• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 145
  • Last Modified:

Domain controllers policy cannot be opened with full admin

When I go to open the default domain controllers policy I get "failed to open the group policy object, you may not have appropriate rights detail: the system cannot find the path specified. All other GPO are fine and permissions okay- I can create a new policy in that container and all okay. GPOTOOL gives this result

Policy {6AC1786C-016F-11D2-945F-00C04FB984F9}
Policy OK
DC: ws-ukdatastore.internal.biowisdom.com
Friendly name: Default Domain Controllers Policy
Created: 07/02/2001 22:17:03
Changed: 28/10/2004 14:13:46
DS version:     0(user) 23(machine)
Sysvol version: 0(user) 23(machine)
Flags: 0
User extensions: not found
Machine extensions: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
Functionality version: 2

If I run with /check acl it comes back okay for all policies.

Any ideas
  • 2
1 Solution
Let's troubleshoot.  From a command prompt type:
find /i "cannot find" %SYSTEMROOT%\security\logs\winlogon.log

It's sometimes caused by a renamed or deleted account.  Let me know what you find out.
You can look through the troubleshooting steps (middle of the doc) I had to use here:

In my case, the account causing the error like yours was the guest account renamed to 'mycompany-guest' (the hyphen was the problem).

***On thing I must tell you.  I once had this as a seperate, isolated incident, and a reboot cleared it up.  That's not a reccomendation, just what worked for me***

Featured Post

[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now