[gptalk] Re: Default DC Policy

  • From: "Delaney, Doug" <doug.delaney@xxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 30 Aug 2006 01:10:09 -0400

if the domain is 2003, the "Enterprise Domain Controllers" group has
read access...


Doug Delaney
GM Desktop Engineering
Global Client Engineering GM
1075 W. Entrance Dr., MS 2B, Cube 2130
Auburn Hills, MI 48326
Lab: 248-365-9187
Tel: 248-754-7917
Pg: 248-870-0306 pager
Mail: Doug.Delaney@xxxxxxx 

Note: The information in this email is intended solely for the
addressee. Access to this email by anyone else is unauthorized. If you
are not the intended recipient, any disclosure, copying, distribution or
any action taken or omitted to be taken in reliance on it is prohibited.


-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Wednesday, August 30, 2006 3:57 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Default DC Policy

If the GPO is linked to the DC OU, then there's no harm in granted Auth.
Users access to it to get things working. I don't have a DC in front of
me to see what the default perms on that GPO should be but I'm guessing
the Domain Controllers group probably has read rights as well.



-----Original message-----
From: "Robert Mariani" rmariani@xxxxxxxxxxx
Date: Tue, 29 Aug 2006 23:35:43 -0400
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Default DC Policy

> 
> 
> Hi Darren - I have given Authenticated Users read access to this file 
> and a gpoupdate /force applies without error.
> 
> should this file have that security on it as my default domain policy 
> doesn't
> 
> 
> 
> 
> On Wed, August 30, 2006 5:10
> pm, Darren Mar-Elia said: 
> > Robert-
> > You might want to check the
> following: 
> > 
> > 1) that the registry.pol file is actually there
> > 2) that the permissions that appear on it look ok (that System and 
> > Authenticated
> Users
> > have at least Read access to it)
> > 
> > If the above are
> true, then you might want to download my polviewer utility on my site
> > and use
> it to try and open that registry.pol file. If the file format is 
> corrupted, then
> > it will report that and you know that the file is no good and 
> > probably needs to
> be
> > rebuilt. 
> > 
> > Darren
> > 
> > -----Original
> message-----
> > 
> From: "Robert Mariani" rmariani@xxxxxxxxxxx
> > Date: Tue, 29 Aug 2006 23:05:12 -0400
> > To: gptalk@xxxxxxxxxxxxx
> > Subject: [gptalk] Default DC Policy
> > 
> >> 
> >> 
> >> 
> >> Hi All,
> >> ?? I had the unfortunate experience of
> having to do an
> >> authoriative domain restore this morning. 
> >>
> 
> >> Everything went ok - except bloody Veritas Backup Exec
> playing up a bit? 
> >> 
> >> I am seeing only one error showing 
> >> when my DC's apply the default domain contollers policy 
> >> 
> >> it is an error 1043 
> >> followed by 1096 
> >> 
> >> 
> >> Windows cannot access the registry policy file, 
> >>
>
<domain>\sysvol\<domain>\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}
\Machine\registry.pol.
> 
> >> (Access is denied. ). 
> >> 
> >> For more information,
> see Help and Support Center at 
> >> http://go.microsoft.com/fwlink/events.asp.
> 
> >> 
> >> 
> >> anyone got any ideas in how 
> >>
> to correct?? 
> >> 
> >> Thanks 
> >> Robert 
> >>
> 
> >> 
> > 
> > *********************** 
> > You can
> unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 
> >
> 'unsubscribe' in the Subject field OR by logging into the
freelists.org Web interface.
> 
> > Archives for the list are available at
> http://www.freelists.org/archives/gptalk/ 
> > ************************ 
> >
> 
> 
> 

***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at http://www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: