Virene
asked on
OU Delegated Rights Not Inherited
I'm running the Delegation of Control wizard at an OU level. I'm assigning all available rights in the wizard to a group called "Admins". However, after running this some objects below the OU do not receive the inherited rights. The ability to edit a couple user objects remains greyed out for a person in the Admin group and the Admins group does not show up in the "Security" tab of the problem object.
Replication is not the issue and the person trying to edit the user objects has logged out and back in before making the edit attempt.
What could be causing this?
Thanks,
Rick Virene
Jacobs Engineering
Replication is not the issue and the person trying to edit the user objects has logged out and back in before making the edit attempt.
What could be causing this?
Thanks,
Rick Virene
Jacobs Engineering
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, guys for your responses. We had determined that there were GPOs involved. We found that all objects not receiving inherited rights were members of the Server Operators protected group. So this article was a direct hit: Description and Update of the Active Directory AdminSDHolder Object
http://support.microsoft.com/?kbid=232199
Rick Virene
http://support.microsoft.com/?kbid=232199
Rick Virene
http://support.microsoft.com/default.aspx?scid=kb;EN-US;221930
Troubleshooting Group Policy in Windows 2000
http://www.microsoft.com/windows2000/techinfo/howitworks/management/gptshoot.asp
Local Group Policy Settings Do Not Take Effect
http://support.microsoft.com/default.aspx?scid=kb;en-us;220862
Gpotool.exe: Group Policy Verification Tool
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/gpotool-o.asp
Does windows2000 has security monitoring to know if somebody's overriding my group policy (GPO):
https://www.experts-exchange.com/questions/20606772/Does-windows2000-has-security-monitoring-to-know-if-somebody's-overriding-my-group-policy.html
Using Secedit.exe to Force Group Policy (GPO) to Be Applied Again:
http://support.microsoft.com/default.aspx?scid=kb;en-us;227448
Refresh policy from windows 2000 server:
1. Start / Run
2. CMD / ENTER
3. SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE
4. SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE
5. EXIT
Gpupdate - Refreshes local and Active Directory-based Group Policy settings in Windows XP
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/refrgp.mspx
Using the Group Policy Snap-in Focused on a Remote Computer
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/dsec/dsec_pol_dbyy.asp
Troubleshooting Group Policy Application Problems
http://support.microsoft.com/?kbid=250842
Upgrading Windows 2000 Group Policy for Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;307900
Group Policy to Remove Program May Not Be Applied to Some Users and Computers
http://support.microsoft.com/default.aspx?scid=kb;en-us;240790
Remember to Enforce a Remote Access Security Policy in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q313082&sd=tech
Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark
:o) Your brain is like a parachute. It works best when it's open