Avatar of FreeRangers
Flag for United States of America asked on

Can't create GPO in Windows server 2008

I have a server 2008 domain controller attached to a parent 2003 domain controller. The 2008 server is for a new remote office. I can't create group policy in the 2008 server. Here is what happens I am trying to create a policy that will push out and install a piece of software. I know that the software works because I have a similar GPO on the 2003 server that installs the software in our current office.

I create a new gpo on the 2008 server and add the software msi then close out of th gpo, it seems everything works, but if I go back into that same gpo and look at the policy I just created it is blank, it's like the settings are not being saved. I've also sometimes got an error saying "There is no software installation data object in the Active Directory" when I try to create the policy in the 2008 server.

Any ideas what is not working? Thanks,
Windows Server 2008Active Directory

Avatar of undefined
Last Comment

8/22/2022 - Mon

1) you have check the permission on the file to allow full access to the file
2) "authenticated" users have full control over the location of the .msi file both with share permissions and NTFS permissions.
3) check in your domain controller security policy if there are any policies defined that state that you cannot install .msi files across the network

resource: http://x1domain.weebly.com/3/post/2010/03/deploy-software-via-group-policy-windows-server-20032008.html

Also I created a gpo on the 2003 server and put it in the same ou that I'm working with on the 2008 server, and the gpo worked on the 2003 server and was successfully replicated to the 2008 server. But I still can't create a gpo directly on the 2008 server.


I created a test gpo that would run a batch script at logon. Those settings saved, it seems to just be msi related GPOs that are having a problem.


I checked the permissions on the share folder where the msi is.
Under the sharing tab I clicked on advanced sharing, then checked off the box that says share this folder. Then I clicked on the permissions button and gave authenticated users full control. Clicked on ok.
Then I click on the security tab and gave authenticated users full control there too.
Then I went back to the sharing tab clicked on share and gave authenticated users read/write permission level. Clicked on share.

Then I clicked on the share button again(under Network file and folder sharing) to see if the changes stuck but they didn't. So I went into advanced sharing to see if the changes stuck, but they didn't. The share this folder button was still checked, but when I clicked on permissions the everyone group was there with full control, not the authenticated users group that I had added there earlier.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

The drive is set up like this:
Install folder
then the folder with the msi

The Install folder is not inheriting permissions, but the msi folder is inheriting permissions from the install

So which folder are you trying to apply the permissions to that it is not sticking?  If it is the MSI folder you should remove the inheritance and change the permissions.