[gptalk] Re: Access Denied from Parent to Child Domain

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Tue, 7 Oct 2008 16:27:15 -0700

My first thought is you don’t have sufficient rights in your child domain. 
Remember that most workstations that are joined to a domain grant that domain’s 
Domain Admins group permissions to local Administrators. So, unless you have 
explicitly added your parent account to the domain admins group in the child 
domain, you may not have sufficient rights on those child machines to perform a 
GPUpdate task, which, though I’m not sure of the mechanism, likely requires 
remote WMI access at the very least.




From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Harry Singh
Sent: Tuesday, October 07, 2008 4:02 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Access Denied from Parent to Child Domain


All -

I've installed the SPECOPS software to faciliate running GPupdate on machines 
at will.

However i noticed i get an Access Denied when trying to GPupdate machines that 
exist in my child domain.

I'm running a Windows 2003 r2 domain with 1 forest consisting of parent and 1 
child domain.

I'm running windows xpsp2 on my local machine with GPMC.

I don't think the issue is isolated to SPECOPS because when i try to bring up 
the security event logs for these child machines, i get denied access as well.

any thoughts ?

Other related posts: