Sign in with
Sign up | Sign in
Your question

Security Policy Is not opening.

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
April 28, 2005 8:26:05 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi

I have Win2000 Domain Controller logged in as domain administrators.

Problem is : I could not able to open Domain Security Policy or Domain
Controller Security Policy. We would like to apply some policies. But Domain
Default Policy Editor is not opening at all.

Its showing a message like "you dont have appropriate permissions.
Details : The System Cannot find path." That is the message i m getting
whenever i tried to open Domain Security Policy and Domain Security Policy.

Please help me in this.

Thanks and Regards
Rajam.
Anonymous
a b 8 Security
April 28, 2005 9:19:06 PM

Archived from groups: microsoft.public.win2000.security (More info?)

That could be a dns problem or a problem with the existence of the sysvol
share or permissions for it. From any domain computer you should be able to
access the sysvol share by entering in the run box
\\domaincontrollername\sysvol. Run the support tools netdiag and dcdiag on
the domain controller looking for pertinent problems and also check Event
Viewer for Event ID's than may detail a related problem. Support tools are
on the install disk in the support/tools folder. See the link below on dns
to make sure your dns is correctly configured for the domain and NEVER list
an ISP dns server as a preferred dns server in tcp/ip properties of any
domain computer or computer you are trying to join to the domain. --- Steve

http://support.microsoft.com/default.aspx?scid=kb%3Ben-...

"Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
news:AF5B03FD-BFDF-4BCF-8150-8C514F1F88AE@microsoft.com...
> Hi
>
> I have Win2000 Domain Controller logged in as domain administrators.
>
> Problem is : I could not able to open Domain Security Policy or Domain
> Controller Security Policy. We would like to apply some policies. But
> Domain
> Default Policy Editor is not opening at all.
>
> Its showing a message like "you dont have appropriate permissions.
> Details : The System Cannot find path." That is the message i m getting
> whenever i tried to open Domain Security Policy and Domain Security
> Policy.
>
> Please help me in this.
>
> Thanks and Regards
> Rajam.
>
Anonymous
a b 8 Security
April 29, 2005 3:44:04 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Steven

Thanx for your kind suggestion. But we tried Netdiag and Dcdiag tools. But
we couldn't find any problems in it. We are not using ISP IP as DNS server
address. What we are suspecting is might be some policies are applied on
Administrator account. Pls kindly let me know is there any other solution to
opening Security Policies like Domain Security Policy and Domain Controller
Security Policy in Domain Controller or Additional Domain Controller.
Waiting for your reply.

Thanks and Regards
Rajam

"Steven L Umbach" wrote:

> That could be a dns problem or a problem with the existence of the sysvol
> share or permissions for it. From any domain computer you should be able to
> access the sysvol share by entering in the run box
> \\domaincontrollername\sysvol. Run the support tools netdiag and dcdiag on
> the domain controller looking for pertinent problems and also check Event
> Viewer for Event ID's than may detail a related problem. Support tools are
> on the install disk in the support/tools folder. See the link below on dns
> to make sure your dns is correctly configured for the domain and NEVER list
> an ISP dns server as a preferred dns server in tcp/ip properties of any
> domain computer or computer you are trying to join to the domain. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-...
>
> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
> news:AF5B03FD-BFDF-4BCF-8150-8C514F1F88AE@microsoft.com...
> > Hi
> >
> > I have Win2000 Domain Controller logged in as domain administrators.
> >
> > Problem is : I could not able to open Domain Security Policy or Domain
> > Controller Security Policy. We would like to apply some policies. But
> > Domain
> > Default Policy Editor is not opening at all.
> >
> > Its showing a message like "you dont have appropriate permissions.
> > Details : The System Cannot find path." That is the message i m getting
> > whenever i tried to open Domain Security Policy and Domain Security
> > Policy.
> >
> > Please help me in this.
> >
> > Thanks and Regards
> > Rajam.
> >
>
>
>
Related resources
Anonymous
a b 8 Security
April 29, 2005 5:35:49 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Well good to hear that your dns seems to working correctly. See if anything
unusual shows in the application or system logs in Event Viewer and try
accessing the sysvol share as I explained before to see first if you can
access it and then if you can try to navigate to those policies via domain
name\policies\31B2F....\machine\Microsoft\Windows NT\SecEdit where you
should see and be able to open the GptTmpl.inf file there. The policy
starting 31B2F.... is the default domain Group Policy. Also try running the
support tool gpotool to see if it shows at least two Group Policies and if
any problems are reported as far as version numbers. Another thing to check
is to Use Active Directory Users and Computers. Then find your domain, right
click and select properties/Group Policy where you should see default domain
policy. For it select properties/security to make sure that domain admins
have necessary permissions which need to be at least read and write to edit
the Group Policy. Verify that domain admins global group is a member of the
administrators group and that you are logged on as a member of the domain
admins group. --- Steve


"Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
news:B72B0975-D61E-4826-93EA-BBDECB3FFE11@microsoft.com...
> Hi Steven
>
> Thanx for your kind suggestion. But we tried Netdiag and Dcdiag tools. But
> we couldn't find any problems in it. We are not using ISP IP as DNS server
> address. What we are suspecting is might be some policies are applied on
> Administrator account. Pls kindly let me know is there any other solution
> to
> opening Security Policies like Domain Security Policy and Domain
> Controller
> Security Policy in Domain Controller or Additional Domain Controller.
> Waiting for your reply.
>
> Thanks and Regards
> Rajam
>
> "Steven L Umbach" wrote:
>
>> That could be a dns problem or a problem with the existence of the sysvol
>> share or permissions for it. From any domain computer you should be able
>> to
>> access the sysvol share by entering in the run box
>> \\domaincontrollername\sysvol. Run the support tools netdiag and dcdiag
>> on
>> the domain controller looking for pertinent problems and also check Event
>> Viewer for Event ID's than may detail a related problem. Support tools
>> are
>> on the install disk in the support/tools folder. See the link below on
>> dns
>> to make sure your dns is correctly configured for the domain and NEVER
>> list
>> an ISP dns server as a preferred dns server in tcp/ip properties of any
>> domain computer or computer you are trying to join to the domain. ---
>> Steve
>>
>> http://support.microsoft.com/default.aspx?scid=kb%3Ben-...
>>
>> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
>> news:AF5B03FD-BFDF-4BCF-8150-8C514F1F88AE@microsoft.com...
>> > Hi
>> >
>> > I have Win2000 Domain Controller logged in as domain administrators.
>> >
>> > Problem is : I could not able to open Domain Security Policy or Domain
>> > Controller Security Policy. We would like to apply some policies. But
>> > Domain
>> > Default Policy Editor is not opening at all.
>> >
>> > Its showing a message like "you dont have appropriate permissions.
>> > Details : The System Cannot find path." That is the message i m
>> > getting
>> > whenever i tried to open Domain Security Policy and Domain Security
>> > Policy.
>> >
>> > Please help me in this.
>> >
>> > Thanks and Regards
>> > Rajam.
>> >
>>
>>
>>
Anonymous
a b 8 Security
April 30, 2005 4:41:02 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Steven

Thanks for your reply. Actually we checked for that policy which u mentioned
previously. Actually we dint find that policy in the Domain Controllers
Sysvol folder. If we try to change the settings of Default Domain Policy
properties also its saying u cannot access that file. We ran GPOTool also. It
has given some errors on this Default Domain Policy. I am sending that report
with this mail. Pls look into it and give me the suggestion on this. Is it
possible to create that Domain Default Policy. If its possible pls give me
the clear procedure for that. Waiting for your reply. Pls find the GPO Report.
This is the report we got it when we ran GPOTool.

Domain: sprosys.com
Validating DCs...
spro.sprosys.com: OK
softpro.sprosys.com: OK
Available DCs:
spro.sprosys.com
softpro.sprosys.com
Searching for policies...
Found 7 policies
============================================================
Policy {0196EEA9-48D4-480E-8961-2E5E2C35D891}
Policy OK
Details:
------------------------------------------------------------
DC: spro.sprosys.com
Friendly name: AccountTracking
Created: 4/26/2005 6:22:38 AM
Changed: 4/28/2005 10:05:15 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0
User extensions: not found
Machine extensions: not found
Functionality version: 2
------------------------------------------------------------
------------------------------------------------------------
DC: softpro.sprosys.com
Friendly name: AccountTracking
Created: 4/26/2005 6:22:38 AM
Changed: 4/28/2005 10:01:39 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0
User extensions: not found
Machine extensions: not found
Functionality version: 2
------------------------------------------------------------
============================================================
Policy {07DDE52B-4D39-4007-BB66-B37887143BE7}
Policy OK
Details:
------------------------------------------------------------
DC: spro.sprosys.com
Friendly name: Terminal
Created: 2/28/2005 2:24:50 PM
Changed: 4/28/2005 10:05:15 AM
DS version: 33(user) 3(machine)
Sysvol version: 33(user) 3(machine)
Flags: 0
User extensions:
[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
Machine extensions:
[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]
Functionality version: 2
------------------------------------------------------------
------------------------------------------------------------
DC: softpro.sprosys.com
Friendly name: Terminal
Created: 2/28/2005 2:24:50 PM
Changed: 4/28/2005 10:01:29 AM
DS version: 33(user) 3(machine)
Sysvol version: 33(user) 3(machine)
Flags: 0
User extensions:
[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
Machine extensions:
[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]
Functionality version: 2
------------------------------------------------------------
============================================================
Policy {277C0E32-FC88-483F-BD63-EDA7DBA00770}
Policy OK
Details:
------------------------------------------------------------
DC: spro.sprosys.com
Friendly name: Terminal
Created: 2/28/2005 2:23:24 PM
Changed: 4/28/2005 10:05:15 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0
User extensions: not found
Machine extensions: not found
Functionality version: 2
------------------------------------------------------------
------------------------------------------------------------
DC: softpro.sprosys.com
Friendly name: Terminal
Created: 2/28/2005 2:23:24 PM
Changed: 4/28/2005 10:01:22 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0
User extensions: not found
Machine extensions: not found
Functionality version: 2
------------------------------------------------------------
============================================================
Policy {31B2F340-016D-11D2-945F-00C04FB984F9}
Error: Cannot access
\\spro.sprosys.com\sysvol\sprosys.com\policies\{31B2F340-016D-11D2-945F-00C04FB984F9}, error 2
Error: Cannot access
\\softpro.sprosys.com\sysvol\sprosys.com\policies\{31B2F340-016D-11D2-945F-00C04FB984F9}, error 2
Details:
------------------------------------------------------------
DC: spro.sprosys.com
Friendly name: Default Domain Policy
Created: 10/12/2004 4:37:20 PM
Changed: 4/30/2005 7:28:50 AM
DS version: 1(user) 3(machine)
Sysvol version: not found
Flags: 0
User extensions:
[{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}]
Machine extensions:
[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
Functionality version: 2
------------------------------------------------------------
------------------------------------------------------------
DC: softpro.sprosys.com
Friendly name: Default Domain Policy
Created: 10/12/2004 4:37:20 PM
Changed: 4/30/2005 7:29:56 AM
DS version: 1(user) 3(machine)
Sysvol version: not found
Flags: 0
User extensions:
[{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}]
Machine extensions:
[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
Functionality version: 2
------------------------------------------------------------
============================================================
Policy {5176A5A6-48DD-4A96-8405-A815C10B7EA8}
Policy OK
Details:
------------------------------------------------------------
DC: spro.sprosys.com
Friendly name: terminal
Created: 2/28/2005 12:22:15 PM
Changed: 4/28/2005 10:05:15 AM
DS version: 1(user) 0(machine)
Sysvol version: 1(user) 0(machine)
Flags: 0
User extensions:
[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
Machine extensions: not found
Functionality version: 2
------------------------------------------------------------
------------------------------------------------------------
DC: softpro.sprosys.com
Friendly name: terminal
Created: 2/28/2005 12:22:15 PM
Changed: 4/28/2005 10:01:08 AM
DS version: 1(user) 0(machine)
Sysvol version: 1(user) 0(machine)
Flags: 0
User extensions:
[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
Machine extensions: not found
Functionality version: 2
------------------------------------------------------------
============================================================
Policy {6AC1786C-016F-11D2-945F-00C04FB984F9}
Error: Cannot access
\\spro.sprosys.com\sysvol\sprosys.com\policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}, error 2
Error: Cannot access
\\softpro.sprosys.com\sysvol\sprosys.com\policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}, error 2
Details:
------------------------------------------------------------
DC: spro.sprosys.com
Friendly name: Default Domain Controllers Policy
Created: 10/12/2004 4:37:20 PM
Changed: 4/28/2005 10:05:15 AM
DS version: 0(user) 4(machine)
Sysvol version: not found
Flags: 0
User extensions: not found
Machine extensions:
[{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
Functionality version: 2
------------------------------------------------------------
------------------------------------------------------------
DC: softpro.sprosys.com
Friendly name: Default Domain Controllers Policy
Created: 10/12/2004 4:37:20 PM
Changed: 4/28/2005 10:01:01 AM
DS version: 0(user) 4(machine)
Sysvol version: not found
Flags: 0
User extensions: not found
Machine extensions:
[{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
Functionality version: 2
------------------------------------------------------------
============================================================
Policy {E3668F2C-D789-4A77-822D-DEABB4B9A657}
Policy OK
Details:
------------------------------------------------------------
DC: spro.sprosys.com
Friendly name: New Group Policy Object
Created: 4/27/2005 3:54:32 AM
Changed: 4/28/2005 10:05:15 AM
DS version: 0(user) 34(machine)
Sysvol version: 0(user) 34(machine)
Flags: 0
User extensions: not found
Machine extensions:
[{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
Functionality version: 2
------------------------------------------------------------
------------------------------------------------------------
DC: softpro.sprosys.com
Friendly name: New Group Policy Object
Created: 4/27/2005 3:54:32 AM
Changed: 4/28/2005 10:00:51 AM
DS version: 0(user) 34(machine)
Sysvol version: 0(user) 34(machine)
Flags: 0
User extensions: not found
Machine extensions:
[{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
Functionality version: 2
------------------------------------------------------------

Errors found

Thanks and Regards
Rajam.


"Steven L Umbach" wrote:

> Well good to hear that your dns seems to working correctly. See if anything
> unusual shows in the application or system logs in Event Viewer and try
> accessing the sysvol share as I explained before to see first if you can
> access it and then if you can try to navigate to those policies via domain
> name\policies\31B2F....\machine\Microsoft\Windows NT\SecEdit where you
> should see and be able to open the GptTmpl.inf file there. The policy
> starting 31B2F.... is the default domain Group Policy. Also try running the
> support tool gpotool to see if it shows at least two Group Policies and if
> any problems are reported as far as version numbers. Another thing to check
> is to Use Active Directory Users and Computers. Then find your domain, right
> click and select properties/Group Policy where you should see default domain
> policy. For it select properties/security to make sure that domain admins
> have necessary permissions which need to be at least read and write to edit
> the Group Policy. Verify that domain admins global group is a member of the
> administrators group and that you are logged on as a member of the domain
> admins group. --- Steve
>
>
> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
> news:B72B0975-D61E-4826-93EA-BBDECB3FFE11@microsoft.com...
> > Hi Steven
> >
> > Thanx for your kind suggestion. But we tried Netdiag and Dcdiag tools. But
> > we couldn't find any problems in it. We are not using ISP IP as DNS server
> > address. What we are suspecting is might be some policies are applied on
> > Administrator account. Pls kindly let me know is there any other solution
> > to
> > opening Security Policies like Domain Security Policy and Domain
> > Controller
> > Security Policy in Domain Controller or Additional Domain Controller.
> > Waiting for your reply.
> >
> > Thanks and Regards
> > Rajam
> >
> > "Steven L Umbach" wrote:
> >
> >> That could be a dns problem or a problem with the existence of the sysvol
> >> share or permissions for it. From any domain computer you should be able
> >> to
> >> access the sysvol share by entering in the run box
> >> \\domaincontrollername\sysvol. Run the support tools netdiag and dcdiag
> >> on
> >> the domain controller looking for pertinent problems and also check Event
> >> Viewer for Event ID's than may detail a related problem. Support tools
> >> are
> >> on the install disk in the support/tools folder. See the link below on
> >> dns
> >> to make sure your dns is correctly configured for the domain and NEVER
> >> list
> >> an ISP dns server as a preferred dns server in tcp/ip properties of any
> >> domain computer or computer you are trying to join to the domain. ---
> >> Steve
> >>
> >> http://support.microsoft.com/default.aspx?scid=kb%3Ben-...
> >>
> >> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
> >> news:AF5B03FD-BFDF-4BCF-8150-8C514F1F88AE@microsoft.com...
> >> > Hi
> >> >
> >> > I have Win2000 Domain Controller logged in as domain administrators.
> >> >
> >> > Problem is : I could not able to open Domain Security Policy or Domain
> >> > Controller Security Policy. We would like to apply some policies. But
> >> > Domain
> >> > Default Policy Editor is not opening at all.
> >> >
> >> > Its showing a message like "you dont have appropriate permissions.
> >> > Details : The System Cannot find path." That is the message i m
> >> > getting
> >> > whenever i tried to open Domain Security Policy and Domain Security
> >> > Policy.
> >> >
> >> > Please help me in this.
> >> >
> >> > Thanks and Regards
> >> > Rajam.
> >> >
> >>
> >>
> >>
>
>
>
Anonymous
a b 8 Security
April 30, 2005 4:17:40 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Well it certainly looks like you have a problem with the two default
policies for domain and domain controller. One solution could be to an
authoritative restore of Active Directory from a System State backup from a
time before this problem occurred. if it is a fairly recent problem then
that may be a good solution assuming you have the System State backups.
Another possibility that I can think of is to use a free tool from Microsoft
to rebuild those two policies called RecreateDefpol.EX. The link for it is
below and be sure to read the instructions and warnings. That is what I
would try. You may however want to post in the Active Directory newsgroup to
see if they have any further suggestions or alternatives. --- Steve

http://www.microsoft.com/downloads/details.aspx?FamilyI...

"Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
news:68CA3690-3D4C-4899-9AEA-0A5CCAE1F21B@microsoft.com...
> Hi Steven
>
> Thanks for your reply. Actually we checked for that policy which u
> mentioned
> previously. Actually we dint find that policy in the Domain Controllers
> Sysvol folder. If we try to change the settings of Default Domain Policy
> properties also its saying u cannot access that file. We ran GPOTool also.
> It
> has given some errors on this Default Domain Policy. I am sending that
> report
> with this mail. Pls look into it and give me the suggestion on this. Is it
> possible to create that Domain Default Policy. If its possible pls give me
> the clear procedure for that. Waiting for your reply. Pls find the GPO
> Report.
> This is the report we got it when we ran GPOTool.
>
> Domain: sprosys.com
> Validating DCs...
> spro.sprosys.com: OK
> softpro.sprosys.com: OK
> Available DCs:
> spro.sprosys.com
> softpro.sprosys.com
> Searching for policies...
> Found 7 policies
> ============================================================
> Policy {0196EEA9-48D4-480E-8961-2E5E2C35D891}
> Policy OK
> Details:
> ------------------------------------------------------------
> DC: spro.sprosys.com
> Friendly name: AccountTracking
> Created: 4/26/2005 6:22:38 AM
> Changed: 4/28/2005 10:05:15 AM
> DS version: 0(user) 0(machine)
> Sysvol version: 0(user) 0(machine)
> Flags: 0
> User extensions: not found
> Machine extensions: not found
> Functionality version: 2
> ------------------------------------------------------------
> ------------------------------------------------------------
> DC: softpro.sprosys.com
> Friendly name: AccountTracking
> Created: 4/26/2005 6:22:38 AM
> Changed: 4/28/2005 10:01:39 AM
> DS version: 0(user) 0(machine)
> Sysvol version: 0(user) 0(machine)
> Flags: 0
> User extensions: not found
> Machine extensions: not found
> Functionality version: 2
> ------------------------------------------------------------
> ============================================================
> Policy {07DDE52B-4D39-4007-BB66-B37887143BE7}
> Policy OK
> Details:
> ------------------------------------------------------------
> DC: spro.sprosys.com
> Friendly name: Terminal
> Created: 2/28/2005 2:24:50 PM
> Changed: 4/28/2005 10:05:15 AM
> DS version: 33(user) 3(machine)
> Sysvol version: 33(user) 3(machine)
> Flags: 0
> User extensions:
> [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> Machine extensions:
> [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]
> Functionality version: 2
> ------------------------------------------------------------
> ------------------------------------------------------------
> DC: softpro.sprosys.com
> Friendly name: Terminal
> Created: 2/28/2005 2:24:50 PM
> Changed: 4/28/2005 10:01:29 AM
> DS version: 33(user) 3(machine)
> Sysvol version: 33(user) 3(machine)
> Flags: 0
> User extensions:
> [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> Machine extensions:
> [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]
> Functionality version: 2
> ------------------------------------------------------------
> ============================================================
> Policy {277C0E32-FC88-483F-BD63-EDA7DBA00770}
> Policy OK
> Details:
> ------------------------------------------------------------
> DC: spro.sprosys.com
> Friendly name: Terminal
> Created: 2/28/2005 2:23:24 PM
> Changed: 4/28/2005 10:05:15 AM
> DS version: 0(user) 0(machine)
> Sysvol version: 0(user) 0(machine)
> Flags: 0
> User extensions: not found
> Machine extensions: not found
> Functionality version: 2
> ------------------------------------------------------------
> ------------------------------------------------------------
> DC: softpro.sprosys.com
> Friendly name: Terminal
> Created: 2/28/2005 2:23:24 PM
> Changed: 4/28/2005 10:01:22 AM
> DS version: 0(user) 0(machine)
> Sysvol version: 0(user) 0(machine)
> Flags: 0
> User extensions: not found
> Machine extensions: not found
> Functionality version: 2
> ------------------------------------------------------------
> ============================================================
> Policy {31B2F340-016D-11D2-945F-00C04FB984F9}
> Error: Cannot access
> \\spro.sprosys.com\sysvol\sprosys.com\policies\{31B2F340-016D-11D2-945F-00C04FB984F9},
> error 2
> Error: Cannot access
> \\softpro.sprosys.com\sysvol\sprosys.com\policies\{31B2F340-016D-11D2-945F-00C04FB984F9},
> error 2
> Details:
> ------------------------------------------------------------
> DC: spro.sprosys.com
> Friendly name: Default Domain Policy
> Created: 10/12/2004 4:37:20 PM
> Changed: 4/30/2005 7:28:50 AM
> DS version: 1(user) 3(machine)
> Sysvol version: not found
> Flags: 0
> User extensions:
> [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}]
> Machine extensions:
> [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
> Functionality version: 2
> ------------------------------------------------------------
> ------------------------------------------------------------
> DC: softpro.sprosys.com
> Friendly name: Default Domain Policy
> Created: 10/12/2004 4:37:20 PM
> Changed: 4/30/2005 7:29:56 AM
> DS version: 1(user) 3(machine)
> Sysvol version: not found
> Flags: 0
> User extensions:
> [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}]
> Machine extensions:
> [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
> Functionality version: 2
> ------------------------------------------------------------
> ============================================================
> Policy {5176A5A6-48DD-4A96-8405-A815C10B7EA8}
> Policy OK
> Details:
> ------------------------------------------------------------
> DC: spro.sprosys.com
> Friendly name: terminal
> Created: 2/28/2005 12:22:15 PM
> Changed: 4/28/2005 10:05:15 AM
> DS version: 1(user) 0(machine)
> Sysvol version: 1(user) 0(machine)
> Flags: 0
> User extensions:
> [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> Machine extensions: not found
> Functionality version: 2
> ------------------------------------------------------------
> ------------------------------------------------------------
> DC: softpro.sprosys.com
> Friendly name: terminal
> Created: 2/28/2005 12:22:15 PM
> Changed: 4/28/2005 10:01:08 AM
> DS version: 1(user) 0(machine)
> Sysvol version: 1(user) 0(machine)
> Flags: 0
> User extensions:
> [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> Machine extensions: not found
> Functionality version: 2
> ------------------------------------------------------------
> ============================================================
> Policy {6AC1786C-016F-11D2-945F-00C04FB984F9}
> Error: Cannot access
> \\spro.sprosys.com\sysvol\sprosys.com\policies\{6AC1786C-016F-11D2-945F-00C04FB984F9},
> error 2
> Error: Cannot access
> \\softpro.sprosys.com\sysvol\sprosys.com\policies\{6AC1786C-016F-11D2-945F-00C04FB984F9},
> error 2
> Details:
> ------------------------------------------------------------
> DC: spro.sprosys.com
> Friendly name: Default Domain Controllers Policy
> Created: 10/12/2004 4:37:20 PM
> Changed: 4/28/2005 10:05:15 AM
> DS version: 0(user) 4(machine)
> Sysvol version: not found
> Flags: 0
> User extensions: not found
> Machine extensions:
> [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> Functionality version: 2
> ------------------------------------------------------------
> ------------------------------------------------------------
> DC: softpro.sprosys.com
> Friendly name: Default Domain Controllers Policy
> Created: 10/12/2004 4:37:20 PM
> Changed: 4/28/2005 10:01:01 AM
> DS version: 0(user) 4(machine)
> Sysvol version: not found
> Flags: 0
> User extensions: not found
> Machine extensions:
> [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> Functionality version: 2
> ------------------------------------------------------------
> ============================================================
> Policy {E3668F2C-D789-4A77-822D-DEABB4B9A657}
> Policy OK
> Details:
> ------------------------------------------------------------
> DC: spro.sprosys.com
> Friendly name: New Group Policy Object
> Created: 4/27/2005 3:54:32 AM
> Changed: 4/28/2005 10:05:15 AM
> DS version: 0(user) 34(machine)
> Sysvol version: 0(user) 34(machine)
> Flags: 0
> User extensions: not found
> Machine extensions:
> [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> Functionality version: 2
> ------------------------------------------------------------
> ------------------------------------------------------------
> DC: softpro.sprosys.com
> Friendly name: New Group Policy Object
> Created: 4/27/2005 3:54:32 AM
> Changed: 4/28/2005 10:00:51 AM
> DS version: 0(user) 34(machine)
> Sysvol version: 0(user) 34(machine)
> Flags: 0
> User extensions: not found
> Machine extensions:
> [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> Functionality version: 2
> ------------------------------------------------------------
>
> Errors found
>
> Thanks and Regards
> Rajam.
>
>
> "Steven L Umbach" wrote:
>
>> Well good to hear that your dns seems to working correctly. See if
>> anything
>> unusual shows in the application or system logs in Event Viewer and try
>> accessing the sysvol share as I explained before to see first if you can
>> access it and then if you can try to navigate to those policies via
>> domain
>> name\policies\31B2F....\machine\Microsoft\Windows NT\SecEdit where you
>> should see and be able to open the GptTmpl.inf file there. The policy
>> starting 31B2F.... is the default domain Group Policy. Also try running
>> the
>> support tool gpotool to see if it shows at least two Group Policies and
>> if
>> any problems are reported as far as version numbers. Another thing to
>> check
>> is to Use Active Directory Users and Computers. Then find your domain,
>> right
>> click and select properties/Group Policy where you should see default
>> domain
>> policy. For it select properties/security to make sure that domain admins
>> have necessary permissions which need to be at least read and write to
>> edit
>> the Group Policy. Verify that domain admins global group is a member of
>> the
>> administrators group and that you are logged on as a member of the domain
>> admins group. --- Steve
>>
>>
>> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
>> news:B72B0975-D61E-4826-93EA-BBDECB3FFE11@microsoft.com...
>> > Hi Steven
>> >
>> > Thanx for your kind suggestion. But we tried Netdiag and Dcdiag tools.
>> > But
>> > we couldn't find any problems in it. We are not using ISP IP as DNS
>> > server
>> > address. What we are suspecting is might be some policies are applied
>> > on
>> > Administrator account. Pls kindly let me know is there any other
>> > solution
>> > to
>> > opening Security Policies like Domain Security Policy and Domain
>> > Controller
>> > Security Policy in Domain Controller or Additional Domain Controller.
>> > Waiting for your reply.
>> >
>> > Thanks and Regards
>> > Rajam
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> That could be a dns problem or a problem with the existence of the
>> >> sysvol
>> >> share or permissions for it. From any domain computer you should be
>> >> able
>> >> to
>> >> access the sysvol share by entering in the run box
>> >> \\domaincontrollername\sysvol. Run the support tools netdiag and
>> >> dcdiag
>> >> on
>> >> the domain controller looking for pertinent problems and also check
>> >> Event
>> >> Viewer for Event ID's than may detail a related problem. Support tools
>> >> are
>> >> on the install disk in the support/tools folder. See the link below on
>> >> dns
>> >> to make sure your dns is correctly configured for the domain and NEVER
>> >> list
>> >> an ISP dns server as a preferred dns server in tcp/ip properties of
>> >> any
>> >> domain computer or computer you are trying to join to the domain. ---
>> >> Steve
>> >>
>> >> http://support.microsoft.com/default.aspx?scid=kb%3Ben-...
>> >>
>> >> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
>> >> news:AF5B03FD-BFDF-4BCF-8150-8C514F1F88AE@microsoft.com...
>> >> > Hi
>> >> >
>> >> > I have Win2000 Domain Controller logged in as domain administrators.
>> >> >
>> >> > Problem is : I could not able to open Domain Security Policy or
>> >> > Domain
>> >> > Controller Security Policy. We would like to apply some policies.
>> >> > But
>> >> > Domain
>> >> > Default Policy Editor is not opening at all.
>> >> >
>> >> > Its showing a message like "you dont have appropriate permissions.
>> >> > Details : The System Cannot find path." That is the message i m
>> >> > getting
>> >> > whenever i tried to open Domain Security Policy and Domain Security
>> >> > Policy.
>> >> >
>> >> > Please help me in this.
>> >> >
>> >> > Thanks and Regards
>> >> > Rajam.
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>
Anonymous
a b 8 Security
May 2, 2005 3:30:02 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi steve

Thanks for ur response. Actually we dont wanna do Authrotative Restore.
Because we dont know when the problem has started. We have made lot of
changes recently in our DC like creation of users and other share and
Security permissions. If we go for authoratative restore everything what we
have done recently we will lose.
About that tool which is specified by you, How much is safety is there?
Plase advise me which is the best way to restore our Default Domain
Policies... Waiting for your reply.

Thanks and Regards
Varadarajam.

"Steven L Umbach" wrote:

> Well it certainly looks like you have a problem with the two default
> policies for domain and domain controller. One solution could be to an
> authoritative restore of Active Directory from a System State backup from a
> time before this problem occurred. if it is a fairly recent problem then
> that may be a good solution assuming you have the System State backups.
> Another possibility that I can think of is to use a free tool from Microsoft
> to rebuild those two policies called RecreateDefpol.EX. The link for it is
> below and be sure to read the instructions and warnings. That is what I
> would try. You may however want to post in the Active Directory newsgroup to
> see if they have any further suggestions or alternatives. --- Steve
>
> http://www.microsoft.com/downloads/details.aspx?FamilyI...
>
> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
> news:68CA3690-3D4C-4899-9AEA-0A5CCAE1F21B@microsoft.com...
> > Hi Steven
> >
> > Thanks for your reply. Actually we checked for that policy which u
> > mentioned
> > previously. Actually we dint find that policy in the Domain Controllers
> > Sysvol folder. If we try to change the settings of Default Domain Policy
> > properties also its saying u cannot access that file. We ran GPOTool also.
> > It
> > has given some errors on this Default Domain Policy. I am sending that
> > report
> > with this mail. Pls look into it and give me the suggestion on this. Is it
> > possible to create that Domain Default Policy. If its possible pls give me
> > the clear procedure for that. Waiting for your reply. Pls find the GPO
> > Report.
> > This is the report we got it when we ran GPOTool.
> >
> > Domain: sprosys.com
> > Validating DCs...
> > spro.sprosys.com: OK
> > softpro.sprosys.com: OK
> > Available DCs:
> > spro.sprosys.com
> > softpro.sprosys.com
> > Searching for policies...
> > Found 7 policies
> > ============================================================
> > Policy {0196EEA9-48D4-480E-8961-2E5E2C35D891}
> > Policy OK
> > Details:
> > ------------------------------------------------------------
> > DC: spro.sprosys.com
> > Friendly name: AccountTracking
> > Created: 4/26/2005 6:22:38 AM
> > Changed: 4/28/2005 10:05:15 AM
> > DS version: 0(user) 0(machine)
> > Sysvol version: 0(user) 0(machine)
> > Flags: 0
> > User extensions: not found
> > Machine extensions: not found
> > Functionality version: 2
> > ------------------------------------------------------------
> > ------------------------------------------------------------
> > DC: softpro.sprosys.com
> > Friendly name: AccountTracking
> > Created: 4/26/2005 6:22:38 AM
> > Changed: 4/28/2005 10:01:39 AM
> > DS version: 0(user) 0(machine)
> > Sysvol version: 0(user) 0(machine)
> > Flags: 0
> > User extensions: not found
> > Machine extensions: not found
> > Functionality version: 2
> > ------------------------------------------------------------
> > ============================================================
> > Policy {07DDE52B-4D39-4007-BB66-B37887143BE7}
> > Policy OK
> > Details:
> > ------------------------------------------------------------
> > DC: spro.sprosys.com
> > Friendly name: Terminal
> > Created: 2/28/2005 2:24:50 PM
> > Changed: 4/28/2005 10:05:15 AM
> > DS version: 33(user) 3(machine)
> > Sysvol version: 33(user) 3(machine)
> > Flags: 0
> > User extensions:
> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> > Machine extensions:
> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]
> > Functionality version: 2
> > ------------------------------------------------------------
> > ------------------------------------------------------------
> > DC: softpro.sprosys.com
> > Friendly name: Terminal
> > Created: 2/28/2005 2:24:50 PM
> > Changed: 4/28/2005 10:01:29 AM
> > DS version: 33(user) 3(machine)
> > Sysvol version: 33(user) 3(machine)
> > Flags: 0
> > User extensions:
> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> > Machine extensions:
> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]
> > Functionality version: 2
> > ------------------------------------------------------------
> > ============================================================
> > Policy {277C0E32-FC88-483F-BD63-EDA7DBA00770}
> > Policy OK
> > Details:
> > ------------------------------------------------------------
> > DC: spro.sprosys.com
> > Friendly name: Terminal
> > Created: 2/28/2005 2:23:24 PM
> > Changed: 4/28/2005 10:05:15 AM
> > DS version: 0(user) 0(machine)
> > Sysvol version: 0(user) 0(machine)
> > Flags: 0
> > User extensions: not found
> > Machine extensions: not found
> > Functionality version: 2
> > ------------------------------------------------------------
> > ------------------------------------------------------------
> > DC: softpro.sprosys.com
> > Friendly name: Terminal
> > Created: 2/28/2005 2:23:24 PM
> > Changed: 4/28/2005 10:01:22 AM
> > DS version: 0(user) 0(machine)
> > Sysvol version: 0(user) 0(machine)
> > Flags: 0
> > User extensions: not found
> > Machine extensions: not found
> > Functionality version: 2
> > ------------------------------------------------------------
> > ============================================================
> > Policy {31B2F340-016D-11D2-945F-00C04FB984F9}
> > Error: Cannot access
> > \\spro.sprosys.com\sysvol\sprosys.com\policies\{31B2F340-016D-11D2-945F-00C04FB984F9},
> > error 2
> > Error: Cannot access
> > \\softpro.sprosys.com\sysvol\sprosys.com\policies\{31B2F340-016D-11D2-945F-00C04FB984F9},
> > error 2
> > Details:
> > ------------------------------------------------------------
> > DC: spro.sprosys.com
> > Friendly name: Default Domain Policy
> > Created: 10/12/2004 4:37:20 PM
> > Changed: 4/30/2005 7:28:50 AM
> > DS version: 1(user) 3(machine)
> > Sysvol version: not found
> > Flags: 0
> > User extensions:
> > [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}]
> > Machine extensions:
> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
> > Functionality version: 2
> > ------------------------------------------------------------
> > ------------------------------------------------------------
> > DC: softpro.sprosys.com
> > Friendly name: Default Domain Policy
> > Created: 10/12/2004 4:37:20 PM
> > Changed: 4/30/2005 7:29:56 AM
> > DS version: 1(user) 3(machine)
> > Sysvol version: not found
> > Flags: 0
> > User extensions:
> > [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}]
> > Machine extensions:
> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
> > Functionality version: 2
> > ------------------------------------------------------------
> > ============================================================
> > Policy {5176A5A6-48DD-4A96-8405-A815C10B7EA8}
> > Policy OK
> > Details:
> > ------------------------------------------------------------
> > DC: spro.sprosys.com
> > Friendly name: terminal
> > Created: 2/28/2005 12:22:15 PM
> > Changed: 4/28/2005 10:05:15 AM
> > DS version: 1(user) 0(machine)
> > Sysvol version: 1(user) 0(machine)
> > Flags: 0
> > User extensions:
> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> > Machine extensions: not found
> > Functionality version: 2
> > ------------------------------------------------------------
> > ------------------------------------------------------------
> > DC: softpro.sprosys.com
> > Friendly name: terminal
> > Created: 2/28/2005 12:22:15 PM
> > Changed: 4/28/2005 10:01:08 AM
> > DS version: 1(user) 0(machine)
> > Sysvol version: 1(user) 0(machine)
> > Flags: 0
> > User extensions:
> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> > Machine extensions: not found
> > Functionality version: 2
> > ------------------------------------------------------------
> > ============================================================
> > Policy {6AC1786C-016F-11D2-945F-00C04FB984F9}
> > Error: Cannot access
> > \\spro.sprosys.com\sysvol\sprosys.com\policies\{6AC1786C-016F-11D2-945F-00C04FB984F9},
> > error 2
> > Error: Cannot access
> > \\softpro.sprosys.com\sysvol\sprosys.com\policies\{6AC1786C-016F-11D2-945F-00C04FB984F9},
> > error 2
> > Details:
> > ------------------------------------------------------------
> > DC: spro.sprosys.com
> > Friendly name: Default Domain Controllers Policy
> > Created: 10/12/2004 4:37:20 PM
> > Changed: 4/28/2005 10:05:15 AM
> > DS version: 0(user) 4(machine)
> > Sysvol version: not found
> > Flags: 0
> > User extensions: not found
> > Machine extensions:
> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> > Functionality version: 2
> > ------------------------------------------------------------
> > ------------------------------------------------------------
> > DC: softpro.sprosys.com
> > Friendly name: Default Domain Controllers Policy
> > Created: 10/12/2004 4:37:20 PM
> > Changed: 4/28/2005 10:01:01 AM
> > DS version: 0(user) 4(machine)
> > Sysvol version: not found
> > Flags: 0
> > User extensions: not found
> > Machine extensions:
> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> > Functionality version: 2
> > ------------------------------------------------------------
> > ============================================================
> > Policy {E3668F2C-D789-4A77-822D-DEABB4B9A657}
> > Policy OK
> > Details:
> > ------------------------------------------------------------
> > DC: spro.sprosys.com
> > Friendly name: New Group Policy Object
> > Created: 4/27/2005 3:54:32 AM
> > Changed: 4/28/2005 10:05:15 AM
> > DS version: 0(user) 34(machine)
> > Sysvol version: 0(user) 34(machine)
> > Flags: 0
> > User extensions: not found
> > Machine extensions:
> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> > Functionality version: 2
> > ------------------------------------------------------------
> > ------------------------------------------------------------
> > DC: softpro.sprosys.com
> > Friendly name: New Group Policy Object
> > Created: 4/27/2005 3:54:32 AM
> > Changed: 4/28/2005 10:00:51 AM
> > DS version: 0(user) 34(machine)
> > Sysvol version: 0(user) 34(machine)
> > Flags: 0
> > User extensions: not found
> > Machine extensions:
> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> > Functionality version: 2
> > ------------------------------------------------------------
> >
> > Errors found
> >
> > Thanks and Regards
> > Rajam.
> >
> >
> > "Steven L Umbach" wrote:
> >
> >> Well good to hear that your dns seems to working correctly. See if
> >> anything
> >> unusual shows in the application or system logs in Event Viewer and try
> >> accessing the sysvol share as I explained before to see first if you can
> >> access it and then if you can try to navigate to those policies via
> >> domain
> >> name\policies\31B2F....\machine\Microsoft\Windows NT\SecEdit where you
> >> should see and be able to open the GptTmpl.inf file there. The policy
> >> starting 31B2F.... is the default domain Group Policy. Also try running
> >> the
> >> support tool gpotool to see if it shows at least two Group Policies and
> >> if
> >> any problems are reported as far as version numbers. Another thing to
> >> check
> >> is to Use Active Directory Users and Computers. Then find your domain,
> >> right
> >> click and select properties/Group Policy where you should see default
> >> domain
> >> policy. For it select properties/security to make sure that domain admins
> >> have necessary permissions which need to be at least read and write to
> >> edit
> >> the Group Policy. Verify that domain admins global group is a member of
> >> the
> >> administrators group and that you are logged on as a member of the domain
> >> admins group. --- Steve
> >>
> >>
> >> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
> >> news:B72B0975-D61E-4826-93EA-BBDECB3FFE11@microsoft.com...
> >> > Hi Steven
> >> >
Anonymous
a b 8 Security
May 2, 2005 3:47:27 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Microsoft advices the use of RecreateDefpol.EXE as a last resort option. I
have tested it in a test domain and for me it worked fine. What you could do
is to make a current System State backup and then try RecreateDefpol.EXE. If
some sort of problem arises you could always restore that System State
backup and you will at least be back to where you are now. If you have a
test network with a domain controller or can whip one up, try
RecreateDefpol.EXE so you can know what to expect from it. --- Steve


"Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
news:BCCFCC9E-2360-4272-AAFE-442DF5DC43C7@microsoft.com...
> Hi steve
>
> Thanks for ur response. Actually we dont wanna do Authrotative Restore.
> Because we dont know when the problem has started. We have made lot of
> changes recently in our DC like creation of users and other share and
> Security permissions. If we go for authoratative restore everything what
> we
> have done recently we will lose.
> About that tool which is specified by you, How much is safety is there?
> Plase advise me which is the best way to restore our Default Domain
> Policies... Waiting for your reply.
>
> Thanks and Regards
> Varadarajam.
>
> "Steven L Umbach" wrote:
>
>> Well it certainly looks like you have a problem with the two default
>> policies for domain and domain controller. One solution could be to an
>> authoritative restore of Active Directory from a System State backup from
>> a
>> time before this problem occurred. if it is a fairly recent problem then
>> that may be a good solution assuming you have the System State backups.
>> Another possibility that I can think of is to use a free tool from
>> Microsoft
>> to rebuild those two policies called RecreateDefpol.EX. The link for it
>> is
>> below and be sure to read the instructions and warnings. That is what I
>> would try. You may however want to post in the Active Directory newsgroup
>> to
>> see if they have any further suggestions or alternatives. --- Steve
>>
>> http://www.microsoft.com/downloads/details.aspx?FamilyI...
>>
>> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
>> news:68CA3690-3D4C-4899-9AEA-0A5CCAE1F21B@microsoft.com...
>> > Hi Steven
>> >
>> > Thanks for your reply. Actually we checked for that policy which u
>> > mentioned
>> > previously. Actually we dint find that policy in the Domain Controllers
>> > Sysvol folder. If we try to change the settings of Default Domain
>> > Policy
>> > properties also its saying u cannot access that file. We ran GPOTool
>> > also.
>> > It
>> > has given some errors on this Default Domain Policy. I am sending that
>> > report
>> > with this mail. Pls look into it and give me the suggestion on this. Is
>> > it
>> > possible to create that Domain Default Policy. If its possible pls give
>> > me
>> > the clear procedure for that. Waiting for your reply. Pls find the GPO
>> > Report.
>> > This is the report we got it when we ran GPOTool.
>> >
>> > Domain: sprosys.com
>> > Validating DCs...
>> > spro.sprosys.com: OK
>> > softpro.sprosys.com: OK
>> > Available DCs:
>> > spro.sprosys.com
>> > softpro.sprosys.com
>> > Searching for policies...
>> > Found 7 policies
>> > ============================================================
>> > Policy {0196EEA9-48D4-480E-8961-2E5E2C35D891}
>> > Policy OK
>> > Details:
>> > ------------------------------------------------------------
>> > DC: spro.sprosys.com
>> > Friendly name: AccountTracking
>> > Created: 4/26/2005 6:22:38 AM
>> > Changed: 4/28/2005 10:05:15 AM
>> > DS version: 0(user) 0(machine)
>> > Sysvol version: 0(user) 0(machine)
>> > Flags: 0
>> > User extensions: not found
>> > Machine extensions: not found
>> > Functionality version: 2
>> > ------------------------------------------------------------
>> > ------------------------------------------------------------
>> > DC: softpro.sprosys.com
>> > Friendly name: AccountTracking
>> > Created: 4/26/2005 6:22:38 AM
>> > Changed: 4/28/2005 10:01:39 AM
>> > DS version: 0(user) 0(machine)
>> > Sysvol version: 0(user) 0(machine)
>> > Flags: 0
>> > User extensions: not found
>> > Machine extensions: not found
>> > Functionality version: 2
>> > ------------------------------------------------------------
>> > ============================================================
>> > Policy {07DDE52B-4D39-4007-BB66-B37887143BE7}
>> > Policy OK
>> > Details:
>> > ------------------------------------------------------------
>> > DC: spro.sprosys.com
>> > Friendly name: Terminal
>> > Created: 2/28/2005 2:24:50 PM
>> > Changed: 4/28/2005 10:05:15 AM
>> > DS version: 33(user) 3(machine)
>> > Sysvol version: 33(user) 3(machine)
>> > Flags: 0
>> > User extensions:
>> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
>> > Machine extensions:
>> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]
>> > Functionality version: 2
>> > ------------------------------------------------------------
>> > ------------------------------------------------------------
>> > DC: softpro.sprosys.com
>> > Friendly name: Terminal
>> > Created: 2/28/2005 2:24:50 PM
>> > Changed: 4/28/2005 10:01:29 AM
>> > DS version: 33(user) 3(machine)
>> > Sysvol version: 33(user) 3(machine)
>> > Flags: 0
>> > User extensions:
>> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
>> > Machine extensions:
>> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]
>> > Functionality version: 2
>> > ------------------------------------------------------------
>> > ============================================================
>> > Policy {277C0E32-FC88-483F-BD63-EDA7DBA00770}
>> > Policy OK
>> > Details:
>> > ------------------------------------------------------------
>> > DC: spro.sprosys.com
>> > Friendly name: Terminal
>> > Created: 2/28/2005 2:23:24 PM
>> > Changed: 4/28/2005 10:05:15 AM
>> > DS version: 0(user) 0(machine)
>> > Sysvol version: 0(user) 0(machine)
>> > Flags: 0
>> > User extensions: not found
>> > Machine extensions: not found
>> > Functionality version: 2
>> > ------------------------------------------------------------
>> > ------------------------------------------------------------
>> > DC: softpro.sprosys.com
>> > Friendly name: Terminal
>> > Created: 2/28/2005 2:23:24 PM
>> > Changed: 4/28/2005 10:01:22 AM
>> > DS version: 0(user) 0(machine)
>> > Sysvol version: 0(user) 0(machine)
>> > Flags: 0
>> > User extensions: not found
>> > Machine extensions: not found
>> > Functionality version: 2
>> > ------------------------------------------------------------
>> > ============================================================
>> > Policy {31B2F340-016D-11D2-945F-00C04FB984F9}
>> > Error: Cannot access
>> > \\spro.sprosys.com\sysvol\sprosys.com\policies\{31B2F340-016D-11D2-945F-00C04FB984F9},
>> > error 2
>> > Error: Cannot access
>> > \\softpro.sprosys.com\sysvol\sprosys.com\policies\{31B2F340-016D-11D2-945F-00C04FB984F9},
>> > error 2
>> > Details:
>> > ------------------------------------------------------------
>> > DC: spro.sprosys.com
>> > Friendly name: Default Domain Policy
>> > Created: 10/12/2004 4:37:20 PM
>> > Changed: 4/30/2005 7:28:50 AM
>> > DS version: 1(user) 3(machine)
>> > Sysvol version: not found
>> > Flags: 0
>> > User extensions:
>> > [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}]
>> > Machine extensions:
>> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
>> > Functionality version: 2
>> > ------------------------------------------------------------
>> > ------------------------------------------------------------
>> > DC: softpro.sprosys.com
>> > Friendly name: Default Domain Policy
>> > Created: 10/12/2004 4:37:20 PM
>> > Changed: 4/30/2005 7:29:56 AM
>> > DS version: 1(user) 3(machine)
>> > Sysvol version: not found
>> > Flags: 0
>> > User extensions:
>> > [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}]
>> > Machine extensions:
>> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
>> > Functionality version: 2
>> > ------------------------------------------------------------
>> > ============================================================
>> > Policy {5176A5A6-48DD-4A96-8405-A815C10B7EA8}
>> > Policy OK
>> > Details:
>> > ------------------------------------------------------------
>> > DC: spro.sprosys.com
>> > Friendly name: terminal
>> > Created: 2/28/2005 12:22:15 PM
>> > Changed: 4/28/2005 10:05:15 AM
>> > DS version: 1(user) 0(machine)
>> > Sysvol version: 1(user) 0(machine)
>> > Flags: 0
>> > User extensions:
>> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
>> > Machine extensions: not found
>> > Functionality version: 2
>> > ------------------------------------------------------------
>> > ------------------------------------------------------------
>> > DC: softpro.sprosys.com
>> > Friendly name: terminal
>> > Created: 2/28/2005 12:22:15 PM
>> > Changed: 4/28/2005 10:01:08 AM
>> > DS version: 1(user) 0(machine)
>> > Sysvol version: 1(user) 0(machine)
>> > Flags: 0
>> > User extensions:
>> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
>> > Machine extensions: not found
>> > Functionality version: 2
>> > ------------------------------------------------------------
>> > ============================================================
>> > Policy {6AC1786C-016F-11D2-945F-00C04FB984F9}
>> > Error: Cannot access
>> > \\spro.sprosys.com\sysvol\sprosys.com\policies\{6AC1786C-016F-11D2-945F-00C04FB984F9},
>> > error 2
>> > Error: Cannot access
>> > \\softpro.sprosys.com\sysvol\sprosys.com\policies\{6AC1786C-016F-11D2-945F-00C04FB984F9},
>> > error 2
>> > Details:
>> > ------------------------------------------------------------
>> > DC: spro.sprosys.com
>> > Friendly name: Default Domain Controllers Policy
>> > Created: 10/12/2004 4:37:20 PM
>> > Changed: 4/28/2005 10:05:15 AM
>> > DS version: 0(user) 4(machine)
>> > Sysvol version: not found
>> > Flags: 0
>> > User extensions: not found
>> > Machine extensions:
>> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
>> > Functionality version: 2
>> > ------------------------------------------------------------
>> > ------------------------------------------------------------
>> > DC: softpro.sprosys.com
>> > Friendly name: Default Domain Controllers Policy
>> > Created: 10/12/2004 4:37:20 PM
>> > Changed: 4/28/2005 10:01:01 AM
>> > DS version: 0(user) 4(machine)
>> > Sysvol version: not found
>> > Flags: 0
>> > User extensions: not found
>> > Machine extensions:
>> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
>> > Functionality version: 2
>> > ------------------------------------------------------------
>> > ============================================================
>> > Policy {E3668F2C-D789-4A77-822D-DEABB4B9A657}
>> > Policy OK
>> > Details:
>> > ------------------------------------------------------------
>> > DC: spro.sprosys.com
>> > Friendly name: New Group Policy Object
>> > Created: 4/27/2005 3:54:32 AM
>> > Changed: 4/28/2005 10:05:15 AM
>> > DS version: 0(user) 34(machine)
>> > Sysvol version: 0(user) 34(machine)
>> > Flags: 0
>> > User extensions: not found
>> > Machine extensions:
>> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
>> > Functionality version: 2
>> > ------------------------------------------------------------
>> > ------------------------------------------------------------
>> > DC: softpro.sprosys.com
>> > Friendly name: New Group Policy Object
>> > Created: 4/27/2005 3:54:32 AM
>> > Changed: 4/28/2005 10:00:51 AM
>> > DS version: 0(user) 34(machine)
>> > Sysvol version: 0(user) 34(machine)
>> > Flags: 0
>> > User extensions: not found
>> > Machine extensions:
>> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
>> > Functionality version: 2
>> > ------------------------------------------------------------
>> >
>> > Errors found
>> >
>> > Thanks and Regards
>> > Rajam.
>> >
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> Well good to hear that your dns seems to working correctly. See if
>> >> anything
>> >> unusual shows in the application or system logs in Event Viewer and
>> >> try
>> >> accessing the sysvol share as I explained before to see first if you
>> >> can
>> >> access it and then if you can try to navigate to those policies via
>> >> domain
>> >> name\policies\31B2F....\machine\Microsoft\Windows NT\SecEdit where you
>> >> should see and be able to open the GptTmpl.inf file there. The policy
>> >> starting 31B2F.... is the default domain Group Policy. Also try
>> >> running
>> >> the
>> >> support tool gpotool to see if it shows at least two Group Policies
>> >> and
>> >> if
>> >> any problems are reported as far as version numbers. Another thing to
>> >> check
>> >> is to Use Active Directory Users and Computers. Then find your domain,
>> >> right
>> >> click and select properties/Group Policy where you should see default
>> >> domain
>> >> policy. For it select properties/security to make sure that domain
>> >> admins
>> >> have necessary permissions which need to be at least read and write to
>> >> edit
>> >> the Group Policy. Verify that domain admins global group is a member
>> >> of
>> >> the
>> >> administrators group and that you are logged on as a member of the
>> >> domain
>> >> admins group. --- Steve
>> >>
>> >>
>> >> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
>> >> news:B72B0975-D61E-4826-93EA-BBDECB3FFE11@microsoft.com...
>> >> > Hi Steven
>> >> >
Anonymous
a b 8 Security
May 3, 2005 5:28:03 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Steve

Thanks for your reply. Actually we tried with a new test domain. Then we
tried with this tool., It worked fine. I got that Security Policies back.
Then i installed it on our main DC. Nothing wrong happned. We got our Defualt
Domain Policy back. But we need to apply some policies then, we need to check
these are applying or not. Let see.. Anyhave we really very thank ful to u
Mr.Steven that u have spent lot of time on our problem. Thank you very much.
i will get back to you soon.

Varadarajam.

"Steven L Umbach" wrote:

> Microsoft advices the use of RecreateDefpol.EXE as a last resort option. I
> have tested it in a test domain and for me it worked fine. What you could do
> is to make a current System State backup and then try RecreateDefpol.EXE. If
> some sort of problem arises you could always restore that System State
> backup and you will at least be back to where you are now. If you have a
> test network with a domain controller or can whip one up, try
> RecreateDefpol.EXE so you can know what to expect from it. --- Steve
>
>
> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
> news:BCCFCC9E-2360-4272-AAFE-442DF5DC43C7@microsoft.com...
> > Hi steve
> >
> > Thanks for ur response. Actually we dont wanna do Authrotative Restore.
> > Because we dont know when the problem has started. We have made lot of
> > changes recently in our DC like creation of users and other share and
> > Security permissions. If we go for authoratative restore everything what
> > we
> > have done recently we will lose.
> > About that tool which is specified by you, How much is safety is there?
> > Plase advise me which is the best way to restore our Default Domain
> > Policies... Waiting for your reply.
> >
> > Thanks and Regards
> > Varadarajam.
> >
> > "Steven L Umbach" wrote:
> >
> >> Well it certainly looks like you have a problem with the two default
> >> policies for domain and domain controller. One solution could be to an
> >> authoritative restore of Active Directory from a System State backup from
> >> a
> >> time before this problem occurred. if it is a fairly recent problem then
> >> that may be a good solution assuming you have the System State backups.
> >> Another possibility that I can think of is to use a free tool from
> >> Microsoft
> >> to rebuild those two policies called RecreateDefpol.EX. The link for it
> >> is
> >> below and be sure to read the instructions and warnings. That is what I
> >> would try. You may however want to post in the Active Directory newsgroup
> >> to
> >> see if they have any further suggestions or alternatives. --- Steve
> >>
> >> http://www.microsoft.com/downloads/details.aspx?FamilyI...
> >>
> >> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
> >> news:68CA3690-3D4C-4899-9AEA-0A5CCAE1F21B@microsoft.com...
> >> > Hi Steven
> >> >
> >> > Thanks for your reply. Actually we checked for that policy which u
> >> > mentioned
> >> > previously. Actually we dint find that policy in the Domain Controllers
> >> > Sysvol folder. If we try to change the settings of Default Domain
> >> > Policy
> >> > properties also its saying u cannot access that file. We ran GPOTool
> >> > also.
> >> > It
> >> > has given some errors on this Default Domain Policy. I am sending that
> >> > report
> >> > with this mail. Pls look into it and give me the suggestion on this. Is
> >> > it
> >> > possible to create that Domain Default Policy. If its possible pls give
> >> > me
> >> > the clear procedure for that. Waiting for your reply. Pls find the GPO
> >> > Report.
> >> > This is the report we got it when we ran GPOTool.
> >> >
> >> > Domain: sprosys.com
> >> > Validating DCs...
> >> > spro.sprosys.com: OK
> >> > softpro.sprosys.com: OK
> >> > Available DCs:
> >> > spro.sprosys.com
> >> > softpro.sprosys.com
> >> > Searching for policies...
> >> > Found 7 policies
> >> > ============================================================
> >> > Policy {0196EEA9-48D4-480E-8961-2E5E2C35D891}
> >> > Policy OK
> >> > Details:
> >> > ------------------------------------------------------------
> >> > DC: spro.sprosys.com
> >> > Friendly name: AccountTracking
> >> > Created: 4/26/2005 6:22:38 AM
> >> > Changed: 4/28/2005 10:05:15 AM
> >> > DS version: 0(user) 0(machine)
> >> > Sysvol version: 0(user) 0(machine)
> >> > Flags: 0
> >> > User extensions: not found
> >> > Machine extensions: not found
> >> > Functionality version: 2
> >> > ------------------------------------------------------------
> >> > ------------------------------------------------------------
> >> > DC: softpro.sprosys.com
> >> > Friendly name: AccountTracking
> >> > Created: 4/26/2005 6:22:38 AM
> >> > Changed: 4/28/2005 10:01:39 AM
> >> > DS version: 0(user) 0(machine)
> >> > Sysvol version: 0(user) 0(machine)
> >> > Flags: 0
> >> > User extensions: not found
> >> > Machine extensions: not found
> >> > Functionality version: 2
> >> > ------------------------------------------------------------
> >> > ============================================================
> >> > Policy {07DDE52B-4D39-4007-BB66-B37887143BE7}
> >> > Policy OK
> >> > Details:
> >> > ------------------------------------------------------------
> >> > DC: spro.sprosys.com
> >> > Friendly name: Terminal
> >> > Created: 2/28/2005 2:24:50 PM
> >> > Changed: 4/28/2005 10:05:15 AM
> >> > DS version: 33(user) 3(machine)
> >> > Sysvol version: 33(user) 3(machine)
> >> > Flags: 0
> >> > User extensions:
> >> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> >> > Machine extensions:
> >> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]
> >> > Functionality version: 2
> >> > ------------------------------------------------------------
> >> > ------------------------------------------------------------
> >> > DC: softpro.sprosys.com
> >> > Friendly name: Terminal
> >> > Created: 2/28/2005 2:24:50 PM
> >> > Changed: 4/28/2005 10:01:29 AM
> >> > DS version: 33(user) 3(machine)
> >> > Sysvol version: 33(user) 3(machine)
> >> > Flags: 0
> >> > User extensions:
> >> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> >> > Machine extensions:
> >> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]
> >> > Functionality version: 2
> >> > ------------------------------------------------------------
> >> > ============================================================
> >> > Policy {277C0E32-FC88-483F-BD63-EDA7DBA00770}
> >> > Policy OK
> >> > Details:
> >> > ------------------------------------------------------------
> >> > DC: spro.sprosys.com
> >> > Friendly name: Terminal
> >> > Created: 2/28/2005 2:23:24 PM
> >> > Changed: 4/28/2005 10:05:15 AM
> >> > DS version: 0(user) 0(machine)
> >> > Sysvol version: 0(user) 0(machine)
> >> > Flags: 0
> >> > User extensions: not found
> >> > Machine extensions: not found
> >> > Functionality version: 2
> >> > ------------------------------------------------------------
> >> > ------------------------------------------------------------
> >> > DC: softpro.sprosys.com
> >> > Friendly name: Terminal
> >> > Created: 2/28/2005 2:23:24 PM
> >> > Changed: 4/28/2005 10:01:22 AM
> >> > DS version: 0(user) 0(machine)
> >> > Sysvol version: 0(user) 0(machine)
> >> > Flags: 0
> >> > User extensions: not found
> >> > Machine extensions: not found
> >> > Functionality version: 2
> >> > ------------------------------------------------------------
> >> > ============================================================
> >> > Policy {31B2F340-016D-11D2-945F-00C04FB984F9}
> >> > Error: Cannot access
> >> > \\spro.sprosys.com\sysvol\sprosys.com\policies\{31B2F340-016D-11D2-945F-00C04FB984F9},
> >> > error 2
> >> > Error: Cannot access
> >> > \\softpro.sprosys.com\sysvol\sprosys.com\policies\{31B2F340-016D-11D2-945F-00C04FB984F9},
> >> > error 2
> >> > Details:
> >> > ------------------------------------------------------------
> >> > DC: spro.sprosys.com
> >> > Friendly name: Default Domain Policy
> >> > Created: 10/12/2004 4:37:20 PM
> >> > Changed: 4/30/2005 7:28:50 AM
> >> > DS version: 1(user) 3(machine)
> >> > Sysvol version: not found
> >> > Flags: 0
> >> > User extensions:
> >> > [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}]
> >> > Machine extensions:
> >> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
> >> > Functionality version: 2
> >> > ------------------------------------------------------------
> >> > ------------------------------------------------------------
> >> > DC: softpro.sprosys.com
> >> > Friendly name: Default Domain Policy
> >> > Created: 10/12/2004 4:37:20 PM
> >> > Changed: 4/30/2005 7:29:56 AM
> >> > DS version: 1(user) 3(machine)
> >> > Sysvol version: not found
> >> > Flags: 0
> >> > User extensions:
> >> > [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}]
> >> > Machine extensions:
> >> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
> >> > Functionality version: 2
> >> > ------------------------------------------------------------
> >> > ============================================================
> >> > Policy {5176A5A6-48DD-4A96-8405-A815C10B7EA8}
> >> > Policy OK
> >> > Details:
> >> > ------------------------------------------------------------
> >> > DC: spro.sprosys.com
> >> > Friendly name: terminal
> >> > Created: 2/28/2005 12:22:15 PM
> >> > Changed: 4/28/2005 10:05:15 AM
> >> > DS version: 1(user) 0(machine)
> >> > Sysvol version: 1(user) 0(machine)
> >> > Flags: 0
> >> > User extensions:
> >> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> >> > Machine extensions: not found
> >> > Functionality version: 2
> >> > ------------------------------------------------------------
> >> > ------------------------------------------------------------
> >> > DC: softpro.sprosys.com
> >> > Friendly name: terminal
> >> > Created: 2/28/2005 12:22:15 PM
> >> > Changed: 4/28/2005 10:01:08 AM
> >> > DS version: 1(user) 0(machine)
> >> > Sysvol version: 1(user) 0(machine)
> >> > Flags: 0
> >> > User extensions:
> >> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> >> > Machine extensions: not found
> >> > Functionality version: 2
> >> > ------------------------------------------------------------
> >> > ============================================================
> >> > Policy {6AC1786C-016F-11D2-945F-00C04FB984F9}
> >> > Error: Cannot access
> >> > \\spro.sprosys.com\sysvol\sprosys.com\policies\{6AC1786C-016F-11D2-945F-00C04FB984F9},
> >> > error 2
> >> > Error: Cannot access
> >> > \\softpro.sprosys.com\sysvol\sprosys.com\policies\{6AC1786C-016F-11D2-945F-00C04FB984F9},
> >> > error 2
> >> > Details:
> >> > ------------------------------------------------------------
> >> > DC: spro.sprosys.com
> >> > Friendly name: Default Domain Controllers Policy
> >> > Created: 10/12/2004 4:37:20 PM
> >> > Changed: 4/28/2005 10:05:15 AM
> >> > DS version: 0(user) 4(machine)
> >> > Sysvol version: not found
> >> > Flags: 0
> >> > User extensions: not found
> >> > Machine extensions:
> >> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> >> > Functionality version: 2
> >> > ------------------------------------------------------------
> >> > ------------------------------------------------------------
> >> > DC: softpro.sprosys.com
> >> > Friendly name: Default Domain Controllers Policy
> >> > Created: 10/12/2004 4:37:20 PM
> >> > Changed: 4/28/2005 10:01:01 AM
> >> > DS version: 0(user) 4(machine)
> >> > Sysvol version: not found
> >> > Flags: 0
> >> > User extensions: not found
> >> > Machine extensions:
> >> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> >> > Functionality version: 2
> >> > ------------------------------------------------------------
> >> > ============================================================
> >> > Policy {E3668F2C-D789-4A77-822D-DEABB4B9A657}
> >> > Policy OK
> >> > Details:
> >> > ------------------------------------------------------------
> >> > DC: spro.sprosys.com
> >> > Friendly name: New Group Policy Object
> >> > Created: 4/27/2005 3:54:32 AM
> >> > Changed: 4/28/2005 10:05:15 AM
> >> > DS version: 0(user) 34(machine)
> >> > Sysvol version: 0(user) 34(machine)
> >> > Flags: 0
> >> > User extensions: not found
> >> > Machine extensions:
> >> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> >> > Functionality version: 2
> >> > ------------------------------------------------------------
> >> > ------------------------------------------------------------
> >> > DC: softpro.sprosys.com
> >> > Friendly name: New Group Policy Object
> >> > Created: 4/27/2005 3:54:32 AM
> >> > Changed: 4/28/2005 10:00:51 AM
> >> > DS version: 0(user) 34(machine)
> >> > Sysvol version: 0(user) 34(machine)
> >> > Flags: 0
> >> > User extensions: not found
> >> > Machine extensions:
> >> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> >> > Functionality version: 2
> >> > ------------------------------------------------------------
> >> >
> >> > Errors found
> >> >
> >> > Thanks and Regards
Anonymous
a b 8 Security
May 4, 2005 4:05:59 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Excellent. Glad to help and thanks for posting back your results! --- Steve


"Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
news:CA4A5484-DC6D-45FD-A4EA-D01DFBE5F376@microsoft.com...
> Hi Steve
>
> Thanks for your reply. Actually we tried with a new test domain. Then we
> tried with this tool., It worked fine. I got that Security Policies back.
> Then i installed it on our main DC. Nothing wrong happned. We got our
> Defualt
> Domain Policy back. But we need to apply some policies then, we need to
> check
> these are applying or not. Let see.. Anyhave we really very thank ful to u
> Mr.Steven that u have spent lot of time on our problem. Thank you very
> much.
> i will get back to you soon.
>
> Varadarajam.
>
> "Steven L Umbach" wrote:
>
>> Microsoft advices the use of RecreateDefpol.EXE as a last resort option.
>> I
>> have tested it in a test domain and for me it worked fine. What you could
>> do
>> is to make a current System State backup and then try RecreateDefpol.EXE.
>> If
>> some sort of problem arises you could always restore that System State
>> backup and you will at least be back to where you are now. If you have a
>> test network with a domain controller or can whip one up, try
>> RecreateDefpol.EXE so you can know what to expect from it. --- Steve
>>
>>
>> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
>> news:BCCFCC9E-2360-4272-AAFE-442DF5DC43C7@microsoft.com...
>> > Hi steve
>> >
>> > Thanks for ur response. Actually we dont wanna do Authrotative Restore.
>> > Because we dont know when the problem has started. We have made lot of
>> > changes recently in our DC like creation of users and other share and
>> > Security permissions. If we go for authoratative restore everything
>> > what
>> > we
>> > have done recently we will lose.
>> > About that tool which is specified by you, How much is safety is there?
>> > Plase advise me which is the best way to restore our Default Domain
>> > Policies... Waiting for your reply.
>> >
>> > Thanks and Regards
>> > Varadarajam.
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> Well it certainly looks like you have a problem with the two default
>> >> policies for domain and domain controller. One solution could be to an
>> >> authoritative restore of Active Directory from a System State backup
>> >> from
>> >> a
>> >> time before this problem occurred. if it is a fairly recent problem
>> >> then
>> >> that may be a good solution assuming you have the System State
>> >> backups.
>> >> Another possibility that I can think of is to use a free tool from
>> >> Microsoft
>> >> to rebuild those two policies called RecreateDefpol.EX. The link for
>> >> it
>> >> is
>> >> below and be sure to read the instructions and warnings. That is what
>> >> I
>> >> would try. You may however want to post in the Active Directory
>> >> newsgroup
>> >> to
>> >> see if they have any further suggestions or alternatives. --- Steve
>> >>
>> >> http://www.microsoft.com/downloads/details.aspx?FamilyI...
>> >>
>> >> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
>> >> news:68CA3690-3D4C-4899-9AEA-0A5CCAE1F21B@microsoft.com...
>> >> > Hi Steven
>> >> >
>> >> > Thanks for your reply. Actually we checked for that policy which u
>> >> > mentioned
>> >> > previously. Actually we dint find that policy in the Domain
>> >> > Controllers
>> >> > Sysvol folder. If we try to change the settings of Default Domain
>> >> > Policy
>> >> > properties also its saying u cannot access that file. We ran GPOTool
>> >> > also.
>> >> > It
>> >> > has given some errors on this Default Domain Policy. I am sending
>> >> > that
>> >> > report
>> >> > with this mail. Pls look into it and give me the suggestion on this.
>> >> > Is
>> >> > it
>> >> > possible to create that Domain Default Policy. If its possible pls
>> >> > give
>> >> > me
>> >> > the clear procedure for that. Waiting for your reply. Pls find the
>> >> > GPO
>> >> > Report.
>> >> > This is the report we got it when we ran GPOTool.
>> >> >
>> >> > Domain: sprosys.com
>> >> > Validating DCs...
>> >> > spro.sprosys.com: OK
>> >> > softpro.sprosys.com: OK
>> >> > Available DCs:
>> >> > spro.sprosys.com
>> >> > softpro.sprosys.com
>> >> > Searching for policies...
>> >> > Found 7 policies
>> >> > ============================================================
>> >> > Policy {0196EEA9-48D4-480E-8961-2E5E2C35D891}
>> >> > Policy OK
>> >> > Details:
>> >> > ------------------------------------------------------------
>> >> > DC: spro.sprosys.com
>> >> > Friendly name: AccountTracking
>> >> > Created: 4/26/2005 6:22:38 AM
>> >> > Changed: 4/28/2005 10:05:15 AM
>> >> > DS version: 0(user) 0(machine)
>> >> > Sysvol version: 0(user) 0(machine)
>> >> > Flags: 0
>> >> > User extensions: not found
>> >> > Machine extensions: not found
>> >> > Functionality version: 2
>> >> > ------------------------------------------------------------
>> >> > ------------------------------------------------------------
>> >> > DC: softpro.sprosys.com
>> >> > Friendly name: AccountTracking
>> >> > Created: 4/26/2005 6:22:38 AM
>> >> > Changed: 4/28/2005 10:01:39 AM
>> >> > DS version: 0(user) 0(machine)
>> >> > Sysvol version: 0(user) 0(machine)
>> >> > Flags: 0
>> >> > User extensions: not found
>> >> > Machine extensions: not found
>> >> > Functionality version: 2
>> >> > ------------------------------------------------------------
>> >> > ============================================================
>> >> > Policy {07DDE52B-4D39-4007-BB66-B37887143BE7}
>> >> > Policy OK
>> >> > Details:
>> >> > ------------------------------------------------------------
>> >> > DC: spro.sprosys.com
>> >> > Friendly name: Terminal
>> >> > Created: 2/28/2005 2:24:50 PM
>> >> > Changed: 4/28/2005 10:05:15 AM
>> >> > DS version: 33(user) 3(machine)
>> >> > Sysvol version: 33(user) 3(machine)
>> >> > Flags: 0
>> >> > User extensions:
>> >> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
>> >> > Machine extensions:
>> >> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]
>> >> > Functionality version: 2
>> >> > ------------------------------------------------------------
>> >> > ------------------------------------------------------------
>> >> > DC: softpro.sprosys.com
>> >> > Friendly name: Terminal
>> >> > Created: 2/28/2005 2:24:50 PM
>> >> > Changed: 4/28/2005 10:01:29 AM
>> >> > DS version: 33(user) 3(machine)
>> >> > Sysvol version: 33(user) 3(machine)
>> >> > Flags: 0
>> >> > User extensions:
>> >> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
>> >> > Machine extensions:
>> >> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]
>> >> > Functionality version: 2
>> >> > ------------------------------------------------------------
>> >> > ============================================================
>> >> > Policy {277C0E32-FC88-483F-BD63-EDA7DBA00770}
>> >> > Policy OK
>> >> > Details:
>> >> > ------------------------------------------------------------
>> >> > DC: spro.sprosys.com
>> >> > Friendly name: Terminal
>> >> > Created: 2/28/2005 2:23:24 PM
>> >> > Changed: 4/28/2005 10:05:15 AM
>> >> > DS version: 0(user) 0(machine)
>> >> > Sysvol version: 0(user) 0(machine)
>> >> > Flags: 0
>> >> > User extensions: not found
>> >> > Machine extensions: not found
>> >> > Functionality version: 2
>> >> > ------------------------------------------------------------
>> >> > ------------------------------------------------------------
>> >> > DC: softpro.sprosys.com
>> >> > Friendly name: Terminal
>> >> > Created: 2/28/2005 2:23:24 PM
>> >> > Changed: 4/28/2005 10:01:22 AM
>> >> > DS version: 0(user) 0(machine)
>> >> > Sysvol version: 0(user) 0(machine)
>> >> > Flags: 0
>> >> > User extensions: not found
>> >> > Machine extensions: not found
>> >> > Functionality version: 2
>> >> > ------------------------------------------------------------
>> >> > ============================================================
>> >> > Policy {31B2F340-016D-11D2-945F-00C04FB984F9}
>> >> > Error: Cannot access
>> >> > \\spro.sprosys.com\sysvol\sprosys.com\policies\{31B2F340-016D-11D2-945F-00C04FB984F9},
>> >> > error 2
>> >> > Error: Cannot access
>> >> > \\softpro.sprosys.com\sysvol\sprosys.com\policies\{31B2F340-016D-11D2-945F-00C04FB984F9},
>> >> > error 2
>> >> > Details:
>> >> > ------------------------------------------------------------
>> >> > DC: spro.sprosys.com
>> >> > Friendly name: Default Domain Policy
>> >> > Created: 10/12/2004 4:37:20 PM
>> >> > Changed: 4/30/2005 7:28:50 AM
>> >> > DS version: 1(user) 3(machine)
>> >> > Sysvol version: not found
>> >> > Flags: 0
>> >> > User extensions:
>> >> > [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}]
>> >> > Machine extensions:
>> >> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
>> >> > Functionality version: 2
>> >> > ------------------------------------------------------------
>> >> > ------------------------------------------------------------
>> >> > DC: softpro.sprosys.com
>> >> > Friendly name: Default Domain Policy
>> >> > Created: 10/12/2004 4:37:20 PM
>> >> > Changed: 4/30/2005 7:29:56 AM
>> >> > DS version: 1(user) 3(machine)
>> >> > Sysvol version: not found
>> >> > Flags: 0
>> >> > User extensions:
>> >> > [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}]
>> >> > Machine extensions:
>> >> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
>> >> > Functionality version: 2
>> >> > ------------------------------------------------------------
>> >> > ============================================================
>> >> > Policy {5176A5A6-48DD-4A96-8405-A815C10B7EA8}
>> >> > Policy OK
>> >> > Details:
>> >> > ------------------------------------------------------------
>> >> > DC: spro.sprosys.com
>> >> > Friendly name: terminal
>> >> > Created: 2/28/2005 12:22:15 PM
>> >> > Changed: 4/28/2005 10:05:15 AM
>> >> > DS version: 1(user) 0(machine)
>> >> > Sysvol version: 1(user) 0(machine)
>> >> > Flags: 0
>> >> > User extensions:
>> >> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
>> >> > Machine extensions: not found
>> >> > Functionality version: 2
>> >> > ------------------------------------------------------------
>> >> > ------------------------------------------------------------
>> >> > DC: softpro.sprosys.com
>> >> > Friendly name: terminal
>> >> > Created: 2/28/2005 12:22:15 PM
>> >> > Changed: 4/28/2005 10:01:08 AM
>> >> > DS version: 1(user) 0(machine)
>> >> > Sysvol version: 1(user) 0(machine)
>> >> > Flags: 0
>> >> > User extensions:
>> >> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
>> >> > Machine extensions: not found
>> >> > Functionality version: 2
>> >> > ------------------------------------------------------------
>> >> > ============================================================
>> >> > Policy {6AC1786C-016F-11D2-945F-00C04FB984F9}
>> >> > Error: Cannot access
>> >> > \\spro.sprosys.com\sysvol\sprosys.com\policies\{6AC1786C-016F-11D2-945F-00C04FB984F9},
>> >> > error 2
>> >> > Error: Cannot access
>> >> > \\softpro.sprosys.com\sysvol\sprosys.com\policies\{6AC1786C-016F-11D2-945F-00C04FB984F9},
>> >> > error 2
>> >> > Details:
>> >> > ------------------------------------------------------------
>> >> > DC: spro.sprosys.com
>> >> > Friendly name: Default Domain Controllers Policy
>> >> > Created: 10/12/2004 4:37:20 PM
>> >> > Changed: 4/28/2005 10:05:15 AM
>> >> > DS version: 0(user) 4(machine)
>> >> > Sysvol version: not found
>> >> > Flags: 0
>> >> > User extensions: not found
>> >> > Machine extensions:
>> >> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
>> >> > Functionality version: 2
>> >> > ------------------------------------------------------------
>> >> > ------------------------------------------------------------
>> >> > DC: softpro.sprosys.com
>> >> > Friendly name: Default Domain Controllers Policy
>> >> > Created: 10/12/2004 4:37:20 PM
>> >> > Changed: 4/28/2005 10:01:01 AM
>> >> > DS version: 0(user) 4(machine)
>> >> > Sysvol version: not found
>> >> > Flags: 0
>> >> > User extensions: not found
>> >> > Machine extensions:
>> >> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
>> >> > Functionality version: 2
>> >> > ------------------------------------------------------------
>> >> > ============================================================
>> >> > Policy {E3668F2C-D789-4A77-822D-DEABB4B9A657}
>> >> > Policy OK
>> >> > Details:
>> >> > ------------------------------------------------------------
>> >> > DC: spro.sprosys.com
>> >> > Friendly name: New Group Policy Object
>> >> > Created: 4/27/2005 3:54:32 AM
>> >> > Changed: 4/28/2005 10:05:15 AM
>> >> > DS version: 0(user) 34(machine)
>> >> > Sysvol version: 0(user) 34(machine)
>> >> > Flags: 0
>> >> > User extensions: not found
>> >> > Machine extensions:
>> >> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
>> >> > Functionality version: 2
>> >> > ------------------------------------------------------------
>> >> > ------------------------------------------------------------
>> >> > DC: softpro.sprosys.com
>> >> > Friendly name: New Group Policy Object
>> >> > Created: 4/27/2005 3:54:32 AM
>> >> > Changed: 4/28/2005 10:00:51 AM
>> >> > DS version: 0(user) 34(machine)
>> >> > Sysvol version: 0(user) 34(machine)
>> >> > Flags: 0
>> >> > User extensions: not found
>> >> > Machine extensions:
>> >> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
>> >> > Functionality version: 2
>> >> > ------------------------------------------------------------
>> >> >
>> >> > Errors found
>> >> >
>> >> > Thanks and Regards
!