Error trying to open Group policy Management Editor in Server 2008 R2
When trying to open and make changes to an existing group policy in Server 2008 R2, I receive the following error. "Group Policy Error, failed to open the group policy object, you may not have appropriate rights."
I was just making some final changes to this group policy object on this new server and was about to create a backup of the settings. So, unfortunately I can't restore the policy settings from backup. I think I remember a similar issue from Serve 2003 where I was able to use volume shadow copy to restore a registry.pol or something to that effect to get this back working again, but I'm not sure.
Is there a way to fix this issue? Thanks for your assistance.
I was just making some final changes to this group policy object on this new server and was about to create a backup of the settings. So, unfortunately I can't restore the policy settings from backup. I think I remember a similar issue from Serve 2003 where I was able to use volume shadow copy to restore a registry.pol or something to that effect to get this back working again, but I'm not sure.
Is there a way to fix this issue? Thanks for your assistance.
Bawer
make sure you have enough permissions on SYSVOL folder.
You must have read or write access to the gplink and gpoptions propeties on the gpo.
What account are you using to try to edit the gpo?
By default, domain admins have this right.
make sure you have read and write access to the gpo you are trying to modify.
delegating group policy
http://technet.microsoft.com/en-us/library/cc776858(WS.10).aspx
ASKER
The permissions are fine. I have been in and out of this policy many times as I have been creating it. I am logged onto the server as an administrator. I just received this error all of a sudden.
Run dcdiag post results
ASKER
Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = ANNE * Identified AD Forest.
Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\AN
access rights for the naming context: DC=ForestDnsZones,DC=cec,D
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set
access rights for the naming context: DC=DomainDnsZones,DC=cec,D
......................... ANNE failed test NCSecDesc
Starting test: NetLogons ......................... ANNE passed test NetLogons Starting test: ObjectsReplicated ......................... ANNE passed test ObjectsReplicated Starting test: Replications ......................... ANNE passed test Replications Starting test: RidManager ......................... ANNE passed test RidManager Starting test: Services ......................... ANNE passed test Services Starting test: SystemLog An error event occurred. EventID: 0x00000457 Time Generated: 03/19/2011 16:46:30 Event String: Driver Lexmark Optra S 1625 (MS) required for printer Lexmark Tech area is unknown. Contact the administrator to install the driver before you log in again. An error event occurred. EventID: 0x00000457 Time Generated: 03/19/2011 16:46:31 Event String: Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again. An error event occurred. EventID: 0x00000457 Time Generated: 03/19/2011 16:46:32 Event String: Driver Microsoft Office Live Meeting 2007 Document Writer Driver required for printer Microsoft Office Live Meeting 2007 Document Writer is unknown. Contact the administrator to install the driver before you log in again. An error event occurred. EventID: 0x00000457 Time Generated: 03/19/2011 16:46:34 Event String: Driver PrimoPDF required for printer PrimoPDF is unknown. Contact the administrator to install the driver before you log in again. An error event occurred. EventID: 0x00000457 Time Generated: 03/19/2011 16:46:34 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An error event occurred. EventID: 0x00000457
Time Generated: 03/19/2011 16:46:35 Event String: Driver Lexmark Optra S 1625 (MS) required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again. An error event occurred. EventID: 0x00000457 Time Generated: 03/19/2011 16:46:39 Event String: Driver Lexmark C532 required for printer !!server1!Lexmark C532 is unknown. Contact the administrator to install the driver before you log in again. ......................... ANNE failed test SystemLog Starting test: VerifyReferences ......................... ANNE passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : cec Starting test: CheckSDRefDom ......................... cec passed test CheckSDRefDom Starting test: CrossRefValidation ......................... cec passed test CrossRefValidation
Running enterprise tests on : cec.local Starting test: LocatorCheck ......................... cec.local passed test LocatorCheck Starting test: Intersite ......................... cec.local passed test Intersite
Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\AN
access rights for the naming context: DC=ForestDnsZones,DC=cec,D
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set
access rights for the naming context: DC=DomainDnsZones,DC=cec,D
......................... ANNE failed test NCSecDesc
Starting test: NetLogons ......................... ANNE passed test NetLogons Starting test: ObjectsReplicated ......................... ANNE passed test ObjectsReplicated Starting test: Replications ......................... ANNE passed test Replications Starting test: RidManager ......................... ANNE passed test RidManager Starting test: Services ......................... ANNE passed test Services Starting test: SystemLog An error event occurred. EventID: 0x00000457 Time Generated: 03/19/2011 16:46:30 Event String: Driver Lexmark Optra S 1625 (MS) required for printer Lexmark Tech area is unknown. Contact the administrator to install the driver before you log in again. An error event occurred. EventID: 0x00000457 Time Generated: 03/19/2011 16:46:31 Event String: Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again. An error event occurred. EventID: 0x00000457 Time Generated: 03/19/2011 16:46:32 Event String: Driver Microsoft Office Live Meeting 2007 Document Writer Driver required for printer Microsoft Office Live Meeting 2007 Document Writer is unknown. Contact the administrator to install the driver before you log in again. An error event occurred. EventID: 0x00000457 Time Generated: 03/19/2011 16:46:34 Event String: Driver PrimoPDF required for printer PrimoPDF is unknown. Contact the administrator to install the driver before you log in again. An error event occurred. EventID: 0x00000457 Time Generated: 03/19/2011 16:46:34 Event String: Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again. An error event occurred. EventID: 0x00000457
Time Generated: 03/19/2011 16:46:35 Event String: Driver Lexmark Optra S 1625 (MS) required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again. An error event occurred. EventID: 0x00000457 Time Generated: 03/19/2011 16:46:39 Event String: Driver Lexmark C532 required for printer !!server1!Lexmark C532 is unknown. Contact the administrator to install the driver before you log in again. ......................... ANNE failed test SystemLog Starting test: VerifyReferences ......................... ANNE passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : cec Starting test: CheckSDRefDom ......................... cec passed test CheckSDRefDom Starting test: CrossRefValidation ......................... cec passed test CrossRefValidation
Running enterprise tests on : cec.local Starting test: LocatorCheck ......................... cec.local passed test LocatorCheck Starting test: Intersite ......................... cec.local passed test Intersite
dcdiag is very hard to read in that format
ASKER
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = ANNE
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AN
Starting test: Connectivity
......................... ANNE passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AN
Starting test: Advertising
......................... ANNE passed test Advertising
Starting test: FrsEvent
......................... ANNE passed test FrsEvent
Starting test: DFSREvent
......................... ANNE passed test DFSREvent
Starting test: SysVolCheck
......................... ANNE passed test SysVolCheck
Starting test: KccEvent
......................... ANNE passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... ANNE passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... ANNE passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=cec,D
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=cec,D
......................... ANNE failed test NCSecDesc
Starting test: NetLogons
......................... ANNE passed test NetLogons
Starting test: ObjectsReplicated
......................... ANNE passed test ObjectsReplicated
Starting test: Replications
......................... ANNE passed test Replications
Starting test: RidManager
......................... ANNE passed test RidManager
Starting test: Services
......................... ANNE passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00000457
Time Generated: 03/24/2011 09:16:20
Event String:
Driver Lexmark Optra S 1625 (MS) required for printer Lexmark Tech area is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/24/2011 09:16:23
Event String:
Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/24/2011 09:16:25
Event String:
Driver PrimoPDF required for printer PrimoPDF is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/24/2011 09:16:25
Event String:
Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/24/2011 09:16:26
Event String:
Driver Microsoft Office Live Meeting 2007 Document Writer Driver required for printer Microsoft Office Live Meeting 2007 Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/24/2011 09:16:28
Event String:
Driver Lexmark C532 required for printer !!server1!Lexmark C532 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/24/2011 09:16:29
Event String:
Driver Lexmark Optra S 1625 (MS) required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
......................... ANNE failed test SystemLog
Starting test: VerifyReferences
......................... ANNE passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : cec
Starting test: CheckSDRefDom
......................... cec passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... cec passed test CrossRefValidation
Running enterprise tests on : cec.local
Starting test: LocatorCheck
......................... cec.local passed test LocatorCheck
Starting test: Intersite
......................... cec.local passed test Intersite
Performing initial setup:
Trying to find home server...
Home Server = ANNE
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AN
Starting test: Connectivity
......................... ANNE passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AN
Starting test: Advertising
......................... ANNE passed test Advertising
Starting test: FrsEvent
......................... ANNE passed test FrsEvent
Starting test: DFSREvent
......................... ANNE passed test DFSREvent
Starting test: SysVolCheck
......................... ANNE passed test SysVolCheck
Starting test: KccEvent
......................... ANNE passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... ANNE passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... ANNE passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=cec,D
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=cec,D
......................... ANNE failed test NCSecDesc
Starting test: NetLogons
......................... ANNE passed test NetLogons
Starting test: ObjectsReplicated
......................... ANNE passed test ObjectsReplicated
Starting test: Replications
......................... ANNE passed test Replications
Starting test: RidManager
......................... ANNE passed test RidManager
Starting test: Services
......................... ANNE passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00000457
Time Generated: 03/24/2011 09:16:20
Event String:
Driver Lexmark Optra S 1625 (MS) required for printer Lexmark Tech area is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/24/2011 09:16:23
Event String:
Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/24/2011 09:16:25
Event String:
Driver PrimoPDF required for printer PrimoPDF is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/24/2011 09:16:25
Event String:
Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/24/2011 09:16:26
Event String:
Driver Microsoft Office Live Meeting 2007 Document Writer Driver required for printer Microsoft Office Live Meeting 2007 Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/24/2011 09:16:28
Event String:
Driver Lexmark C532 required for printer !!server1!Lexmark C532 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/24/2011 09:16:29
Event String:
Driver Lexmark Optra S 1625 (MS) required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
......................... ANNE failed test SystemLog
Starting test: VerifyReferences
......................... ANNE passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : cec
Starting test: CheckSDRefDom
......................... cec passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... cec passed test CrossRefValidation
Running enterprise tests on : cec.local
Starting test: LocatorCheck
......................... cec.local passed test LocatorCheck
Starting test: Intersite
......................... cec.local passed test Intersite
Everything looks good.
Right-click then click Run As
Right-click then click Run As
ASKER
Not sure what you mean. I get this error trying to open the policy.
Is it for this policy only?
ASKER
Yes
Is this a new domain controller? Was this GPO created on this DC?
ASKER
It is a new domain controller, a secondary server in an existing domain. The GPO was created on this domain controller by myself. I was in and out of this policy dozens of times making changes before this error occurred.
Policy is still in SYSVOl folder?
ASKER
yes
Have you tried opening from another station?
ASKER
Yes, no luck. I am assuming the policy is just corrupt at this point and that I will have to replace.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, that is what I am assuming. Thanks for your assistance along the way.
ASKER
thanks