Domain Security Policy Issues

G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Hello,

I have a really interesting issue that my DC contracted a while back that
I'm still having issues with. I was getting two seperate errors in my
Application Log:

-----------------------------------------------------------------------
1) Source: SceCli | Error ID: 1001
Message: Security POlicy connot be propogated. Cannot access the
template. Error code = 3

** After this message it gives the path to the GptTmpl.inf file in my
Sysvol
directory.

2) Source: Userenv | Error ID: 1000
Message: The Group Policy client-side extension Security was passed
flags
(1) and Returned a failure status code of (3).
------------------------------------------------------------------------

These errors both came five (5) minutes apart from each other. Reading up on
these errors and the solutions of others; I restored the Sysvol folder from a
backup to an alternative location and then was going to copy it over to the
correct location.

The funny thing with this is that as soon as I restored the Sysvol directory
to the correct location the DC automagically stated using that Sysvol
directory at that alternative location. This of course lead me to believe
this sutuation is much worse then a simple restore.

My next course of action (after pulling clumps of hair out) was to apply
SP4. This stopped the errors cold. So I was patting myself on the back for a
couple of months thinking everything was okay.

Recently I've needed to alter my Domain Security Policy (DSP) and when I run
the DSP snapin I get the error:

-----------------------------------------------------------------------
Falied to open the Group Policy Object. You may not have appropriate rights.


Details:
The system cannot find the path specified
------------------------------------------------------------------------

I've tried to run this under my personal account and the domain admin
account . Since I am a member of the Enterprise Admins I thought for sure
that it would allow me in, but that's not the case. Additionally I am getting
errors on my other servers stating :

------------------------------------------------------------------------
Source: Userenv | Event ID: 1030

Message: Windows cannot query for the list of Group Policy objects. Check
the event log for possible messages previously logged by the policy engine
that describes the reason for this.
------------------------------------------------------------------------

I ahve checked the event logs on the DC but nothing that pertains to the
GPO's is listed.

I'm not sure where to go with this. Anyone have any suggestions?

Thanks!
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

circa Sun, 12 Sep 2004 10:39:02 -0700, in
microsoft.public.win2000.security, =?Utf-8?B?RGFsZQ==?=
(Dale@discussions.microsoft.com) said,
> I'm not sure where to go with this. Anyone have any suggestions?
>
What are the permissions on Sysvol?

Laura
--
Experience is the name every one gives to their mistakes.
-Oscar Wilde
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

> What are the permissions on Sysvol?

Administrators: Full
Authenticated Users: Read & Execute, List Folder Contents, Read
Creator Owner: None
Server Operators: Modify, Read & Execute, List Folder Contents, Read, Write
System: Full