Link to home
Start Free TrialLog in
Avatar of FreeRangers
FreeRangersFlag for United States of America

asked on

Can't create GPO in Windows server 2008

I have a server 2008 domain controller attached to a parent 2003 domain controller. The 2008 server is for a new remote office. I can't create group policy in the 2008 server. Here is what happens I am trying to create a policy that will push out and install a piece of software. I know that the software works because I have a similar GPO on the 2003 server that installs the software in our current office.

I create a new gpo on the 2008 server and add the software msi then close out of th gpo, it seems everything works, but if I go back into that same gpo and look at the policy I just created it is blank, it's like the settings are not being saved. I've also sometimes got an error saying "There is no software installation data object in the Active Directory" when I try to create the policy in the 2008 server.

Any ideas what is not working? Thanks,
Avatar of BCipollone
Flag of United States of America image

1) you have check the permission on the file to allow full access to the file
2) "authenticated" users have full control over the location of the .msi file both with share permissions and NTFS permissions.
3) check in your domain controller security policy if there are any policies defined that state that you cannot install .msi files across the network

Avatar of FreeRangers


Also I created a gpo on the 2003 server and put it in the same ou that I'm working with on the 2008 server, and the gpo worked on the 2003 server and was successfully replicated to the 2008 server. But I still can't create a gpo directly on the 2008 server.

I created a test gpo that would run a batch script at logon. Those settings saved, it seems to just be msi related GPOs that are having a problem.


I checked the permissions on the share folder where the msi is.
Under the sharing tab I clicked on advanced sharing, then checked off the box that says share this folder. Then I clicked on the permissions button and gave authenticated users full control. Clicked on ok.
Then I click on the security tab and gave authenticated users full control there too.
Then I went back to the sharing tab clicked on share and gave authenticated users read/write permission level. Clicked on share.

Then I clicked on the share button again(under Network file and folder sharing) to see if the changes stuck but they didn't. So I went into advanced sharing to see if the changes stuck, but they didn't. The share this folder button was still checked, but when I clicked on permissions the everyone group was there with full control, not the authenticated users group that I had added there earlier.
Avatar of BCipollone
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
The drive is set up like this:
Install folder
then the folder with the msi

The Install folder is not inheriting permissions, but the msi folder is inheriting permissions from the install
So which folder are you trying to apply the permissions to that it is not sticking?  If it is the MSI folder you should remove the inheritance and change the permissions.