Default Domain GP Locked

  • Thread starter Thread starter Thomas Dietrich
  • Start date Start date
T

Thomas Dietrich

Hello,
I used a WinXP machine to edit our Default Domain Policy
Group Policy, and now I can no longer access the Group
Policy. When I try to open AD Users & Computers, Right
click on the Domain name, go to Properties, select the
Group Policy tab, and hit Edit I get the following error
message:
"Failed to open the Group Policy Object. You may not have
appropriate rights. Details: Unspecified error."

I double checked the security settings, all are good. I
cannot edit the GP from my XP machine nor while logged in
to the Domain Controller as Administrator (member of the
Enterprise Admins group). I was told this is a result of
editing with my XP machine.

I've already used KB Article 294257, but that didn't
fix the error.

I can edit the GPO's on all child containers and OU's
under this domain.

I downloaded and installed the Group Policy Management
Console snapin and when I view the GPO I get this message
under the Administrative Templates section:
The following errors were encountered:
The
file "\\CELESTA.frameless.pcd\sysvol\frameless.pcd\Policie
s\{31B2F340-016D-11D2-945F-00C04FB984F9}
\Machine\registry.pol" is not in a valid format. The file
might be corrupt. Use Group Policy Object Editor to
reconfigure the settings in this extension.

I was told by a consultant that I have to perform an
Authoritative Restore of the System State Data on the
Domain Controller, but would rather avoid that if
possible. Does anybody have any other ideas or
suggestions?

Thanks!
 
Sent util to recreate the default domain controller and
default domain policies.
If you are running Exchange you will need to add to the
default domain controller policy:
computer config/windows settings/security settings/local
policies/user rights assignments

Add Exchange enterprise server to the manage auditing and
security logs.
Steve
 
Back
Top