Re: GPO Access is Denied Messages on DC

Hi
Make sure that the following components are started:
-Netlogon and DFS services are started.
-Domain controllers have the read and apply rights to the Domain Controllers Policy.
-NTFS file system permissions and share permissions are set correctly on the Sysvol share.
Event ID 1000, 1001 is logged every five minutes in the Application event log
http://support.microsoft.com/Default.aspx?id=290647
-DNS entries are correct for the domain controllers
-From cmd, type dfsutil /PurgeMupCache, and then press ENTER.
Make sure that you’ve the latest Service Pack Installed.
http://support.microsoft.com/kb/889100/
Also take a look ate Registry Change (WaitForNetwork) as described here
Group Policy processing does not work and events 1030 and 1058 are logged in the Application log of a domain controller
http://support.microsoft.com/kb/842804/en-us
--
*************************************************
I hope that the information above helps you
Good Luck

Jorge Silva

MCSA + Exchange + MSCE
*************************************************

"NRC Help" <NRC_Support@xxxxxxxxxxxxxxxx> wrote in message news:DB571894-C208-4F92-92D4-50049E0A6C9A@xxxxxxxxxxxxxxxx
Hello,

Recently the two messages below have been showing up in the application
event logs on one of our domain controllers (which happens to be the global
catalog server as well) on a very regular basis . Any ideas what is going on
and how to correct it?

Thanks,


Jim

Source: Userenv, Event ID: 1058
Windows cannot access the file gpt.ini for GPO
cn={EAE3C996-C2F9-4D9A-A348-5D851D466E4C},cn=policies,cn=system,DC=bus,DC=msu,DC=edu.
The file must be present at the location
<\\bus.msu.edu\SysVol\bus.msu.edu\Policies\{EAE3C996-C2F9-4D9A-A348-5D851D466E4C}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

Source: Userenv, Event ID: 1030
Windows cannot query for the list of Group Policy objects. Check the event
log for possible messages previously logged by the policy engine that
describes the reason for this.


.

Relevant Pages

  • Re: Default Domain password policy issue
    ... The domain controllers are members of authenticated users. ... as for applied Group Policy objects for computer settings. ... Policy replication/version problems. ... The settings in this GPO can only apply to the following groups, users, ...
    (microsoft.public.windows.group_policy)
  • Re: Blocking port scans on local network
    ... You can implement enumeration of SAM accounts and shares with probably no ... on domain controllers via Domain Controller Security Policy depending of ... domain computer that has a "require" ipsec policy assigned to it. ... between domain computers and domain controllers as the domain controllers ...
    (microsoft.public.win2000.security)
  • RE: Account Lockout Policy
    ... he didn't say that the policy would be *linked* at ... the Domain Controllers OU, just that the domain password policy would apply ... the Domain Controllers OU will still use the password policy that is defined ... they still utilize the domain-level account settings, because, again, the ...
    (Focus-Microsoft)
  • Re: Blocking port scans on local network
    ... > additional restrictions for anonymous connections in this security guide. ... > do not recommend applying ipsec policy wide scale without some testing of ... > between domain computers and domain controllers as the domain controllers ...
    (microsoft.public.win2000.security)
  • domain users cant logon locally
    ... This is probably caused by the fact that your Windows 2000 ... To find this setting right click the DOmain Controllers OU ... Policy tab, verify that the Default Domain Controllers ... >I have recently installed a new windows 2000 server. ...
    (microsoft.public.win2000.security)