Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Shaun E on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Group Policy Editor display problem

Status
Not open for further replies.
PatWilson

PatWilson

Technical User
Jan 13, 2006
5
CA
We recently (January) upgraded our Windows 2000 Active Directory to Windows 2003 Active Directory. We are now experiencing a peculiar display problem.

I am looking at a Group Policy object that we have enabled to perform a folder redirection. In each case described below, I am using the Group Policy Object editor launched from Domain Users and Computers while logged in to a domain controller. (Domain User & Computers -> right-click OU -> properties -> click 'Group Policy' tab -> highlight the defined Group Policy Object)

When I look at a GPO using the GPO Editor on the sole remaining Windows 2000 domain controller (kept due to Terminal Services Licensing), I can edit/view the policy correctly. The properties indicate there is 0 computer and 1 user revision. When I edit the GPO, I can see that the redirection is entered correctly as an advanced setting.

When I look at the GPO using the GPO Editor on on of our brand new Windows 2003 domain controllers, the properties page shows that there is 0 computer and 1 user revision. When I edit the GPO, the redirection shows as not-defined.

Also, using the GPMC on an XP SP2 workstation reports the redirection as not-defined as well.

The GPO's are working correctly, but this gave our policy administrator quite a scare last week.

Any suggestions?
 
Sort by date Sort by votes
Force an AD Sync between the two servers. Make sure there are no replication problems. I'd also install GPMC on the 2003 servers.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
I verified there are no replication errors. I also connected to each other domain controller (in AD Users & Computers -> right-click -> connect to domain controller).

I ensured the WIndows 2000 server was connected to each 2003 domain controller, and individually verified the GPO's were correct (I did this last week to resucitate our policy administrator). I also tried the other way for a 2003 domain controller - connected to the 2000 DC, and the other 2003 DC's - and confirmed I was unable to view the settings on the GPO's.


New wrinkle: I installed the GPMC (v1.0.2) on my own XPSP2 workstation. When I logged in with my regular Domain User account, then I was able to view the GPO settings. When I did a 'runas' with my Domain Administrator account, I was not able to view the GPO settings.

I have informed the policy administrator, and he is going to verify all his security settings.
 
Upvote 0 Downvote
Good call. Sounds like Admins do not have Read access to the policy.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
1K
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
992
suncit
suncit
lacked
  • Locked
  • Question
problem with windows update on windows server 2016
Replies
1
Views
315
maybeimaleo
maybeimaleo
MoJHK
  • Locked
  • Question
ESXI server upload problem
Replies
3
Views
318
hairlessupportmonkey
hairlessupportmonkey
rrmcguire
  • Locked
  • Question
group policy to set dns
Replies
2
Views
475
rrmcguire
rrmcguire

Part and Inventory Search

Sponsor

Back
Top