The root Domain Controller is on it's last leg. We installed a new server as follows:
Currently have 2 Windows 2000 servers running AD.
Move FISMO roles to second Windows 2000 machine.
Run adprep for Forest and Domain. Ran Adprep /domainprep /grpprep
Connected WIndows 2003 server to network, joined domain, installed active directory. Moved FISMO to the 2003 machine.
Problem: Trying to install the Symantec EndPoint Protection Management console and ran into a snag. Per Symantec, I need to be able to make changes (add a user) in the Group Policy editor (within the security settings). When I Open this window, the Add a user option is GRAYED out. I noticed that all item from Security Settings on have a LOCK on them. How do I enable this option (remove the lock)