Not able to edit Group Policy Object in Server 2008 with error "Access Denied" using Domain Admin Account.

Hi,

i am not able to edit Default domain Controller Policy getting error ("Access Denied" failed to open group policy object the system cannot find the path specified.

some of policy i am able to Edit but two policies i am not able to edit one of them is domain controller policy.

please help me i tried to search on Internet but i did not get any help or article for Windows Server 2008. i tried to apply the solution which was applicable for 2003 server but was unsuccessful link is below here:

http://support.microsoft.com/kb/294257

i have full access on SYSVOl.


Regards
Proval
ProValAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joseph MoodyBlogger and wearer of all hats.Commented:
Log onto a server as the domain Administrator.

Open up GPMC and go to Group Policy Objects. Then left click on your GPO giving the accessed denied message. Click on delegation and remove all security groups. Then add back Domain admins (giving full control).

If this works, you can then add back the security groups/users needing read/apply GPO
0
motnahp00Commented:
Do you have appropriate permissions under the delegation tab for your applicable GPO?
0
AnuroopsunddCommented:
try to disable antivirus or any other local security application and try again...
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Darius GhassemCommented:
The GPO could be corrupt as well.
0
motnahp00Commented:
Good point dariusg.

Run GPOTOOL to verify none of your GPOs are corrupted.
0
ProValAuthor Commented:
Hi All,

Thanks for Help.

but i did not get solution. i removed all delegation Security groups from the Group policy Object which having Issue but still same error.

also i run the GPOTOOL and all object showing ok. i have attached the result.

also if anyone can please let me know how can i recreate Default Domain Controllers policy as i am not able to edit the same.

one more thing i wanted to add the DC has SQL Server 2008R2 running.

Thanks
Proval
GPOTOOLS-Result.JPG
0
ProValAuthor Commented:
Hi All,

Thanks for Help.

but i did not get solution. i removed all delegation Security groups from the Group policy Object which having Issue but still same error.

also i run the GPOTOOL and all object showing ok. i have attached the result.

also if anyone can please let me know how can i recreate Default Domain Controllers policy as i am not able to edit the same.

one more thing i wanted to add the DC has SQL Server 2008R2 running.

Thanks
Proval
0
Joseph MoodyBlogger and wearer of all hats.Commented:
0
Darius GhassemCommented:
DO NOT add AD Services to a SQL Server
0
ProValAuthor Commented:
HI All,

Thanks for your Support.

it seems Object was corrupt.
i have restored Group Policy from Old SSD backup and now its working fine..

Regards
Proval
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ProValAuthor Commented:
As GPO was corrupt restored from old SSD backup now working fine.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.