Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 520
  • Last Modified:

Server 2003 Group Policy - Password Policy not applying Event 1202

Hi
I need some help with a customer we look after. Password Policy for domain has stopped working. The GPO is linked at the domain level and is listed first. It applies to pcs but doesnt work. Checked the pdc and noticed event 1202 errors "Security policies were propagated with warning. 0x5 : Access is denied" Running RSOP on pdc shows the policy as appied in computer config, windows settings, security settings, account policies, password policy. But there are red x's against all configured options. Enabled debugging and checked the winlogon.log file and can see "Configure Security Policy Warning 5: Access is denied" Have already checked http://support.microsoft.com/default.aspx?scid=KB;EN-US;324383 and there are no services configured under this GPO. Also created new GPO and same issue. ANy help appreciated
0
nfarrell
Asked:
nfarrell
  • 3
  • 2
1 Solution
 
ChiefITCommented:
Access denied (warning 5) means that the policy doesn't have read or apply policy rights. In other words, you don't have the permissions to apply policies or allow users to read them.

http://technet.microsoft.com/en-us/library/cc759506(WS.10).aspx

I would also check the default permissions on the SYSVOL folder. Make sure they are correct.

Your errors are directly related to an ACL violation, meaning permissions.
0
 
nfarrellAuthor Commented:
Thanks for the reply, I have checked the permissions of the GPO and the scope is correct i.e applied to authenticated users. Checked permissions on the sysvol folder and all  is normal. The gpo will apply on other dcs normaly but its on this pdc that we get the error
0
 
ChiefITCommented:
Windows firewall blocks LDAP requests and it could pose a problem with authentications...
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
nfarrellAuthor Commented:
Windows firewall is disabled. Thinking of trasfering pdc role to another server to get this working
0
 
ChiefITCommented:
An access denied, like this, indicates that you are violating the ACL (access control list), on the policy folder. That would be the sysvol file folder. I would make sure the group policy folder has the default permissions for the domain, and also that the clients are on the domain.

Group policies are distributed out via netbios. So, all computers on the broadcast domain will see these policies. Computers that are not members of the domain, will not get the default domain policy for logons because they don't have domain authentication. This could mean the computer has to rejoin the domain if the secure channel has been broken.

0
 
Glen KnightCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now