Hello, I'm running into a strange issue where I am trying to add a group policy object in Windows Server 2008 R2 as the domain admnistrator, but it fails with an access denied message. I also tried modifying an existing GPO to see what happens, and get the same error. We have two DCs, and the error happens no matter which one I try it from. I have verified the following so far based on what I've read about this issue:
- Delegation permissions for the domain in Group Policy is set to "Allow" on all items for the Domain Admins group.
- File and folder permissions on the SYSVOL folder and subfolders are set to "Full Control" for Domain Admins.
- File replication is working between both DCs.
- I've adjusted our antivirus (Webroot) to try and prevent it from interfering with SYSVOL.
At this point, I'm not sure what else I can check to try and get this working.