Managing Active Directory can get complicated. Often, the native tools for managing AD are just not up to the task. The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.
Solved
Domain Administrator account. C:\> GPRESULT /R we get ERROR: Access Denied. ??
Posted on 2016-11-21
We have a Win2008R2 server giving us a headache, just started the other day, after we ran a Windows Update. Only One role on this server which is Remote Desktop Services.
We seem to now be a RESTRICTED user even though we are logging as the Domain Administrator.
My 1st hint was when running C:\> GPRESULT /R we get ERROR: Access Denied.
The related rsop.mmc also fails also "Access Denied"
Other commands return "not enough space on the disk",
such as trying to run
Lots of space 100+ GBs free on C:. Somewhere the Computer is restricted. I just can't figure how to narrow it down.
All of the issues seem related. I've seen on this for days, I sure need some fresh ideas on how to fix.
Please share some clues !
We seem to now be a RESTRICTED user even though we are logging as the Domain Administrator.
My 1st hint was when running C:\> GPRESULT /R we get ERROR: Access Denied.
The related rsop.mmc also fails also "Access Denied"
Other commands return "not enough space on the disk",
such as trying to run
C:\Windows\System32\wbem>mofcomp scersop.mof
Microsoft (R) MOF Compiler Version 6.3.9600.16384
Copyright (c) Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: scersop.mof
MOF file has been successfully parsed
Storing data in the repository...
An error occurred while opening the namespace for object 1 defined on lines 10 - 13:
Error Number: 0x80070070, Facility: Win32
Description: There is not enough space on the disk.
Compiler returned error 0x80070070
Lots of space 100+ GBs free on C:. Somewhere the Computer is restricted. I just can't figure how to narrow it down.
All of the issues seem related. I've seen on this for days, I sure need some fresh ideas on how to fix.
Please share some clues !
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2-
2
- +1
6 Comments
Active 3 days ago
I would start be uninstalling the update that caused the problem. Do yo know what it is and how to find it? If not do a system restore prior to the update.
Active today
Be aware that with UAC on, a domain admin is a normal user until he elevates.
So right click cmd.exe and select "run as administrator" and retry the gpresult/rsop.msc commands.
So right click cmd.exe and select "run as administrator" and retry the gpresult/rsop.msc commands.
Active 6 days ago
KB3159398 was the CULPRIT which was installed on the AD controllers early last week. That KB totally whacked our production RDS servers and every test and temporary RDS VM we tried at hello to the domain. Extra nasty because once the GPOs were applied it caused the target RDS Machines to be hosed badly and permanently even if we later disjoined the domain. We still don't know exactly what broke within the RDS machines. What a headache.
Our fix was to:
1) Uninstall KB3159398 from all AD controllers
2) Restore all RDS servers from backup.
That KB3159398 wasted many days for us. This KB should be used with extreme caution. The Web Link to the KB documents shows quite a bunch of stuff that you can get burned on, just like we did. Danger danger.
Our fix was to:
1) Uninstall KB3159398 from all AD controllers
2) Restore all RDS servers from backup.
That KB3159398 wasted many days for us. This KB should be used with extreme caution. The Web Link to the KB documents shows quite a bunch of stuff that you can get burned on, just like we did. Danger danger.
Active today
I think there's a lesson to be learned from this. Create a test environment to test out updates and changes before putting into production.
Featured Post
Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP, Windows Server…
- Ransomware
- Experts Exchange
- Windows XP
- Windows OS
- Windows Server 2008
- Windows Server 2003, Security
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention.
Multiple USB devices need t…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders.
Click on Start and then select Computer to view the available drives on the se…
Suggested Courses
Course of the Month5 days, 20 hours left to enroll
688 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.