Solved

Domain GPO denied, inaccessible according to group policy results

Posted on 2006-06-27
13
13,584 Views
Last Modified: 2010-05-04
Hello,

I have a domain GPO that is not being inherited.  The security filter includes the Domain Users group, and Enforced is set to yes (and it is linked).  The domain controller is also the DNS server and the DHCP server and all workstations have the DC set as their DNS server (provided by DHCP)

Domain consists of about 50 XP pro workstations, all members of the domain.

A gpresult command on an end-user's workstation says that Computer policy is not applied due to an unknown reason.  
Group policy result query on the domain controller for the same example user states that both Computer and User policy were not applied (denied) because they were "Inaccessible".  


HELP!  Thanks in advance.
0
Comment
Question by:bdendy
13 Comments
 
LVL 29

Expert Comment

by:mass2612
ID: 16997206
Do the users have read and apply permissions?
0
 

Author Comment

by:bdendy
ID: 16997213
Read permissions, yes... as applied by default due to the security link.

Let me try adding apply permissions.
0
 

Author Comment

by:bdendy
ID: 16997216
Yes, they already had apply permissions also.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16997275
try creating a new policy and see if it is just a single problem
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 16997897
At what level are you trying to apply this GPO?  OU or domain level?  Why are you setting it to enforced?  What's the GPO do?
0
 

Author Comment

by:bdendy
ID: 17004805
sorry for delay in response... had a server crash last night... unrelated to this problem.....

Anyway, Jay: the new policy had the same problem as this one.

Cleaner, it's the default domain policy.  Domain level... tried setting both enforced and normal, no real difference since there is nothing to override.


Once again, the user policies ARE successfully applied but the computer policies are denied because they are "innacessible".


0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 17009252
Are the computers in an OU or the default "computers" container?  They need to be in an OU.
0
 

Author Comment

by:bdendy
ID: 17010348
Computers are indeed in their respective OUs
0
 
LVL 23

Accepted Solution

by:
TheCleaner earned 500 total points
ID: 17012292
Wait a sec, is the only filter allowed the domain users group?  If so, computer accounts aren't a part of that group and therefore won't run the policy because you've basically denied them the right to...they are a part of the regular "authenticated users" group.
0
 

Author Comment

by:bdendy
ID: 17012583
Cleaner, I think you hit the nail on the head, but I'm not at work right now... will advise soon.  Thanks!
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 17043958
Any updates on this one?
0
 

Author Comment

by:bdendy
ID: 17044342
Sorry for the delayed accept.  

thanks!!
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 17044631
Good deal...glad you got it resolved.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question