Cannot make changes to Group Policy Manager on the DC

The root Domain Controller is on it's last leg. We installed a new server as follows:
Currently have 2 Windows 2000 servers running AD.
Move FISMO roles to second Windows 2000 machine.
Run adprep for Forest and Domain. Ran Adprep /domainprep /grpprep
Connected WIndows 2003 server to network, joined domain, installed active directory. Moved FISMO to the 2003 machine.
Problem: Trying to install the Symantec EndPoint Protection Management console and ran into a snag. Per Symantec, I need to be able to make changes (add a user) in the Group Policy editor (within the security settings). When I Open this window, the Add a user option is GRAYED out.  I noticed that all item from Security Settings on have a LOCK on them. How do I enable this option (remove the lock)
Who is Participating?
Henrik JohanssonConnect With a Mentor Systems engineerCommented:
You are trying to use local policy editor on DC that has a GPO applying the policy setting.
Run rsop.msc to see what GPO is applying the setting.
Edit the GPO by using ADUC->OU->Properties->Group Policy or use GPMC downloadable at
Dubbi47Author Commented:
This utility helped, however, It did not solve the complete problem. I was still LOCKED out to make changes.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.