|
NetVillage: Group Policy Management Console Error
Group Policy Management Console ErrorAfter upgrading our domain controllers from Windows 2000 Enterprise server to Windows 2003 Enterprise, the Group Policy Management Console spits an error when selecting a GPO that reads: And here is the fix: Group Policy Modeling is a new feature of Windows Server 2003 that simulates the resultant set of policy for a given configuration. The simulation is performed by a service that runs on Windows Server 2003 domain controllers. In order to perform the simulation in cross-domain scenarios, the service must have read access to all GPOs in the forest. In a Windows Server 2003 domain (whether it is upgraded from Windows 2000 or installed as new), the Enterprise Domain Controllers group is automatically given read access to all newly created GPOs. This ensures that the service can read all GPOs in the forest. However, if the domain was upgraded from Windows 2000, any existing GPO's that were created before the upgrade do not have read access for the Enterprise Domain Controllers group. When you click a GPO, GPMC detects this situation and notifies the user that Enterprise Domain Controllers do not have read access to all GPOs in this domain. To solve this problem, you can use one of the sample scripts provided with GPMC, GrantPermissionOnAllGPOs.wsf. This script can update the permissions for all GPOs in the domain. To use this script: 1. Ensure that the person running this script is either a Domain Admin or has permissions to modify security on all GPOs in the domain. 2. Open a command prompt and navigate to the %programfiles%\gpmc\scripts folder by typing: 3. Type the following: The value of domain parameter is the DNS name of the domain. That will do. CategoryTechnology  |
