Policy Issues with Windows 2003 Active Directory Domain
Posted on 2006-07-05
I'm about at wits end with this one. Recently our Windows 2003 Standard Server very badly corrupted the Group Policies. So, after a very bad power outage, and a unexpectedly shut down server, there are some major issues. The users are able to login to the domain, but cannot access any network shares. When accessing the network shares you get the error about not having the rights to access the server. Upon further troubleshooting, I find that the Domain Controller Group Policy has the "Allow users to access this computer from the network" COMPLETELY empty, no groups or users defined. If I try and manually add a group to this group policy setting, it will not let me save the change. I get a failure message and they new changes are removed. I have already checked permission on the sysvol, I have run a utility provided by M$ called dcgpofix. Also, if I run the fix using M$ utility, the correct groups are placed back into the "Allow users to access this computer from the network", but after about 10 - 15 minutes, the group policy refreshes itself (I can see this occur in the Event Viewer), and it COMPLETELY deletes the groups that were placed into the group policy by the fixing utility. So, "Allow users to access this computer from the network" is COMPLETELY empty AGAIN. At this point, I can play ring around the rosey and keep fixing it, and within 10 - 15 minutes it removes it again. It ONLY removes the group settings for the "Allow users to access this computer from the network", and everything else appears fine. Bottom line, users are unable to access the shared network data due to this issue, because as soon as group policy refresh removes the group names from that policy setting, users are unable to open the shared folders. If I add it again manually, users can access the server, until it gets removed again.
I hope I made some sense, I have been working on this problem for 10 hours straight and I'm not sure what to do
Thanks a whole lot!