Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Policy Issues with Windows 2003 Active Directory Domain

Posted on 2006-07-05
2
Medium Priority
?
167 Views
Last Modified: 2010-04-18
I'm about at wits end with this one.  Recently our Windows 2003 Standard Server very badly corrupted the Group Policies.  So, after a very bad power outage, and a unexpectedly shut down server, there are some major issues.  The users are able to login to the domain, but cannot access any network shares.  When accessing the network shares you get the error about not having the rights to access the server.  Upon further troubleshooting, I find that the Domain Controller Group Policy has the "Allow users to access this computer from the network" COMPLETELY empty, no groups or users defined.  If I try and manually add a group to this group policy setting, it will not let me save the change.  I get a failure message and they new changes are removed.  I have already checked permission on the sysvol, I have run a utility provided by M$ called dcgpofix.  Also, if I run the fix using M$ utility, the correct groups are placed back into the "Allow users to access this computer from the network", but after about 10 - 15 minutes, the group policy refreshes itself (I can see this occur in the Event Viewer), and it COMPLETELY deletes the groups that were placed into the group policy by the fixing utility.  So, "Allow users to access this computer from the network" is COMPLETELY empty AGAIN.  At this point, I can play ring around the rosey and keep fixing it, and within 10 - 15 minutes it removes it again.  It ONLY removes the group settings for the "Allow users to access this computer from the network", and everything else appears fine.  Bottom line, users are unable to access the shared network data due to this issue, because as soon as group policy refresh removes the group names from that policy setting, users are unable to open the shared folders.  If I add it again manually, users can access the server, until it gets removed again.  

I hope I made some sense, I have been working on this problem for 10 hours straight and I'm not sure what to do

Thanks a whole lot!
0
Comment
Question by:Krocodile
2 Comments
 
LVL 26

Accepted Solution

by:
Pber earned 2000 total points
ID: 17072941
Maybe I'll take a stab at this one.

How many DC's do you have.  Also is the server that is hosting the shares a DC or a member server in the domain.

What GPO is it?  Default Domain Policy, Default Domain Controller Policy or a custom GPO?
If the GPO is badly corrupted.  It might be best to capture the settings and then just recreate the GPO.  If you are using GPMC, you might want to backup the GPO then restore from backup to see if it fixes things.
0
 

Author Comment

by:Krocodile
ID: 17198390
Thanks Pber!
  I appreciate your feedback.  Sorry I haven't had time to respond, but your statement:
"It might be best to capture the settings and then just recreate the GPO. . . . . . . . " was a great way to push me in the right direction to fix the issue.  Re-creating the GPO was one step, and also a repair of Windows 2003 Server helped to get it back up and running.  
  Again, I apologize that I didn't get back to this question.  Work has been keeping me so busy, but I am so glad that I was able to get it back up and running.  

Thanks!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question