[gptalk] Re: Default DC Policy

If the GPO is linked to the DC OU, then there's no harm in granted Auth. Users 
access to it to get things working. I don't have a DC in front of me to see 
what the default perms on that GPO should be but I'm guessing the Domain 
Controllers group probably has read rights as well.



-----Original message-----
From: "Robert Mariani" rmariani@xxxxxxxxxxx
Date: Tue, 29 Aug 2006 23:35:43 -0400
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Default DC Policy

> 
> 
> Hi Darren - I have given Authenticated Users read access to this file and a 
> gpoupdate
> /force applies without error.
> 
> should this file have that security on it as my
> default domain policy doesn't
> 
> 
> 
> 
> On Wed, August 30, 2006 5:10
> pm, Darren Mar-Elia said: 
> > Robert- 
> > You might want to check the
> following: 
> > 
> > 1) that the registry.pol file is actually there 
> > 2) that the permissions that appear on it look ok (that System and 
> > Authenticated
> Users 
> > have at least Read access to it) 
> > 
> > If the above are
> true, then you might want to download my polviewer utility on my site 
> > and use
> it to try and open that registry.pol file. If the file format is corrupted, 
> then 
> > it will report that and you know that the file is no good and probably 
> > needs to
> be 
> > rebuilt. 
> > 
> > Darren 
> > 
> > -----Original
> message----- 
> > 
> From: "Robert Mariani" rmariani@xxxxxxxxxxx 
> > Date: Tue, 29 Aug 2006 23:05:12 -0400 
> > To: gptalk@xxxxxxxxxxxxx 
> > Subject: [gptalk] Default DC Policy 
> > 
> >> 
> >> 
> >> 
> >> Hi All, 
> >> ?? I had the unfortunate experience of
> having to do an 
> >> authoriative domain restore this morning. 
> >>
> 
> >> Everything went ok - except bloody 
> >> Veritas Backup Exec
> playing up a bit? 
> >> 
> >> I am seeing only one error showing 
> >> when my DC's apply the default domain contollers policy 
> >> 
> >> it is an error 1043 
> >> followed by 1096 
> >> 
> >> 
> >> Windows cannot access the registry policy file, 
> >>
> <domain>\sysvol\<domain>\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\Machine\registry.pol.
> 
> >> (Access is denied. ). 
> >> 
> >> For more information,
> see Help and Support Center at 
> >> http://go.microsoft.com/fwlink/events.asp.
> 
> >> 
> >> 
> >> anyone got any ideas in how 
> >>
> to correct?? 
> >> 
> >> Thanks 
> >> Robert 
> >>
> 
> >> 
> > 
> > *********************** 
> > You can
> unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 
> >
> 'unsubscribe' in the Subject field OR by logging into the freelists.org Web 
> interface.
> 
> > Archives for the list are available at
> http://www.freelists.org/archives/gptalk/ 
> > ************************ 
> >
> 
> 
> 

***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: