Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unable to access Group Policy Editor

Status
Not open for further replies.

motti

Technical User
Joined
Dec 19, 2006
Messages
7
Location
US
While trying to run adprep, so that I could add a Windows 2003 R2 machine to the domain as a second domain controller, i encountered an error:

Adprep encountered an LDAP error.
Error code: 0x32. Server extended error code: 0x2098, Server error message: 00002098: SecErr: DSID-03151D7D, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

In researching this error, i found i needed to modify something in the group policy editor. And when i tried to open that up, i get the following box.

Group Policy Error
You do not have permission to preform this operation.
Details: access is denied

I am logged in as the admin, although the network was set up by a previous consultant, and the old accounts that they used for access do not exist anymore.

my feeling is that they may have used the group policy to determine what admin user can access the group policy editor.

the admin user being used is a fully privileged administrative user and a member of every administrative group that exists on the system.

is there any way around this to be able to access the group policy editor?
 
In order to make schema changes, you have to be logged into the domain with a schema admin account, and you should run it on your schema master.

What makes you think you have to edit something in a GPO? Can you elaborate?

Pat Richard
Microsoft Exchange MVP
Contributing author Microsoft Exchange Server 2007: The Complete Reference
 
More than likely, your DCPROMO issue is related to DNS misconfiguration. Make sure that the server's NIC TCP/IP properties ONLY list INTERNAL DNS servers.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
The DNS is set correctly.
 
What errors are in the application and system logs?

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top