Solved

Domain GPO denied, inaccessible according to group policy results

Posted on 2006-06-27
13
13,770 Views
Last Modified: 2010-05-04
Hello,

I have a domain GPO that is not being inherited.  The security filter includes the Domain Users group, and Enforced is set to yes (and it is linked).  The domain controller is also the DNS server and the DHCP server and all workstations have the DC set as their DNS server (provided by DHCP)

Domain consists of about 50 XP pro workstations, all members of the domain.

A gpresult command on an end-user's workstation says that Computer policy is not applied due to an unknown reason.  
Group policy result query on the domain controller for the same example user states that both Computer and User policy were not applied (denied) because they were "Inaccessible".  


HELP!  Thanks in advance.
0
Comment
Question by:bdendy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 
LVL 29

Expert Comment

by:mass2612
ID: 16997206
Do the users have read and apply permissions?
0
 

Author Comment

by:bdendy
ID: 16997213
Read permissions, yes... as applied by default due to the security link.

Let me try adding apply permissions.
0
 

Author Comment

by:bdendy
ID: 16997216
Yes, they already had apply permissions also.
0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16997275
try creating a new policy and see if it is just a single problem
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 16997897
At what level are you trying to apply this GPO?  OU or domain level?  Why are you setting it to enforced?  What's the GPO do?
0
 

Author Comment

by:bdendy
ID: 17004805
sorry for delay in response... had a server crash last night... unrelated to this problem.....

Anyway, Jay: the new policy had the same problem as this one.

Cleaner, it's the default domain policy.  Domain level... tried setting both enforced and normal, no real difference since there is nothing to override.


Once again, the user policies ARE successfully applied but the computer policies are denied because they are "innacessible".


0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 17009252
Are the computers in an OU or the default "computers" container?  They need to be in an OU.
0
 

Author Comment

by:bdendy
ID: 17010348
Computers are indeed in their respective OUs
0
 
LVL 23

Accepted Solution

by:
TheCleaner earned 500 total points
ID: 17012292
Wait a sec, is the only filter allowed the domain users group?  If so, computer accounts aren't a part of that group and therefore won't run the policy because you've basically denied them the right to...they are a part of the regular "authenticated users" group.
0
 

Author Comment

by:bdendy
ID: 17012583
Cleaner, I think you hit the nail on the head, but I'm not at work right now... will advise soon.  Thanks!
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 17043958
Any updates on this one?
0
 

Author Comment

by:bdendy
ID: 17044342
Sorry for the delayed accept.  

thanks!!
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 17044631
Good deal...glad you got it resolved.
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Learn about cloud computing and its benefits for small business owners.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question