As far as I can tell, we are having no problems, however when I run the Best Practices Analyzer for Active Directory Domain Services, 3 out of our 4 Domain Controllers all produce the following 2 errors:
Domain Controller <name> does not have user right "Access this computer from the network" granted to 'Builtin Administrators', 'Enterprise Domain Controllers' or 'Authenticated Users', or has the user right "Deny access to this computer from the network" assigned to either of those groups or 'Everyone'.
Domain controller <name> must have the "Enable computer and user accounts to be trusted for delegation" user right granted to the Builtin Administrators security group if domain controller <name> is used as a replication partner during a domain controller promotion.
I have reviewed the documentation on each issue, and confirmed that both the domain controller group policy and the local policy on each of our 4 DC's have the correct settings, and have confirmed that no where in any policy (that I can find) are there any deny policies for these settings.
Can anyone suggest any other reasons I might be getting these errors? Or someplace I might be forgetting to look for a deny policy?