Jump to content

Group Policy


Recommended Posts

anyone got a clue as to why one wouldnt be able to access the group policy for the domain controller or the domain security. I just keep getting an error popup saying Im not authorized when Im logged in as admin Ive tried logging in as a another user with admin rights but still no luck everthings running great Ive got an internal domain with 4 other computers joined to the domain running winroute as a proxy for internet conectivity for the domain. On the domain itself I set it up to forward requests to my isp then removed all the root hints seeing as how its a internal domain then raised the function to server 2003 seeing as Im only running xp clients and dont need connectivity to other domain controllers. I checked my log files and the only thing that keeps popping up a "Userenv" Event Id 1030 and 1058 stating the obvious that it cant query the GPO.

anyone with a clue let me know i would really like to buckle down my server through the group policy.

Link to comment
Share on other sites

I know this sounds silly and really doesnt make much sense because you would think MS would have gotten away from this by now but....

do you have the TCP/IP NetBIOS Helper service disabled and/or not running on the Domain Controller?

You will run into many group policy, active directory problems if this service is disabled on the DC

Link to comment
Share on other sites

When you say "access group policy", exactly what do you mean and from what computer (DC or client)? How often do you see these errors in the logs? Do they occur at regular intervals, and if so, what is the interval?

Have you applied any security templates to these systems or to the domain?

I once had the same set of symptoms and it wound up being due to MupCache needing to be purged. You might need to purge MupCache, which is done as follows:

1. If you have NOT already installed the Windows Server 2003 Support Tools, install them from the \SUPPORT\TOOLS\SUPTOOLS.MSI

file of the Windows Server 2003 CD-ROM.

2. Start / Run / CMD.EXE / OK.

3. Type dfsutil /PurgeMupCache and press Enter.

If that doesn't fix it, then most of the time it traces back to DNS problems. Download dcdiag and netdiag from Microsoft and install them on your DC and run them. Any errors of note?

Confirm that the computer accounts have at least read access to SYSVOL and the folder where the GPT part of the GPO is located (both NTFS and share permissions)

- Ravashaak

Edited by ravashaak
Link to comment
Share on other sites

Im referring to be able to use/access the "Domain Controller Security Policy," and "Domain Security Policy" within the Administrative Tools panels of the Control Panel of the domain controller itself. Im seeing the errors come up up about every 5 minutes. I applied some configurations to the systems and the domain however Im unable to get back back in. Ill give that df utilty deal a shot see what happens. Will let you know how it goes.

Thanx for the input though ....

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...