Re: Security Policy Is not opening.
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/30/05
- Next message: Steven L Umbach: "Re: SS.exe"
- Previous message: X-No-archive: yes: "Re: Event ID 2019"
- Next in thread: Varadarajam: "Re: Security Policy Is not opening."
- Reply: Varadarajam: "Re: Security Policy Is not opening."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 30 Apr 2005 12:17:40 -0500
Well it certainly looks like you have a problem with the two default
policies for domain and domain controller. One solution could be to an
authoritative restore of Active Directory from a System State backup from a
time before this problem occurred. if it is a fairly recent problem then
that may be a good solution assuming you have the System State backups.
Another possibility that I can think of is to use a free tool from Microsoft
to rebuild those two policies called RecreateDefpol.EX. The link for it is
below and be sure to read the instructions and warnings. That is what I
would try. You may however want to post in the Active Directory newsgroup to
see if they have any further suggestions or alternatives. --- Steve
"Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
news:68CA3690-3D4C-4899-9AEA-0A5CCAE1F21B@microsoft.com...
> Hi Steven
>
> Thanks for your reply. Actually we checked for that policy which u
> mentioned
> previously. Actually we dint find that policy in the Domain Controllers
> Sysvol folder. If we try to change the settings of Default Domain Policy
> properties also its saying u cannot access that file. We ran GPOTool also.
> It
> has given some errors on this Default Domain Policy. I am sending that
> report
> with this mail. Pls look into it and give me the suggestion on this. Is it
> possible to create that Domain Default Policy. If its possible pls give me
> the clear procedure for that. Waiting for your reply. Pls find the GPO
> Report.
> This is the report we got it when we ran GPOTool.
>
> Domain: sprosys.com
> Validating DCs...
> spro.sprosys.com: OK
> softpro.sprosys.com: OK
> Available DCs:
> spro.sprosys.com
> softpro.sprosys.com
> Searching for policies...
> Found 7 policies
> ============================================================
> Policy {0196EEA9-48D4-480E-8961-2E5E2C35D891}
> Policy OK
> Details:
> ------------------------------------------------------------
> DC: spro.sprosys.com
> Friendly name: AccountTracking
> Created: 4/26/2005 6:22:38 AM
> Changed: 4/28/2005 10:05:15 AM
> DS version: 0(user) 0(machine)
> Sysvol version: 0(user) 0(machine)
> Flags: 0
> User extensions: not found
> Machine extensions: not found
> Functionality version: 2
> ------------------------------------------------------------
> ------------------------------------------------------------
> DC: softpro.sprosys.com
> Friendly name: AccountTracking
> Created: 4/26/2005 6:22:38 AM
> Changed: 4/28/2005 10:01:39 AM
> DS version: 0(user) 0(machine)
> Sysvol version: 0(user) 0(machine)
> Flags: 0
> User extensions: not found
> Machine extensions: not found
> Functionality version: 2
> ------------------------------------------------------------
> ============================================================
> Policy {07DDE52B-4D39-4007-BB66-B37887143BE7}
> Policy OK
> Details:
> ------------------------------------------------------------
> DC: spro.sprosys.com
> Friendly name: Terminal
> Created: 2/28/2005 2:24:50 PM
> Changed: 4/28/2005 10:05:15 AM
> DS version: 33(user) 3(machine)
> Sysvol version: 33(user) 3(machine)
> Flags: 0
> User extensions:
> [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> Machine extensions:
> [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]
> Functionality version: 2
> ------------------------------------------------------------
> ------------------------------------------------------------
> DC: softpro.sprosys.com
> Friendly name: Terminal
> Created: 2/28/2005 2:24:50 PM
> Changed: 4/28/2005 10:01:29 AM
> DS version: 33(user) 3(machine)
> Sysvol version: 33(user) 3(machine)
> Flags: 0
> User extensions:
> [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> Machine extensions:
> [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]
> Functionality version: 2
> ------------------------------------------------------------
> ============================================================
> Policy {277C0E32-FC88-483F-BD63-EDA7DBA00770}
> Policy OK
> Details:
> ------------------------------------------------------------
> DC: spro.sprosys.com
> Friendly name: Terminal
> Created: 2/28/2005 2:23:24 PM
> Changed: 4/28/2005 10:05:15 AM
> DS version: 0(user) 0(machine)
> Sysvol version: 0(user) 0(machine)
> Flags: 0
> User extensions: not found
> Machine extensions: not found
> Functionality version: 2
> ------------------------------------------------------------
> ------------------------------------------------------------
> DC: softpro.sprosys.com
> Friendly name: Terminal
> Created: 2/28/2005 2:23:24 PM
> Changed: 4/28/2005 10:01:22 AM
> DS version: 0(user) 0(machine)
> Sysvol version: 0(user) 0(machine)
> Flags: 0
> User extensions: not found
> Machine extensions: not found
> Functionality version: 2
> ------------------------------------------------------------
> ============================================================
> Policy {31B2F340-016D-11D2-945F-00C04FB984F9}
> Error: Cannot access
> \\spro.sprosys.com\sysvol\sprosys.com\policies\{31B2F340-016D-11D2-945F-00C04FB984F9},
> error 2
> Error: Cannot access
> \\softpro.sprosys.com\sysvol\sprosys.com\policies\{31B2F340-016D-11D2-945F-00C04FB984F9},
> error 2
> Details:
> ------------------------------------------------------------
> DC: spro.sprosys.com
> Friendly name: Default Domain Policy
> Created: 10/12/2004 4:37:20 PM
> Changed: 4/30/2005 7:28:50 AM
> DS version: 1(user) 3(machine)
> Sysvol version: not found
> Flags: 0
> User extensions:
> [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}]
> Machine extensions:
> [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
> Functionality version: 2
> ------------------------------------------------------------
> ------------------------------------------------------------
> DC: softpro.sprosys.com
> Friendly name: Default Domain Policy
> Created: 10/12/2004 4:37:20 PM
> Changed: 4/30/2005 7:29:56 AM
> DS version: 1(user) 3(machine)
> Sysvol version: not found
> Flags: 0
> User extensions:
> [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}]
> Machine extensions:
> [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
> Functionality version: 2
> ------------------------------------------------------------
> ============================================================
> Policy {5176A5A6-48DD-4A96-8405-A815C10B7EA8}
> Policy OK
> Details:
> ------------------------------------------------------------
> DC: spro.sprosys.com
> Friendly name: terminal
> Created: 2/28/2005 12:22:15 PM
> Changed: 4/28/2005 10:05:15 AM
> DS version: 1(user) 0(machine)
> Sysvol version: 1(user) 0(machine)
> Flags: 0
> User extensions:
> [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> Machine extensions: not found
> Functionality version: 2
> ------------------------------------------------------------
> ------------------------------------------------------------
> DC: softpro.sprosys.com
> Friendly name: terminal
> Created: 2/28/2005 12:22:15 PM
> Changed: 4/28/2005 10:01:08 AM
> DS version: 1(user) 0(machine)
> Sysvol version: 1(user) 0(machine)
> Flags: 0
> User extensions:
> [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> Machine extensions: not found
> Functionality version: 2
> ------------------------------------------------------------
> ============================================================
> Policy {6AC1786C-016F-11D2-945F-00C04FB984F9}
> Error: Cannot access
> \\spro.sprosys.com\sysvol\sprosys.com\policies\{6AC1786C-016F-11D2-945F-00C04FB984F9},
> error 2
> Error: Cannot access
> \\softpro.sprosys.com\sysvol\sprosys.com\policies\{6AC1786C-016F-11D2-945F-00C04FB984F9},
> error 2
> Details:
> ------------------------------------------------------------
> DC: spro.sprosys.com
> Friendly name: Default Domain Controllers Policy
> Created: 10/12/2004 4:37:20 PM
> Changed: 4/28/2005 10:05:15 AM
> DS version: 0(user) 4(machine)
> Sysvol version: not found
> Flags: 0
> User extensions: not found
> Machine extensions:
> [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> Functionality version: 2
> ------------------------------------------------------------
> ------------------------------------------------------------
> DC: softpro.sprosys.com
> Friendly name: Default Domain Controllers Policy
> Created: 10/12/2004 4:37:20 PM
> Changed: 4/28/2005 10:01:01 AM
> DS version: 0(user) 4(machine)
> Sysvol version: not found
> Flags: 0
> User extensions: not found
> Machine extensions:
> [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> Functionality version: 2
> ------------------------------------------------------------
> ============================================================
> Policy {E3668F2C-D789-4A77-822D-DEABB4B9A657}
> Policy OK
> Details:
> ------------------------------------------------------------
> DC: spro.sprosys.com
> Friendly name: New Group Policy Object
> Created: 4/27/2005 3:54:32 AM
> Changed: 4/28/2005 10:05:15 AM
> DS version: 0(user) 34(machine)
> Sysvol version: 0(user) 34(machine)
> Flags: 0
> User extensions: not found
> Machine extensions:
> [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> Functionality version: 2
> ------------------------------------------------------------
> ------------------------------------------------------------
> DC: softpro.sprosys.com
> Friendly name: New Group Policy Object
> Created: 4/27/2005 3:54:32 AM
> Changed: 4/28/2005 10:00:51 AM
> DS version: 0(user) 34(machine)
> Sysvol version: 0(user) 34(machine)
> Flags: 0
> User extensions: not found
> Machine extensions:
> [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> Functionality version: 2
> ------------------------------------------------------------
>
> Errors found
>
> Thanks and Regards
> Rajam.
>
>
> "Steven L Umbach" wrote:
>
>> Well good to hear that your dns seems to working correctly. See if
>> anything
>> unusual shows in the application or system logs in Event Viewer and try
>> accessing the sysvol share as I explained before to see first if you can
>> access it and then if you can try to navigate to those policies via
>> domain
>> name\policies\31B2F....\machine\Microsoft\Windows NT\SecEdit where you
>> should see and be able to open the GptTmpl.inf file there. The policy
>> starting 31B2F.... is the default domain Group Policy. Also try running
>> the
>> support tool gpotool to see if it shows at least two Group Policies and
>> if
>> any problems are reported as far as version numbers. Another thing to
>> check
>> is to Use Active Directory Users and Computers. Then find your domain,
>> right
>> click and select properties/Group Policy where you should see default
>> domain
>> policy. For it select properties/security to make sure that domain admins
>> have necessary permissions which need to be at least read and write to
>> edit
>> the Group Policy. Verify that domain admins global group is a member of
>> the
>> administrators group and that you are logged on as a member of the domain
>> admins group. --- Steve
>>
>>
>> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
>> news:B72B0975-D61E-4826-93EA-BBDECB3FFE11@microsoft.com...
>> > Hi Steven
>> >
>> > Thanx for your kind suggestion. But we tried Netdiag and Dcdiag tools.
>> > But
>> > we couldn't find any problems in it. We are not using ISP IP as DNS
>> > server
>> > address. What we are suspecting is might be some policies are applied
>> > on
>> > Administrator account. Pls kindly let me know is there any other
>> > solution
>> > to
>> > opening Security Policies like Domain Security Policy and Domain
>> > Controller
>> > Security Policy in Domain Controller or Additional Domain Controller.
>> > Waiting for your reply.
>> >
>> > Thanks and Regards
>> > Rajam
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> That could be a dns problem or a problem with the existence of the
>> >> sysvol
>> >> share or permissions for it. From any domain computer you should be
>> >> able
>> >> to
>> >> access the sysvol share by entering in the run box
>> >> \\domaincontrollername\sysvol. Run the support tools netdiag and
>> >> dcdiag
>> >> on
>> >> the domain controller looking for pertinent problems and also check
>> >> Event
>> >> Viewer for Event ID's than may detail a related problem. Support tools
>> >> are
>> >> on the install disk in the support/tools folder. See the link below on
>> >> dns
>> >> to make sure your dns is correctly configured for the domain and NEVER
>> >> list
>> >> an ISP dns server as a preferred dns server in tcp/ip properties of
>> >> any
>> >> domain computer or computer you are trying to join to the domain. ---
>> >> Steve
>> >>
>> >> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382
>> >>
>> >> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
>> >> news:AF5B03FD-BFDF-4BCF-8150-8C514F1F88AE@microsoft.com...
>> >> > Hi
>> >> >
>> >> > I have Win2000 Domain Controller logged in as domain administrators.
>> >> >
>> >> > Problem is : I could not able to open Domain Security Policy or
>> >> > Domain
>> >> > Controller Security Policy. We would like to apply some policies.
>> >> > But
>> >> > Domain
>> >> > Default Policy Editor is not opening at all.
>> >> >
>> >> > Its showing a message like "you dont have appropriate permissions.
>> >> > Details : The System Cannot find path." That is the message i m
>> >> > getting
>> >> > whenever i tried to open Domain Security Policy and Domain Security
>> >> > Policy.
>> >> >
>> >> > Please help me in this.
>> >> >
>> >> > Thanks and Regards
>> >> > Rajam.
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>
- Next message: Steven L Umbach: "Re: SS.exe"
- Previous message: X-No-archive: yes: "Re: Event ID 2019"
- Next in thread: Varadarajam: "Re: Security Policy Is not opening."
- Reply: Varadarajam: "Re: Security Policy Is not opening."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
