Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 14680
  • Last Modified:

Domain GPO denied, inaccessible according to group policy results

Hello,

I have a domain GPO that is not being inherited.  The security filter includes the Domain Users group, and Enforced is set to yes (and it is linked).  The domain controller is also the DNS server and the DHCP server and all workstations have the DC set as their DNS server (provided by DHCP)

Domain consists of about 50 XP pro workstations, all members of the domain.

A gpresult command on an end-user's workstation says that Computer policy is not applied due to an unknown reason.  
Group policy result query on the domain controller for the same example user states that both Computer and User policy were not applied (denied) because they were "Inaccessible".  


HELP!  Thanks in advance.
0
bdendy
Asked:
bdendy
1 Solution
 
mass2612Commented:
Do the users have read and apply permissions?
0
 
bdendyAuthor Commented:
Read permissions, yes... as applied by default due to the security link.

Let me try adding apply permissions.
0
 
bdendyAuthor Commented:
Yes, they already had apply permissions also.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Jay_Jay70Commented:
try creating a new policy and see if it is just a single problem
0
 
TheCleanerCommented:
At what level are you trying to apply this GPO?  OU or domain level?  Why are you setting it to enforced?  What's the GPO do?
0
 
bdendyAuthor Commented:
sorry for delay in response... had a server crash last night... unrelated to this problem.....

Anyway, Jay: the new policy had the same problem as this one.

Cleaner, it's the default domain policy.  Domain level... tried setting both enforced and normal, no real difference since there is nothing to override.


Once again, the user policies ARE successfully applied but the computer policies are denied because they are "innacessible".


0
 
TheCleanerCommented:
Are the computers in an OU or the default "computers" container?  They need to be in an OU.
0
 
bdendyAuthor Commented:
Computers are indeed in their respective OUs
0
 
TheCleanerCommented:
Wait a sec, is the only filter allowed the domain users group?  If so, computer accounts aren't a part of that group and therefore won't run the policy because you've basically denied them the right to...they are a part of the regular "authenticated users" group.
0
 
bdendyAuthor Commented:
Cleaner, I think you hit the nail on the head, but I'm not at work right now... will advise soon.  Thanks!
0
 
TheCleanerCommented:
Any updates on this one?
0
 
bdendyAuthor Commented:
Sorry for the delayed accept.  

thanks!!
0
 
TheCleanerCommented:
Good deal...glad you got it resolved.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now