Solved

Domain GPO denied, inaccessible according to group policy results

Posted on 2006-06-27
13
13,952 Views
Last Modified: 2010-05-04
Hello,

I have a domain GPO that is not being inherited.  The security filter includes the Domain Users group, and Enforced is set to yes (and it is linked).  The domain controller is also the DNS server and the DHCP server and all workstations have the DC set as their DNS server (provided by DHCP)

Domain consists of about 50 XP pro workstations, all members of the domain.

A gpresult command on an end-user's workstation says that Computer policy is not applied due to an unknown reason.  
Group policy result query on the domain controller for the same example user states that both Computer and User policy were not applied (denied) because they were "Inaccessible".  


HELP!  Thanks in advance.
0
Comment
Question by:bdendy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 
LVL 29

Expert Comment

by:mass2612
ID: 16997206
Do the users have read and apply permissions?
0
 

Author Comment

by:bdendy
ID: 16997213
Read permissions, yes... as applied by default due to the security link.

Let me try adding apply permissions.
0
 

Author Comment

by:bdendy
ID: 16997216
Yes, they already had apply permissions also.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16997275
try creating a new policy and see if it is just a single problem
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 16997897
At what level are you trying to apply this GPO?  OU or domain level?  Why are you setting it to enforced?  What's the GPO do?
0
 

Author Comment

by:bdendy
ID: 17004805
sorry for delay in response... had a server crash last night... unrelated to this problem.....

Anyway, Jay: the new policy had the same problem as this one.

Cleaner, it's the default domain policy.  Domain level... tried setting both enforced and normal, no real difference since there is nothing to override.


Once again, the user policies ARE successfully applied but the computer policies are denied because they are "innacessible".


0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 17009252
Are the computers in an OU or the default "computers" container?  They need to be in an OU.
0
 

Author Comment

by:bdendy
ID: 17010348
Computers are indeed in their respective OUs
0
 
LVL 23

Accepted Solution

by:
TheCleaner earned 500 total points
ID: 17012292
Wait a sec, is the only filter allowed the domain users group?  If so, computer accounts aren't a part of that group and therefore won't run the policy because you've basically denied them the right to...they are a part of the regular "authenticated users" group.
0
 

Author Comment

by:bdendy
ID: 17012583
Cleaner, I think you hit the nail on the head, but I'm not at work right now... will advise soon.  Thanks!
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 17043958
Any updates on this one?
0
 

Author Comment

by:bdendy
ID: 17044342
Sorry for the delayed accept.  

thanks!!
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 17044631
Good deal...glad you got it resolved.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question