Re: Access Denied on GPMC

yup, all shares on dc, and deligations are being assigned to domain admins,
security on folders and subfolders under sysvol are all assigned to domain
admins, if i go back to adding policy objects it still says access denied,
and this time, if i select the two existing defaut objects it says that there
is a Inconsistency between security settings on the sysvol and active
directory, whether if select cancel or ok to revert it back to the settings
on the active directory, it still says access denied, i checked on the active
directory managment SP1 i cant find any relationship based on the prompt that
was showing up

"Todd J Heron" wrote:

> Ensure the Share permissions for any Shared folders on the DC are set to
> Domain Admins FC, especially the \Sysvol share (where policies are stored).
>
> --
> Todd J Heron, MCSE
> Windows Server 2003/2000/NT; CCA
> ----------------------------------------------------------------------------
> This posting is provided "as is" with no warranties and confers no rights
>
> "jbflores" <jbflores@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:BF465B60-04C9-4A59-A86E-ED3DFC1D40B2@xxxxxxxxxxxxxxxx
> need help on GPMC, every time i would add and polcy object it says access
> denied, when i deployed the 2003 server then apply the sp1, the group policy
> in active directory denies me of changing or accessing the files, so what i
> did was i installed first the GPMC sp1 then the SP1 for windows 2003, it
> worked fine, then i installed the ISA2004 and exchange 2003 on the same
> computer, it worked fine also, but when i applied their service packs for
> ISA2004 and exchange 2003, GPMC denied me of access again, and i tried some
> procedures on the troubleshooting and changing some reg keys and delegating,
> and reseting using the support tools. i really need help!!!
>
>
.

Relevant Pages

  • Re: What happens if you scan the sysvol and netlogon?
    ... SYSVOL should only be scanned with trusted anti-virus software. ... How ever what files or folders are created. ... Active Directory behavior and group policy creation and removal within the ... I had symantec scan drives ...
    (microsoft.public.win2000.active_directory)
  • Re: What happens if you scan the sysvol and netlogon?
    ... New folders that were created only have numbers for the ... entire active directory on a simple mistake. ... >SYSVOL should only be scanned with trusted anti-virus ... I had symantec scan drives ...
    (microsoft.public.win2000.active_directory)
  • Re: Access Denied when editing GPO
    ... I checked the "Owner" on some of the GPO folders on my DC (a small one I ... folder has "Domain Admins ... User Accounts" (Administrators is a group, ...
    (microsoft.public.win2000.group_policy)
  • Re: Add Users from other domain to Domain Admins group
    ... > I just added a new resource domain in our large organization. ... > I have setup a trust to our NT4 master domain where the users are located. ... > "locations tree" for group Domain Admins. ... I'm quite new to the concept Active Directory. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Role based permissions
    ... You may want to look at the Active Directory Delegation whitepaper. ... The DAs should be a single group for the entire forest who are responsible for the core functioning of the entire forest - i.e. ... Joe Richards Microsoft MVP Windows Server Directory Services ... Our sys admins have been assigning way too many people the Domain Admins group and we need to create a more sane subset of role based administrative groups. ...
    (microsoft.public.windows.server.active_directory)