Solved

Not able to edit Group Policy Object in Server 2008 with error "Access Denied" using Domain Admin Account.

Posted on 2012-04-10
11
2,919 Views
Last Modified: 2012-04-16
Hi,

i am not able to edit Default domain Controller Policy getting error ("Access Denied" failed to open group policy object the system cannot find the path specified.

some of policy i am able to Edit but two policies i am not able to edit one of them is domain controller policy.

please help me i tried to search on Internet but i did not get any help or article for Windows Server 2008. i tried to apply the solution which was applicable for 2003 server but was unsuccessful link is below here:

http://support.microsoft.com/kb/294257

i have full access on SYSVOl.


Regards
Proval
0
Comment
Question by:ProVal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 37828564
Log onto a server as the domain Administrator.

Open up GPMC and go to Group Policy Objects. Then left click on your GPO giving the accessed denied message. Click on delegation and remove all security groups. Then add back Domain admins (giving full control).

If this works, you can then add back the security groups/users needing read/apply GPO
0
 
LVL 21

Expert Comment

by:motnahp00
ID: 37828568
Do you have appropriate permissions under the delegation tab for your applicable GPO?
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37828572
try to disable antivirus or any other local security application and try again...
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37828646
The GPO could be corrupt as well.
0
 
LVL 21

Expert Comment

by:motnahp00
ID: 37828660
Good point dariusg.

Run GPOTOOL to verify none of your GPOs are corrupted.
0
 

Author Comment

by:ProVal
ID: 37831544
Hi All,

Thanks for Help.

but i did not get solution. i removed all delegation Security groups from the Group policy Object which having Issue but still same error.

also i run the GPOTOOL and all object showing ok. i have attached the result.

also if anyone can please let me know how can i recreate Default Domain Controllers policy as i am not able to edit the same.

one more thing i wanted to add the DC has SQL Server 2008R2 running.

Thanks
Proval
GPOTOOLS-Result.JPG
0
 

Author Comment

by:ProVal
ID: 37831546
Hi All,

Thanks for Help.

but i did not get solution. i removed all delegation Security groups from the Group policy Object which having Issue but still same error.

also i run the GPOTOOL and all object showing ok. i have attached the result.

also if anyone can please let me know how can i recreate Default Domain Controllers policy as i am not able to edit the same.

one more thing i wanted to add the DC has SQL Server 2008R2 running.

Thanks
Proval
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 37832090
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37832492
DO NOT add AD Services to a SQL Server
0
 

Accepted Solution

by:
ProVal earned 0 total points
ID: 37833490
HI All,

Thanks for your Support.

it seems Object was corrupt.
i have restored Group Policy from Old SSD backup and now its working fine..

Regards
Proval
0
 

Author Closing Comment

by:ProVal
ID: 37850333
As GPO was corrupt restored from old SSD backup now working fine.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question