Error trying to open Group policy Management Editor in Server 2008 R2

When trying to open and make changes to an existing group policy in Server 2008 R2, I receive  the following error. "Group Policy Error, failed to open the group policy object, you may not have appropriate rights."

I was just making some final changes to this group policy object on this new server and was about to create a backup of the settings. So, unfortunately I can't restore the policy settings from backup. I think I remember a similar issue from Serve 2003 where I was able to use volume shadow copy to restore a registry.pol or something to that effect to get this back working again, but I'm not sure.

Is there a way to fix this issue? Thanks for your assistance.
skenny10IT ManagerAsked:
Who is Participating?
 
Darius GhassemCommented:
Could be corrupt if you can't open from another workstation or DC
0
 
BawerCommented:
make sure you have enough permissions on SYSVOL folder.
0
 
ActiveDirectorymanCommented:

You must have read or write access to the gplink and gpoptions propeties on the gpo.

What account are you using to try to edit the gpo?

By default, domain admins have this right.

make sure you have read and write access to the gpo you are trying to modify.

delegating group policy
http://technet.microsoft.com/en-us/library/cc776858(WS.10).aspx
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

More Information
 
skenny10IT ManagerAuthor Commented:

The permissions are fine. I have been in and out of this policy many times as I have been creating it. I am logged onto the server as an administrator. I just received this error all of a sudden.
0
 
Darius GhassemCommented:
Run dcdiag post results
0
 
skenny10IT ManagerAuthor Commented:
Directory Server Diagnosis Performing initial setup:    Trying to find home server...    Home Server = ANNE    * Identified AD Forest.
   Done gathering initial info. Doing initial required tests    Testing server: Default-First-Site-Name\ANNE       Starting test: Connectivity          ......................... ANNE passed test Connectivity Doing primary tests    Testing server: Default-First-Site-Name\ANNE       Starting test: Advertising          ......................... ANNE passed test Advertising       Starting test: FrsEvent          ......................... ANNE passed test FrsEvent       Starting test: DFSREvent         ......................... ANNE passed test DFSREvent       Starting test: SysVolCheck          ......................... ANNE passed test SysVolCheck       Starting test: KccEvent          ......................... ANNE passed test KccEvent       Starting test: KnowsOfRoleHolders          ......................... ANNE passed test KnowsOfRoleHolders       Starting test: MachineAccount          ......................... ANNE passed test MachineAccount       Starting test: NCSecDesc          Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have              Replicating Directory Changes In Filtered Set
        access rights for the naming context:          DC=ForestDnsZones,DC=cec,DC=local
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have              Replicating Directory Changes In Filtered Set
         access rights for the naming context:          DC=DomainDnsZones,DC=cec,DC=local
         ......................... ANNE failed test NCSecDesc
      Starting test: NetLogons          ......................... ANNE passed test NetLogons       Starting test: ObjectsReplicated          ......................... ANNE passed test ObjectsReplicated       Starting test: Replications          ......................... ANNE passed test Replications       Starting test: RidManager          ......................... ANNE passed test RidManager       Starting test: Services          ......................... ANNE passed test Services       Starting test: SystemLog          An error event occurred.  EventID: 0x00000457             Time Generated: 03/19/2011   16:46:30             Event String:             Driver Lexmark Optra S 1625 (MS) required for printer Lexmark Tech area is unknown. Contact the administrator to install the driver before you log in again.          An error event occurred.  EventID: 0x00000457            Time Generated: 03/19/2011   16:46:31             Event String:             Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again.          An error event occurred.  EventID: 0x00000457             Time Generated: 03/19/2011   16:46:32             Event String:             Driver Microsoft Office Live Meeting 2007 Document Writer Driver required for printer Microsoft Office Live Meeting 2007 Document Writer is unknown. Contact the administrator to install the driver before you log in again.          An error event occurred.  EventID: 0x00000457             Time Generated: 03/19/2011   16:46:34             Event String:             Driver PrimoPDF required for printer PrimoPDF is unknown. Contact the administrator to install the driver before you log in again.          An error event occurred.  EventID: 0x00000457             Time Generated: 03/19/2011   16:46:34             Event String:             Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.          An error event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2011   16:46:35             Event String:             Driver Lexmark Optra S 1625 (MS) required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.          An error event occurred.  EventID: 0x00000457             Time Generated: 03/19/2011   16:46:39             Event String:             Driver Lexmark C532 required for printer !!server1!Lexmark C532 is unknown. Contact the administrator to install the driver before you log in again.          ......................... ANNE failed test SystemLog       Starting test: VerifyReferences          ......................... ANNE passed test VerifyReferences    Running partition tests on : ForestDnsZones       Starting test: CheckSDRefDom          ......................... ForestDnsZones passed test CheckSDRefDom       Starting test: CrossRefValidation          ......................... ForestDnsZones passed test          CrossRefValidation   Running partition tests on : DomainDnsZones       Starting test: CheckSDRefDom          ......................... DomainDnsZones passed test CheckSDRefDom       Starting test: CrossRefValidation          ......................... DomainDnsZones passed test          CrossRefValidation    Running partition tests on : Schema       Starting test: CheckSDRefDom          ......................... Schema passed test CheckSDRefDom       Starting test: CrossRefValidation          ......................... Schema passed test CrossRefValidation    Running partition tests on : Configuration       Starting test: CheckSDRefDom          ......................... Configuration passed test CheckSDRefDom       Starting test: CrossRefValidation          ......................... Configuration passed test CrossRefValidation    Running partition tests on : cec       Starting test: CheckSDRefDom          ......................... cec passed test CheckSDRefDom       Starting test: CrossRefValidation          ......................... cec passed test CrossRefValidation
   
   Running enterprise tests on : cec.local      Starting test: LocatorCheck          ......................... cec.local passed test LocatorCheck       Starting test: Intersite          ......................... cec.local passed test Intersite
0
 
Darius GhassemCommented:
dcdiag is very hard to read in that format
0
 
skenny10IT ManagerAuthor Commented:
Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = ANNE
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
  Testing server: Default-First-Site-Name\ANNE
      Starting test: Connectivity
         ......................... ANNE passed test Connectivity

Doing primary tests
 
   Testing server: Default-First-Site-Name\ANNE
      Starting test: Advertising
         ......................... ANNE passed test Advertising
      Starting test: FrsEvent
         ......................... ANNE passed test FrsEvent
      Starting test: DFSREvent
         ......................... ANNE passed test DFSREvent
      Starting test: SysVolCheck
         ......................... ANNE passed test SysVolCheck
      Starting test: KccEvent
         ......................... ANNE passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... ANNE passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... ANNE passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=cec,DC=local
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=cec,DC=local
         ......................... ANNE failed test NCSecDesc

      Starting test: NetLogons
        ......................... ANNE passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... ANNE passed test ObjectsReplicated
      Starting test: Replications
         ......................... ANNE passed test Replications
      Starting test: RidManager
         ......................... ANNE passed test RidManager
      Starting test: Services
         ......................... ANNE passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x00000457
            Time Generated: 03/24/2011   09:16:20
            Event String:
            Driver Lexmark Optra S 1625 (MS) required for printer Lexmark Tech area is unknown. Contact the administrator to install the driver before you log in again.
         An error event occurred.  EventID: 0x00000457
           Time Generated: 03/24/2011   09:16:23
            Event String:
            Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 03/24/2011   09:16:25
            Event String:
            Driver PrimoPDF required for printer PrimoPDF is unknown. Contact the administrator to install the driver before you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 03/24/2011   09:16:25
           Event String:
            Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 03/24/2011   09:16:26
            Event String:
            Driver Microsoft Office Live Meeting 2007 Document Writer Driver required for printer Microsoft Office Live Meeting 2007 Document Writer is unknown. Contact the administrator to install the driver before you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 03/24/2011   09:16:28
            Event String:
            Driver Lexmark C532 required for printer !!server1!Lexmark C532 is unknown. Contact the administrator to install the driver before you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 03/24/2011   09:16:29
            Event String:
            Driver Lexmark Optra S 1625 (MS) required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
        ......................... ANNE failed test SystemLog
      Starting test: VerifyReferences
         ......................... ANNE passed test VerifyReferences
 
   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
 
   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
   
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
        ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
 
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
 
   Running partition tests on : cec
      Starting test: CheckSDRefDom
         ......................... cec passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... cec passed test CrossRefValidation
 
   Running enterprise tests on : cec.local
      Starting test: LocatorCheck
         ......................... cec.local passed test LocatorCheck
      Starting test: Intersite
         ......................... cec.local passed test Intersite

0
 
Darius GhassemCommented:
Everything looks good.

Right-click then click Run As
0
 
skenny10IT ManagerAuthor Commented:
Not sure what you mean. I get this error trying to open the policy.
0
 
Darius GhassemCommented:
Is it for this policy only?
0
 
skenny10IT ManagerAuthor Commented:
Yes
0
 
Darius GhassemCommented:
Is this a new domain controller? Was this GPO created on this DC?
0
 
skenny10IT ManagerAuthor Commented:
It is a new domain controller, a secondary server in an existing domain. The GPO was created on this domain controller by myself. I was in and out of this policy dozens of times making changes before this error occurred.
0
 
Darius GhassemCommented:
Policy is still in SYSVOl folder?
0
 
skenny10IT ManagerAuthor Commented:
yes
0
 
Darius GhassemCommented:
Have you tried opening from another station?
0
 
skenny10IT ManagerAuthor Commented:
Yes, no luck. I am assuming the policy is just corrupt at this point and that I will have to replace.
0
 
skenny10IT ManagerAuthor Commented:
Yes, that is what I am assuming. Thanks for your assistance along the way.
0
 
skenny10IT ManagerAuthor Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.

Advertise Here