Thanks for the help Darren! I'm going go try this out and I'll let you know the outcome... :) On Dec 3, 2007 8:54 AM, Darren Mar-Elia <darren@xxxxxxxxxx> wrote: > You probably somehow removed all the permissions on the GPO. What you > have to do is take ownership of the GPC object in AD. So, first thing you > need is the GUID of the GPO in question. Since it's the DDP, its got a > well-known GUID, which makes it easy. The best way to do this is to bring up > ADSIEdit, and navigate to CN=Policies,CN=System in your domain. Then, on the > right hand-side, you will like see a container object that starts with > {31B…--That's the DDP. It will also likely look different than the other > containers in that folder because the permission issues cause it to not be > correctly viewed in ADSIEdit. What you need to do is right-click it, go into > Properties, Security,Advanced and take ownership of that object. Once you do > that, close the object and then re-open it and you should see at least > Administrators in the ACL. Once you've done that, then you can go back into > GPMC, into the Delegation tab for that GPO and modify the permissions as you > normally would. > > > > HTH, > > > > Darren > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Mike Johnston > *Sent:* Saturday, December 01, 2007 8:39 PM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] GPO Delegation problems. > > > > I don't know what I did or how to fix it... I hope someone here knows... > lol > > I was using the Group Policy Management Snap-in to modify the GPO for a > domain that I was working on and something happened. I don't know what I > changed, but now when I go down the "Default Domain Policy" I get an > "Access > is Denied" message. When I click on the "Delegations" tab it gives me > that > same error and then the entire tab is just solid gray. I've even tried > logging in as the one Administrator account for the domain but I have the > same problem. My account is a Domain Administrator, Enterprise > Administrator and Schema Admin. I just want to know how I can gain back > the > access for Domain Admins to delegate the policy. I have no idea what I > did > because I don't remember saying yes to anything that would cause this. > I'm > also very surprised the GPO would let me make a change like that also. > Anyone have any ideas? Thanks for the help! >