[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

I have a client machine that gives me an "access denied" when trying to open up a service.

Posted on 2005-05-06
8
Medium Priority
?
141 Views
Last Modified: 2013-12-04
A while back, I configured the domain policy to disable the "Routing and Remote" server and reduced the security to only allow administrators.  Now, if I log into any client machine, I can't start the server nor can I even open it up to change the settings.  I've removed all the policies that pertain to this service, ran secedit /enforce, created an entire new "blank" policy and enforced it, even disjoined it from the domain.  I tried to apply a default security to the local machine, but it only apply to the security folder, not the services folder.  Does anyone know how I can get the security lifted on a particular server on a client machine locally?

Thanks,
Daryl
0
Comment
Question by:Mach03
  • 5
  • 3
8 Comments
 
LVL 20

Expert Comment

by:mkbean
ID: 13957102
You should attempt to run RSOP from a custom MMC and see where this policy is coming from.  RSOP comes with Windows XP and can be added to a custom mmc.  You could also download the Group Policy Management Console (GPMC) and run through the Group Policy Results to see the effective policy.

By running one of those tools you should see where the problem is and then try to resolve it from there.  Let me know what your results are if you need more help.


Brian
0
 

Author Comment

by:Mach03
ID: 13960859
Here's what I found when runing dcdiag to one of my domain controllers.  I have two domain controllers, one is passing with flying colors, the other is giving me netlog on errors.  What is the best place to start resolving this issue, the GC?

         * Missing SPN :(null)
         ......................... TRAILHEAD failed test MachineAccount
      Starting test: Services
         ......................... TRAILHEAD passed test Services
      Starting test: ObjectsReplicated
         ......................... TRAILHEAD passed test ObjectsReplicated
      Starting test: frssysvol
         [TRAILHEAD] An net use or LsaPolicy operation failed with error 6
 specified network name is no longer available..
         ......................... TRAILHEAD passed test frssysvol
      Starting test: kccevent
         Failed to enumerate event log records, error The specified networ
 is no longer available.
         ......................... TRAILHEAD failed test kccevent
      Starting test: systemlog
         Failed to enumerate event log records, error The specified networ
 is no longer available.
         ......................... TRAILHEAD failed test systemlog

   Running enterprise tests on : wildwest.du.edu
      Starting test: Intersite
         ......................... wildwest.du.edu passed test Intersite
      Starting test: FsmoCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1722
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, err
2
         A Good Time Server could not be located.
         ......................... wildwest.du.edu failed test FsmoCheck
    * Missing SPN :(null)
    * Missing SPN :(null)
0
 
LVL 20

Expert Comment

by:mkbean
ID: 13960884
Is the server that is giving you problems the PDC Emulator?  If so try to transfer that role to other server and if the other server is not a GC make it one.  Let me know if you need the steps for both of those tasks.

Brian
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Mach03
ID: 13964940
I belive that I have two issues here so I"m going to create a new question for the GC errors.  I've moved the GC's to both machines and nothing happened and I see this causeign another issue.

Anyway, the service on the client machine is still locted and it it's a Win2k client so doesn't support RSOP.  Any other ideas?
0
 

Author Comment

by:Mach03
ID: 13965190
I've used dcdiag and netdiag and everythign is checkign out fine, but my group polices are not beign applied to some client machine (on another network).   Is there another command I can use to check the gpo?
0
 
LVL 20

Accepted Solution

by:
mkbean earned 2000 total points
ID: 13965375
Make sure you run gpupdate /force on your clients to refresh the policies.  You can create a custom MMC and add the RSOP snap-in which will tell you which policies are applying.  Also realize the firewall on SP2 blocks group policies too.

Brian
0
 

Author Comment

by:Mach03
ID: 13969000
My clients are Windows 2000
0
 

Author Comment

by:Mach03
ID: 14237156
For some reason, the policy wouldn't lift. So we deceided to just rebuild the machine.. all works fine now.
Thanks for your help
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Loops Section Overview

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question