Solved

Domain GPO denied, inaccessible according to group policy results

Posted on 2006-06-27
13
13,468 Views
Last Modified: 2010-05-04
Hello,

I have a domain GPO that is not being inherited.  The security filter includes the Domain Users group, and Enforced is set to yes (and it is linked).  The domain controller is also the DNS server and the DHCP server and all workstations have the DC set as their DNS server (provided by DHCP)

Domain consists of about 50 XP pro workstations, all members of the domain.

A gpresult command on an end-user's workstation says that Computer policy is not applied due to an unknown reason.  
Group policy result query on the domain controller for the same example user states that both Computer and User policy were not applied (denied) because they were "Inaccessible".  


HELP!  Thanks in advance.
0
Comment
Question by:bdendy
13 Comments
 
LVL 29

Expert Comment

by:mass2612
ID: 16997206
Do the users have read and apply permissions?
0
 

Author Comment

by:bdendy
ID: 16997213
Read permissions, yes... as applied by default due to the security link.

Let me try adding apply permissions.
0
 

Author Comment

by:bdendy
ID: 16997216
Yes, they already had apply permissions also.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16997275
try creating a new policy and see if it is just a single problem
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 16997897
At what level are you trying to apply this GPO?  OU or domain level?  Why are you setting it to enforced?  What's the GPO do?
0
 

Author Comment

by:bdendy
ID: 17004805
sorry for delay in response... had a server crash last night... unrelated to this problem.....

Anyway, Jay: the new policy had the same problem as this one.

Cleaner, it's the default domain policy.  Domain level... tried setting both enforced and normal, no real difference since there is nothing to override.


Once again, the user policies ARE successfully applied but the computer policies are denied because they are "innacessible".


0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 17009252
Are the computers in an OU or the default "computers" container?  They need to be in an OU.
0
 

Author Comment

by:bdendy
ID: 17010348
Computers are indeed in their respective OUs
0
 
LVL 23

Accepted Solution

by:
TheCleaner earned 500 total points
ID: 17012292
Wait a sec, is the only filter allowed the domain users group?  If so, computer accounts aren't a part of that group and therefore won't run the policy because you've basically denied them the right to...they are a part of the regular "authenticated users" group.
0
 

Author Comment

by:bdendy
ID: 17012583
Cleaner, I think you hit the nail on the head, but I'm not at work right now... will advise soon.  Thanks!
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 17043958
Any updates on this one?
0
 

Author Comment

by:bdendy
ID: 17044342
Sorry for the delayed accept.  

thanks!!
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 17044631
Good deal...glad you got it resolved.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server 2003 x64 upgrade question 10 47
Need MS Windows 2003 R2 (32) support tools 3 79
AD Replications issues 12 106
ticket bloat 3 31
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question