GPMC "Access Denied" for Administrator

Printable View

8th February 2006, 11:11 AM
Gatt

GPMC "Access Denied" for Administrator

Trying to edit group policies on my PDC, (Win 2003 Ent) and whn I open up any GPO in the GPMC I get an Access Denied error

Can access it fine on my BDC, using the Administrator account - just not the PDC!

HELP!!!
8th February 2006, 11:20 AM
StewartKnight

Re: GPMC "Access Denied" for Administrator

Perhaps you need to run dcpromo
8th February 2006, 11:22 AM
ChrisH

Re: GPMC "Access Denied" for Administrator

Quote:

Originally Posted by StewartKnight

Perhaps you need to run dcpromo

No it should run from any PC with admin rights.
8th February 2006, 11:27 AM
Dos_Box

Re: GPMC "Access Denied" for Administrator

I was going to suggest that the default domain policy has been changed (been there done that) and policies enforced.
8th February 2006, 11:33 AM
Gatt

Re: GPMC "Access Denied" for Administrator

Quote:

Originally Posted by Dos_Box

I was going to suggest that the default domain policy has been changed (been there done that) and policies enforced.

What settings would need to hav been changed - it had been editted but im sure it was working afte the changes had been made
8th February 2006, 11:36 AM
ChrisH

Re: GPMC "Access Denied" for Administrator

A good rule of thumb as well is not to edit the default domain policy and instead put another one at its level and edit that. That way if you mess it up its not a complete tradgedy. There is a tool to reset it somewhere as well.
8th February 2006, 11:40 AM
Geoff

Re: GPMC "Access Denied" for Administrator

Also your DC could have broken. See if any services have failed. Netlogon is a favorite for this. :)
8th February 2006, 11:43 AM
Gatt

Re: GPMC "Access Denied" for Administrator

just tried again and when it throws up the insuficient rights error it also says about an "incorrect function"
8th February 2006, 01:45 PM
m25man

Re: GPMC "Access Denied" for Administrator

Policies are stored in the sysvol which is replicated to each DC.
If you can access them on one DC and not the other then replication must have failed!

Check the system clocks on the Dc's make sure they are in sync.
Check your DNS functions "critical" if you have DNS on more than one server ensure the are replicating correctly.
If you run DNS on two DC's then ensure they use each other for DNS first, this enables a DC to have access to a working DNS before some of it's local services start up before the local DNS comes on-line.

Watch out for Multi Homed DC's runing two NIC's in a DC is a disaster unless you have them configured correctly.

Do as the other posts say never edit the default policy, create a second and link it to the root of the forest.

Focus on the DNS and replication issues first if they exist this will be why you can't acces the policy.

Use the backup tool in GPMC regularly to make copies of your policies.
8th February 2006, 06:25 PM
tarquel

Re: GPMC "Access Denied" for Administrator

I've managed to get out of this before with... safe mode - who'd have thought it - after slightly balls-ing up the GP one time - a time never to be repeated might i add, but i was learning GP and AD at the time lol

This is going back about 1.5 years so i cant say for sure if that will work - but its another thing to try.

Regards
Nath