.png?width=100&auto=webp&quality=80&disable=upscale "Picture of John Savill")
.png?width=400&auto=webp&quality=80&disable=upscale "John Savill")
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Q. After I upgraded from Windows 2000 Server to Windows Server 2003, I received an error about the Enterprise Domain Controllers group's access to certain Group Policy Objects (GPOs) in Group Policy Management Console (GPMC). What's causing this error?
John Savill
December 21, 2004
1 Min Read
A. Windows 2003 introduced the Group Policy Modeling feature, which allows simulations of Resultant Set of Policies (RsoP) scenarios and is performed by a service that runs on Windows 2003 domain controllers (DCs). Because this service is on the DCs, the Enterprise Domain Controllers group needs access to all Group Policy Objects (GPOs). This access is granted automatically to any newly created GPO. However, GPOs that existed before the upgrade aren't updated with the new permissions. When you use GPMC to access such GPOs, you'll receive a warning, which the Figure shows. To solve the problem, perform these steps:
Log on as a domain administrator.
Start a command prompt and navigate to the %programfiles%gpmcscripts folder (e.g., c:program filesgpmcscripts) by typing
cd /d %programfiles%gpmcscriptsExecute the GrantPermissionOnAllGPOs.wsf script that's provided with GPMC and specify the domain's DNS name--for example:
Cscript GrantPermissionOnAllGPOs.wsf "Enterprise Domain Controllers"/Permission:Read /Domain:savilltech.com(The command wraps to two lines here because of space limitations.) Be sure to replace savilltech.com with your domain name.
About the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
