Solved

Policy Issues with Windows 2003 Active Directory Domain

Posted on 2006-07-05
2
159 Views
Last Modified: 2010-04-18
I'm about at wits end with this one.  Recently our Windows 2003 Standard Server very badly corrupted the Group Policies.  So, after a very bad power outage, and a unexpectedly shut down server, there are some major issues.  The users are able to login to the domain, but cannot access any network shares.  When accessing the network shares you get the error about not having the rights to access the server.  Upon further troubleshooting, I find that the Domain Controller Group Policy has the "Allow users to access this computer from the network" COMPLETELY empty, no groups or users defined.  If I try and manually add a group to this group policy setting, it will not let me save the change.  I get a failure message and they new changes are removed.  I have already checked permission on the sysvol, I have run a utility provided by M$ called dcgpofix.  Also, if I run the fix using M$ utility, the correct groups are placed back into the "Allow users to access this computer from the network", but after about 10 - 15 minutes, the group policy refreshes itself (I can see this occur in the Event Viewer), and it COMPLETELY deletes the groups that were placed into the group policy by the fixing utility.  So, "Allow users to access this computer from the network" is COMPLETELY empty AGAIN.  At this point, I can play ring around the rosey and keep fixing it, and within 10 - 15 minutes it removes it again.  It ONLY removes the group settings for the "Allow users to access this computer from the network", and everything else appears fine.  Bottom line, users are unable to access the shared network data due to this issue, because as soon as group policy refresh removes the group names from that policy setting, users are unable to open the shared folders.  If I add it again manually, users can access the server, until it gets removed again.  

I hope I made some sense, I have been working on this problem for 10 hours straight and I'm not sure what to do

Thanks a whole lot!
0
Comment
Question by:Krocodile
2 Comments
 
LVL 26

Accepted Solution

by:
Pber earned 500 total points
ID: 17072941
Maybe I'll take a stab at this one.

How many DC's do you have.  Also is the server that is hosting the shares a DC or a member server in the domain.

What GPO is it?  Default Domain Policy, Default Domain Controller Policy or a custom GPO?
If the GPO is badly corrupted.  It might be best to capture the settings and then just recreate the GPO.  If you are using GPMC, you might want to backup the GPO then restore from backup to see if it fixes things.
0
 

Author Comment

by:Krocodile
ID: 17198390
Thanks Pber!
  I appreciate your feedback.  Sorry I haven't had time to respond, but your statement:
"It might be best to capture the settings and then just recreate the GPO. . . . . . . . " was a great way to push me in the right direction to fix the issue.  Re-creating the GPO was one step, and also a repair of Windows 2003 Server helped to get it back up and running.  
  Again, I apologize that I didn't get back to this question.  Work has been keeping me so busy, but I am so glad that I was able to get it back up and running.  

Thanks!
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to customise Office 2016 font settings with a GPO 3 94
User profile Size Report 3 72
Can’t delete a file 14 161
Active Directory delegation of control to a user 3 100
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Learn about cloud computing and its benefits for small business owners.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question