Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Server 2003 Group Policy - Password Policy not applying Event 1202

Posted on 2010-11-18
7
Medium Priority
?
516 Views
Last Modified: 2012-06-27
Hi
I need some help with a customer we look after. Password Policy for domain has stopped working. The GPO is linked at the domain level and is listed first. It applies to pcs but doesnt work. Checked the pdc and noticed event 1202 errors "Security policies were propagated with warning. 0x5 : Access is denied" Running RSOP on pdc shows the policy as appied in computer config, windows settings, security settings, account policies, password policy. But there are red x's against all configured options. Enabled debugging and checked the winlogon.log file and can see "Configure Security Policy Warning 5: Access is denied" Have already checked http://support.microsoft.com/default.aspx?scid=KB;EN-US;324383 and there are no services configured under this GPO. Also created new GPO and same issue. ANy help appreciated
0
Comment
Question by:nfarrell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 39

Accepted Solution

by:
ChiefIT earned 2000 total points
ID: 34170832
Access denied (warning 5) means that the policy doesn't have read or apply policy rights. In other words, you don't have the permissions to apply policies or allow users to read them.

http://technet.microsoft.com/en-us/library/cc759506(WS.10).aspx

I would also check the default permissions on the SYSVOL folder. Make sure they are correct.

Your errors are directly related to an ACL violation, meaning permissions.
0
 

Author Comment

by:nfarrell
ID: 34172053
Thanks for the reply, I have checked the permissions of the GPO and the scope is correct i.e applied to authenticated users. Checked permissions on the sysvol folder and all  is normal. The gpo will apply on other dcs normaly but its on this pdc that we get the error
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 34177429
Windows firewall blocks LDAP requests and it could pose a problem with authentications...
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:nfarrell
ID: 34186875
Windows firewall is disabled. Thinking of trasfering pdc role to another server to get this working
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 34202049
An access denied, like this, indicates that you are violating the ACL (access control list), on the policy folder. That would be the sysvol file folder. I would make sure the group policy folder has the default permissions for the domain, and also that the clients are on the domain.

Group policies are distributed out via netbios. So, all computers on the broadcast domain will see these policies. Computers that are not members of the domain, will not get the default domain policy for logons because they don't have domain authentication. This could mean the computer has to rejoin the domain if the secure channel has been broken.

0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35115205
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question