Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Server 2003 Group policy object access denied

Posted on 2009-02-12
6
Medium Priority
?
487 Views
Last Modified: 2013-12-04
Hi All,
I have created a OU group and assinged a login so i can control group policy. I have created a Child OU in group policy and linked it to the AD group and set-up the policy. How the policy does not work.
I can see from the Policy results the User GPO is denied, Reason access Denied.
0
Comment
Question by:smartsyatton
  • 3
  • 2
6 Comments
 
LVL 1

Author Comment

by:smartsyatton
ID: 23621747
Sorry forgot to include Image of all setups to help. Thanks
ad.JPG
0
 
LVL 4

Assisted Solution

by:Scotty080589
Scotty080589 earned 200 total points
ID: 23621871
Remember that Local  GPO is overpowered by Site GPO, which is overpower by Domain GPO, which is overwritten by OU GPO.

Check and ensure you do not have another policy set such as a one time domain template.

heres microsoft's GPO troubleshooting article, one of those things that are hard to fix without seeing though.
http://technet.microsoft.com/en-us/library/cc787386.aspx

make sure there is not a parent OU that is governing that child

but try this, to see if it is enabled in the GPO status

Use GPMC "group policy managmant console" (free from microsoft).
Navigate to Domains, then to your domain name, then to Group policy objects right click, Create a NEW GPO call it what ever you like. (or use existing one)
right click it to edit the GPO with the user configuration that you want, the close the editor. Then click your GPO in the tree on the left of the screen. on the right at the top you will see the scope tab make sure it is selected. You will see security filtering on the bottom half of the screen, remove authenticated users or the policy will apply to everyone. then add the OU you created earler in its place You can check if it is enable by right clicking the GPO and going to GPO status ! it should be enabled by default.

0
 
LVL 11

Expert Comment

by:snoopfrogg
ID: 23622022
In the image you attached, the GPO is set to apply only to the System group, which won't include your users.  By default, GPOs are permissioned to apply to Authenticated Users.  I'm not sure why your GPO has System listed, but I would add an entry for Authenticated Users and remove the System entry.  Definitely test this first.

Another possible source of your problem is a deny entry being set in the GPOs ACL, which won't show up in the Security Filtering section of the GPMC.  To see if any deny entries are set in the GPOs ACL, go to the Delegation tab, then the Advanced button (bottom right),  As a best practice, it's to your advantage to set as few deny entries in GPO ACLs as possible due to the diffiicult nature of seeing them.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
LVL 1

Author Comment

by:smartsyatton
ID: 23623496
Okay thanks, Getting there, I now have the GPO being applied but it is allways  replaced by the Default domain GPO.?!
Sure i am missing somthing.

Regards
ad1.JPG
0
 
LVL 11

Accepted Solution

by:
snoopfrogg earned 800 total points
ID: 23623647
Per your first image, the Default Domain Policy GPO is being enforced which gives it precedence over the Training GPO applied at the OU level.  Removing the enforcement of the Default Domain Policy GPO will give the Training GPO precedence.

If the Default Domain Policy GPO was enforced so that OU administrators could not supersede domain policy, though, this may not be the route you want to take.  You'll need to weigh the costs and benefits to fixing your immediate issue.
0
 
LVL 1

Author Closing Comment

by:smartsyatton
ID: 31546035
Very helpfull thanks
0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Spectre and Meltdown, how it affects me and my clients?
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question