Not able to edit Group Policy Objects,

Discussion in 'Active Directory' started by Nevin Swan, Jun 27, 2005.

  1. Nevin Swan

    Nevin Swan Guest

    Hello,

    I am unable to edit any Group Policy Objects in my Windows 2000 Domain, the
    error i get is as follows:

    "Failed to open the Group Policy Object. You may not have the appropriate
    rights.

    Details:
    The system could not find the path specified."

    I have 3 domain controllers, all of which have intact SYSVOL shares. I can
    access the other 2 domain controllers SYSVOL share from each of the servers.

    I have checked DNS, which is installed on 2 of the three servers and all
    seems perfect.

    DFS is enabled and replication is happening correctly.

    DCDiag and NetDiag both return no errors, all tests pass successfully.

    I have also run GPOTOOL which reports all of my GPO's to be functional.

    Now i am stuck, any help would be appreciated.

    Thank you.
    Nevin.
     
    Nevin Swan, Jun 27, 2005
    #1
    1. Advertisements

  2. Nevin Swan

    Nevin Swan Guest

    Sorry, just to clarify, I should also mention that the group policies are not
    being applied to any clients either.
     
    Nevin Swan, Jun 27, 2005
    #2
    1. Advertisements

  3. Nevin,
    Reading about it, looks like some issue with DNS. If you cannot create new
    GPO's and existents GPO's are not being applied, the first step is to check
    if DNS is working (forward zones, reverses zones, SRV records, client
    configurations, server configurations, etc)
     
    Danilo Bordini [MVP], Jun 27, 2005
    #3
  4. Nevin Swan

    Nevin Swan Guest

    That's what i thought to begin with.

    However i have no event viewer errors for DNS being logged on either of my
    DNS servers and i can resolve the domain from any computers, the DNS tests
    pass in DCDIAG etc...

    So i am at a loss where to go from here?
     
    Nevin Swan, Jun 28, 2005
    #4
  5. Nevin Swan

    Damian Jones Guest

    I have the same problem on my 2k3 server network. Is there a way to rebuild
    the Group Policy Object? I didn't have many changes, but I need to make some
    now.

    Thanks,
    Damian
     
    Damian Jones, Jul 15, 2005
    #5
  6. Nevin Swan

    Nevin Swan Guest

    Hi Damian,

    I opened a support incident with Microsoft a couple of weeks ago and we are
    still working on trying to resolve it.

    I will post here with any results that come from it.
     
    Nevin Swan, Jul 20, 2005
    #6
  7. Nevin Swan

    Wade Guest

    Nevin,

    Check permissions.

    Make sure the client has "read" permissions so that the group policy can
    apply to them. Also make sure whatever account your trying to modify the
    GPOs with has permission to do so. For example, use a domain admin or
    enterprise admin account to make sure have appropriate permission to modify
    the GPOs; unless in your forest / domain the domain admins and enterprise
    admin groups have been removed from their default locations.

    Wade
     
    Wade, Jul 20, 2005
    #7
  8. Nevin Swan

    Nevin Swan Guest

    After 4 weeks of testing and diagnostics with Microsoft, and an additional 3
    weeks previous of my own, we have solved the problem.

    IBM Director when installed and bound to "All interfaces" on a server that
    has more than one network interface will stop Group Policies from applying,
    FRS will stop functioning, and DFS shares will not be visible (i.e.
    \\fqdn.com\sysvol and \\fqdn.com\netlogon etc..)

    Uninstalling Director will fix the problem, installing it bound only to the
    local interface answering domain traffic should also work although i have not
    re-installed yet.

    Thanks IBM.
     
    Nevin Swan, Jul 26, 2005
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.