Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Domain GPO denied, inaccessible according to group policy results

Posted on 2006-06-27
13
Medium Priority
?
14,281 Views
Last Modified: 2010-05-04
Hello,

I have a domain GPO that is not being inherited.  The security filter includes the Domain Users group, and Enforced is set to yes (and it is linked).  The domain controller is also the DNS server and the DHCP server and all workstations have the DC set as their DNS server (provided by DHCP)

Domain consists of about 50 XP pro workstations, all members of the domain.

A gpresult command on an end-user's workstation says that Computer policy is not applied due to an unknown reason.  
Group policy result query on the domain controller for the same example user states that both Computer and User policy were not applied (denied) because they were "Inaccessible".  


HELP!  Thanks in advance.
0
Comment
Question by:bdendy
13 Comments
 
LVL 29

Expert Comment

by:mass2612
ID: 16997206
Do the users have read and apply permissions?
0
 

Author Comment

by:bdendy
ID: 16997213
Read permissions, yes... as applied by default due to the security link.

Let me try adding apply permissions.
0
 

Author Comment

by:bdendy
ID: 16997216
Yes, they already had apply permissions also.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16997275
try creating a new policy and see if it is just a single problem
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 16997897
At what level are you trying to apply this GPO?  OU or domain level?  Why are you setting it to enforced?  What's the GPO do?
0
 

Author Comment

by:bdendy
ID: 17004805
sorry for delay in response... had a server crash last night... unrelated to this problem.....

Anyway, Jay: the new policy had the same problem as this one.

Cleaner, it's the default domain policy.  Domain level... tried setting both enforced and normal, no real difference since there is nothing to override.


Once again, the user policies ARE successfully applied but the computer policies are denied because they are "innacessible".


0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 17009252
Are the computers in an OU or the default "computers" container?  They need to be in an OU.
0
 

Author Comment

by:bdendy
ID: 17010348
Computers are indeed in their respective OUs
0
 
LVL 23

Accepted Solution

by:
TheCleaner earned 2000 total points
ID: 17012292
Wait a sec, is the only filter allowed the domain users group?  If so, computer accounts aren't a part of that group and therefore won't run the policy because you've basically denied them the right to...they are a part of the regular "authenticated users" group.
0
 

Author Comment

by:bdendy
ID: 17012583
Cleaner, I think you hit the nail on the head, but I'm not at work right now... will advise soon.  Thanks!
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 17043958
Any updates on this one?
0
 

Author Comment

by:bdendy
ID: 17044342
Sorry for the delayed accept.  

thanks!!
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 17044631
Good deal...glad you got it resolved.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Integration Management Part 2

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question