurations, etc)
> >> > > --
> >> > > Danilo Bordini - MVP Windows Server - Directory Services
> >> > >
> >> > >
> >> > >
> >> > > "Nevin Swan" wrote:
> >> > >
> >> > > > Sorry, just to clarify, I should also mention that the group
> >> > > > policies are not
> >> > > > being applied to any clients either.
> >> > > >
> >> > > > "Nevin Swan" wrote:
> >> > > >
> >> > > > > Hello,
> >> > > > >
> >> > > > > I am unable to edit any Group Policy Objects in my Windows 2000
> >> > > > > Domain, the
> >> > > > > error i get is as follows:
> >> > > > >
> >> > > > > "Failed to open the Group Policy Object. You may not have the
> >> > > > > appropriate
> >> > > > > rights.
> >> > > > >
> >> > > > > Details:
> >> > > > > The system could not find the path specified."
> >> > > > >
> >> > > > > I have 3 domain controllers, all of which have intact SYSVOL
> >> > > > > shares. I can
> >> > > > > access the other 2 domain controllers SYSVOL share from each of
> >> > > > > the servers.
> >> > > > >
> >> > > > > I have checked DNS, which is installed on 2 of the three servers
> >> > > > > and all
> >> > > > > seems perfect.
> >> > > > >
> >> > > > > DFS is enabled and replication is happening correctly.
> >> > > > >
> >> > > > > DCDiag and NetDiag both return no errors, all tests pass
> >> > > > > successfully.
> >> > > > >
> >> > > > > I have also run GPOTOOL which reports all of my GPO's to be
> >> > > > > functional.
> >> > > > >
> >> > > > > Now i am stuck, any help would be appreciated.
> >> > > > >
> >> > > > > Thank you.
> >> > > > > Nevin.
>
>
>
.

Relevant Pages

  • Re: Not able to edit Group Policy Objects,
    ... Make sure the client has "read" permissions so that the group policy can ... Also make sure whatever account your trying to modify the ... use a domain admin or ...
    (microsoft.public.windows.server.active_directory)
  • Re: domain administrator user to installed software on workstations?
    ... the machines with Group Policy. ... The best way of installing software is...with a domain admin account or ... local domain admin, or do i need to created a special domain user so i ...
    (microsoft.public.win2000.security)
  • Re: Group policy Creator Owners group
    ... In AppCatogories properties you can define the permissions for those ... Administrators security group, the Enterprise Administrators security ... or the Group Policy Creator Owners security group. ... When a Domain admin has tried to create a Category - there is no issue. ...
    (microsoft.public.windows.server.active_directory)
  • Re: FTP problem with more than 2 users configured
    ... After this I ran Filemon and set it to filter on "inetinfo". ... I think you'll agree that file permissions are not the issue here. ... >> began after the installation of Exchange Server 2003. ... >> computer from the network' for other users with the Group Policy ...
    (microsoft.public.inetserver.iis.ftp)
  • RE: Error binding to local domain
    ... away because I was away for a couple weeks and I do not force permissions on ... The permissions dialog just times out trying to resolve the ... >> following event "Windows cannot query for the list of Group Policy objects. ... >> An Active Directory, network connectivity, or network configuration problem ...
    (microsoft.public.windows.server.sbs)
Loading