• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 148
  • Last Modified:

Domain controllers policy cannot be opened with full admin

When I go to open the default domain controllers policy I get "failed to open the group policy object, you may not have appropriate rights detail: the system cannot find the path specified. All other GPO are fine and permissions okay- I can create a new policy in that container and all okay. GPOTOOL gives this result

Policy {6AC1786C-016F-11D2-945F-00C04FB984F9}
Policy OK
DC: ws-ukdatastore.internal.biowisdom.com
Friendly name: Default Domain Controllers Policy
Created: 07/02/2001 22:17:03
Changed: 28/10/2004 14:13:46
DS version:     0(user) 23(machine)
Sysvol version: 0(user) 23(machine)
Flags: 0
User extensions: not found
Machine extensions: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
Functionality version: 2

If I run with /check acl it comes back okay for all policies.

Any ideas
  • 2
1 Solution
Let's troubleshoot.  From a command prompt type:
find /i "cannot find" %SYSTEMROOT%\security\logs\winlogon.log

It's sometimes caused by a renamed or deleted account.  Let me know what you find out.
You can look through the troubleshooting steps (middle of the doc) I had to use here:

In my case, the account causing the error like yours was the guest account renamed to 'mycompany-guest' (the hyphen was the problem).

***On thing I must tell you.  I once had this as a seperate, isolated incident, and a reboot cleared it up.  That's not a reccomendation, just what worked for me***
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now