Solved

Server 2003 Group Policy - Password Policy not applying Event 1202

Posted on 2010-11-18
7
502 Views
Last Modified: 2012-06-27
Hi
I need some help with a customer we look after. Password Policy for domain has stopped working. The GPO is linked at the domain level and is listed first. It applies to pcs but doesnt work. Checked the pdc and noticed event 1202 errors "Security policies were propagated with warning. 0x5 : Access is denied" Running RSOP on pdc shows the policy as appied in computer config, windows settings, security settings, account policies, password policy. But there are red x's against all configured options. Enabled debugging and checked the winlogon.log file and can see "Configure Security Policy Warning 5: Access is denied" Have already checked http://support.microsoft.com/default.aspx?scid=KB;EN-US;324383 and there are no services configured under this GPO. Also created new GPO and same issue. ANy help appreciated
0
Comment
Question by:nfarrell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 38

Accepted Solution

by:
ChiefIT earned 500 total points
ID: 34170832
Access denied (warning 5) means that the policy doesn't have read or apply policy rights. In other words, you don't have the permissions to apply policies or allow users to read them.

http://technet.microsoft.com/en-us/library/cc759506(WS.10).aspx

I would also check the default permissions on the SYSVOL folder. Make sure they are correct.

Your errors are directly related to an ACL violation, meaning permissions.
0
 

Author Comment

by:nfarrell
ID: 34172053
Thanks for the reply, I have checked the permissions of the GPO and the scope is correct i.e applied to authenticated users. Checked permissions on the sysvol folder and all  is normal. The gpo will apply on other dcs normaly but its on this pdc that we get the error
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 34177429
Windows firewall blocks LDAP requests and it could pose a problem with authentications...
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:nfarrell
ID: 34186875
Windows firewall is disabled. Thinking of trasfering pdc role to another server to get this working
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 34202049
An access denied, like this, indicates that you are violating the ACL (access control list), on the policy folder. That would be the sysvol file folder. I would make sure the group policy folder has the default permissions for the domain, and also that the clients are on the domain.

Group policies are distributed out via netbios. So, all computers on the broadcast domain will see these policies. Computers that are not members of the domain, will not get the default domain policy for logons because they don't have domain authentication. This could mean the computer has to rejoin the domain if the secure channel has been broken.

0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35115205
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question