YellowbusTeam
asked on
Group policy error
Windows 2003 Domain
XP Clients
Hi, We are getting several errors as below in the application log on most of our PC's:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.
Any ideas what causes this?
YB
XP Clients
Hi, We are getting several errors as below in the application log on most of our PC's:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.
Any ideas what causes this?
YB
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry - a bit late.
What is the exact event ID and source on the error?
What is the exact event ID and source on the error?
Heres what to check for Share and NTFS permissions for the SYSVOL Share:
Permissions for C:\
NTFS Permissions
Administrators = full control
Creator owner = none checked, but special permissions checked and greyed out
Everyone = none checked, but special permissions checked and greyed out
System = Full Control
Domain\Users = Read & Execute, List Folder contents, Read
Permissions for C:\Windows\Sysvol
Share
Do not share this folder
NTFS
Administrators = full control
Authenticated Users = Read & Execute, List Folder Contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read
System = Full Control
Permissions for C:\Windows\Sysvol\Sysvol
Share
Share this folder
Maximum Allowed
Administrators = full control
Authenticated Users = Full Control
Everyone = Read
NTFS
Administrators = Full Control, greyed out (inherited)
Authenticated Users = Read & Execute, List Folder contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read, (greyed out)
System = Full Control, greyed out (inherited)
After you have set the proper file permissions I ran the following from command prompt
secedit /configure /cfg %windir%\repair\secsetup.i nf /db secsetup.sdb /verbose
<enter>
Gpupdate
<enter>
reboot
After you rebooted, was the problem resolved?
Permissions for C:\
NTFS Permissions
Administrators = full control
Creator owner = none checked, but special permissions checked and greyed out
Everyone = none checked, but special permissions checked and greyed out
System = Full Control
Domain\Users = Read & Execute, List Folder contents, Read
Permissions for C:\Windows\Sysvol
Share
Do not share this folder
NTFS
Administrators = full control
Authenticated Users = Read & Execute, List Folder Contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read
System = Full Control
Permissions for C:\Windows\Sysvol\Sysvol
Share
Share this folder
Maximum Allowed
Administrators = full control
Authenticated Users = Full Control
Everyone = Read
NTFS
Administrators = Full Control, greyed out (inherited)
Authenticated Users = Read & Execute, List Folder contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read, (greyed out)
System = Full Control, greyed out (inherited)
After you have set the proper file permissions I ran the following from command prompt
secedit /configure /cfg %windir%\repair\secsetup.i
<enter>
Gpupdate
<enter>
reboot
After you rebooted, was the problem resolved?
Is this a default domain policy or a group policy?
One of the most common problems when applying policy is folks like to put the policy on the users or computers "CN" folder. Group policies were made to work on an OU folder. You have to create a folder for either the users or computers you wish to apply policy to and put the members in that OU. Then apply the policy to that OU folder not the default users or the default computers. Those are CN folders not OU folders.
One of the most common problems when applying policy is folks like to put the policy on the users or computers "CN" folder. Group policies were made to work on an OU folder. You have to create a folder for either the users or computers you wish to apply policy to and put the members in that OU. Then apply the policy to that OU folder not the default users or the default computers. Those are CN folders not OU folders.
ASKER
Yeah - Policy is on an OU for all computers.....
ASKER
Event IT = 1030
Did you look at the first link I posted? It describes this issue as related to that event id.
http://support.microsoft.com/kb/314494