Domain GPO denied, inaccessible according to group policy results

Hello,

I have a domain GPO that is not being inherited.  The security filter includes the Domain Users group, and Enforced is set to yes (and it is linked).  The domain controller is also the DNS server and the DHCP server and all workstations have the DC set as their DNS server (provided by DHCP)

Domain consists of about 50 XP pro workstations, all members of the domain.

A gpresult command on an end-user's workstation says that Computer policy is not applied due to an unknown reason.  
Group policy result query on the domain controller for the same example user states that both Computer and User policy were not applied (denied) because they were "Inaccessible".  


HELP!  Thanks in advance.
bdendyAsked:
Who is Participating?
 
TheCleanerConnect With a Mentor Commented:
Wait a sec, is the only filter allowed the domain users group?  If so, computer accounts aren't a part of that group and therefore won't run the policy because you've basically denied them the right to...they are a part of the regular "authenticated users" group.
0
 
mass2612Commented:
Do the users have read and apply permissions?
0
 
bdendyAuthor Commented:
Read permissions, yes... as applied by default due to the security link.

Let me try adding apply permissions.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
bdendyAuthor Commented:
Yes, they already had apply permissions also.
0
 
Jay_Jay70Commented:
try creating a new policy and see if it is just a single problem
0
 
TheCleanerCommented:
At what level are you trying to apply this GPO?  OU or domain level?  Why are you setting it to enforced?  What's the GPO do?
0
 
bdendyAuthor Commented:
sorry for delay in response... had a server crash last night... unrelated to this problem.....

Anyway, Jay: the new policy had the same problem as this one.

Cleaner, it's the default domain policy.  Domain level... tried setting both enforced and normal, no real difference since there is nothing to override.


Once again, the user policies ARE successfully applied but the computer policies are denied because they are "innacessible".


0
 
TheCleanerCommented:
Are the computers in an OU or the default "computers" container?  They need to be in an OU.
0
 
bdendyAuthor Commented:
Computers are indeed in their respective OUs
0
 
bdendyAuthor Commented:
Cleaner, I think you hit the nail on the head, but I'm not at work right now... will advise soon.  Thanks!
0
 
TheCleanerCommented:
Any updates on this one?
0
 
bdendyAuthor Commented:
Sorry for the delayed accept.  

thanks!!
0
 
TheCleanerCommented:
Good deal...glad you got it resolved.
0
All Courses

From novice to tech pro — start learning today.