Darren - When i attempt to add my user account or a Global Group i have in the parent domain to the Domain Admins group of the child domain, it doesn't resolve ? Not a single user a group seems to resolve. see attachment. On Tue, Oct 7, 2008 at 7:27 PM, Darren Mar-Elia <darren@xxxxxxxxxx> wrote: > My first thought is you don't have sufficient rights in your child > domain. Remember that most workstations that are joined to a domain grant > that domain's Domain Admins group permissions to local Administrators. So, > unless you have explicitly added your parent account to the domain admins > group in the child domain, you may not have sufficient rights on those child > machines to perform a GPUpdate task, which, though I'm not sure of the > mechanism, likely requires remote WMI access at the very least. > > > > Darren > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Harry Singh > *Sent:* Tuesday, October 07, 2008 4:02 PM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Access Denied from Parent to Child Domain > > > > All - > > I've installed the SPECOPS software to faciliate running GPupdate on > machines at will. > > However i noticed i get an Access Denied when trying to GPupdate machines > that exist in my child domain. > > I'm running a Windows 2003 r2 domain with 1 forest consisting of parent and > 1 child domain. > > I'm running windows xpsp2 on my local machine with GPMC. > > I don't think the issue is isolated to SPECOPS because when i try to bring > up the security event logs for these child machines, i get denied access as > well. > > any thoughts ? > >
Attachment:
ScreenShot015.png
Description: PNG image
