Forum
Bildirimler
Hepsini Temizle
Windows Server
10
Yazılar
7
Üyeler
0
Reactions
2,770
Görüntüleme
Konu başlatıcı
Merhabalar;
Karsılastıgım Hata ve Resimlerini koyuyorum ve Yardımlarınızı Bekliyorum.
Failed to open the Group Policy object. You may not have appropriate rights.
Details:
Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.
Gönderildi : 16/09/2008 13:56
Merhaba
Resimler yok ama oturum actıgınız accountun yeterli izinleri mevcut mu ? Hangi gruplara üyeliği mevcut
Gönderildi : 16/09/2008 14:01
Konu başlatıcı
Merhaba
Resimler yok ama oturum actıgınız accountun yeterli izinleri mevcut mu ? Hangi gruplara üyeliği mevcut
Merhaba;
Resimleri şimdi ekledim. Domain Admin Grubuna Üye.
Gönderildi : 16/09/2008 14:19
Konu başlatıcı
Yaklasık 10 saattir cevap bekliyorum sevgili hocalarım.. 🙁 Yarın sabaha kadar çözemezsem domaini yeniden kurmayı planlıyorum.
Gönderildi : 17/09/2008 01:11
"Failed to Open the Group Policy Object" Error Message Occurs When You Try to Open a Policy As a Domain Administrator
function loadTOCNode(){}
| Article ID | : | 294257 |
| Last Review | : | March 2, 2007 |
| Revision | : | 4.3 |
This article was previously published under Q294257
On This Page
var sectionFilter = "type != 'notice' && type != 'securedata' && type != 'querywords'";
var tocArrow = "/library/images/support/kbgraphics/public/en-us/downarrow.gif";
var depthLimit = 10;
var depth3Limit = 10;
var depth4Limit = 5;
var depth5Limit = 3;
var tocEntryMinimum = 1;
SYMPTOMS
loadTOCNode(1, 'symptoms');
When you log on using a Domain Administrator account, if you try to open a policy, the following message may be displayed:
Inaccessible GPO - Access Denied.
When you try to open the properties of this Group Policy object (GPO), you may receive the following error message:Group Policy Error:
Failed to open the Group Policy Object. You may not have appropriate rights.
Failed to open the Group Policy Object. You may not have appropriate rights.
Back to the topCAUSE
loadTOCNode(1, 'cause');
This issue may occur if either of the following conditions exist:
| • | The Domain Administrators group has been denied access to the GPO. |
| • | The primary domain controller (PDC) operations master (also known as flexible single master operations or FSMO) of your Windows 2000 domain is down. |
RESOLUTION
loadTOCNode(1, 'resolution');
To resolve this issue, use the method for your cause.
loadTOCNode(2, 'resolution');
Use an account that has the appropriate permissions to restore the permissions to the GPO. If no other accounts have permissions to restore the permissions to the GPO, reset the permissions for the account or group that has been denied access to the GPO.
You can use the DSACLS tool that is included in the Support Tools for Windows 2000 and Windows Server 2003, to remove the Deny Access permissions from the Domain Administrators group. You must know the distinguished name (also known as DN) of the GPO to use this tool. Use the ADSIEdit.msc tool that is included in the Support Tools for Windows 2000 and Windows Server 2003, to determine the distinguished name of the GPO in Active Directory.
To reset permissions:
After you complete this procedure, if you log on using a Domain Administrator account, you can open and edit this GPO.
loadTOCNode(2, 'resolution');
Resolve the issue that has made the PDC operations master of your Windows 2000 domain unavailable.
The Domain Administrators Group Has Been Denied Access to the GPO
loadTOCNode(2, 'resolution');
Use an account that has the appropriate permissions to restore the permissions to the GPO. If no other accounts have permissions to restore the permissions to the GPO, reset the permissions for the account or group that has been denied access to the GPO.
You can use the DSACLS tool that is included in the Support Tools for Windows 2000 and Windows Server 2003, to remove the Deny Access permissions from the Domain Administrators group. You must know the distinguished name (also known as DN) of the GPO to use this tool. Use the ADSIEdit.msc tool that is included in the Support Tools for Windows 2000 and Windows Server 2003, to determine the distinguished name of the GPO in Active Directory.
To reset permissions:
| 1. | Start ADSIEdit.msc on the PDC emulator. NOTE: To determine the PDC emulator operations masters role owner, right-click the domain name in the Active Directory Users and Computers snap-in, click Operations Masters, and then click the PDC tab. |
| 2. | Under ADSIEdit, click Domain NC, and then locate the following container: Domain_Name container\CN=System\CN=Policies container The right pane lists the global universal identification numbers (GUIDs) for all the GPOs in the domain. |
| 3. | Locate the policy that has been restricted, and then note the distinguished name of this object, for example: cn={f5e14b83-0181-437e-878c-8d16cb945d68},cn=policies,cn=system,dc=jlc,dc=com NOTE: The restricted policy is displayed with a notepad icon; the other policies are displayed with folder icons. |
| 4. | Use DSACLS to remove the Deny Access permissions that have been assigned to Domain Administrators group. Use the following syntax: dsacls distinguished_name /R "domain_name\domain admins" For example:dsacls cn={f5e14b83-0181-437e-878c-8d16cb945d68},cn=policies,cn=system,dc=jlc,dc=com /R "JLC\Domain Admins" |
| 5. | Use DSACLS with the /g switch to grant access to the Domain Administrators group. Use the following syntax: dsacls distinguished_name /G "domain_name\domain admins":GA |
| 6. | On the PDC emulator, start Microsoft Windows Explorer, and then browse to the Winnt\Sysvol\Sysvol\Domain_name\Policies folder. The GUID for the restricted GPO is listed in this folder. |
| 7. | Right-click the GUID for the GPO, click Properties, click the Security tab, and then give the Domain Administrators group Full Control permissions. |
| 8. | Check the subfolders under this GPO object to confirm that domain administrators also have rights to these folders. |
The PDC Operations Master of Your Windows 2000 Domain Is Down
loadTOCNode(2, 'resolution');
Resolve the issue that has made the PDC operations master of your Windows 2000 domain unavailable.
APPLIES TO
| • | Microsoft Windows Server 2003, Datacenter Edition (32-bit x86) |
| • | Microsoft Windows Server 2003, Enterprise Edition (32-bit x86) |
| • | Microsoft Windows 2000 Advanced Server |
| • | Microsoft Windows 2000 Datacenter Server |
| • | Microsoft Windows 2000 Server |
Keywords: | kbprb KB294257 |
Gönderildi : 17/09/2008 02:08
Konu başlatıcı
Hocam COk tesekkür ederim belki baska bir arkadasın derdine deva olur. çok kurcaladım domaini, hiçbirsey calışmıyor artık. yeniden kuruyorum şu anda.
Gönderildi : 17/09/2008 04:29
Bu hata çoğunlukla DNS ile ilgili bir problem olduğunu işaret eder.DNS Server fonksiyonlarını doğru şekilde
yerine getirdiğinden emin olmak için, hata loglarına bakınız.Bunun için tüm DNS server olaylarını inceleyin.
Eğer DNS Server doğru çalışıyorsa ,problem daha ciddi olabilir.Bu sorun SYSVOL paylaşımı ve ya file replikasyon
problemi olabilir.En iyi yol bunların doğru çalışıp çalışmadığını doğrulamak olacaktır.Bunun için gpotool.exe
aracını indiriniz.Sonrasında komut satırından ;
gpotool /verbose
komutunu kullanın.
Size verilen sonuçlar arasından "error" kelimesiyle başlayan olan satırları inceleyiniz.
kolay gelsin.
Gönderildi : 17/09/2008 11:24
Bu hata benim başıma geldi.Yanlız Bende ADC server bu hatayı veriyordu.ADC server ben terminal server olarak yapılandırmıştım.Uzak masa üztü ile oturum açan kullanıcılara Gpo uygulayamamıştım.Nedeni AD dedi windows\sysvol\sysvol\domain name\policies klasorüne admin yetkilerini full verdim.Sorun düzeldi..Belki birinin işine yarar.
Gönderildi : 06/04/2010 16:16
Aynı sorun ben de de oldu. AD de DNS le ilgili servisleri restart ettim sorun çözüldü bilginize..
Gönderildi : 09/05/2013 12:33
Burayı takip edebilirsiniz.
https://www.cozumpark.com/community/windows_server-4/gpo-duzenleme-hatasi/
Danışman - ITSTACK Bilgi Sistemleri
****************************************************************
Probleminiz Çözüldüğünde Sonucu Burada Paylaşırsanız.
Sizde Aynı Problemi Yaşayanlar İçin Yardım Etmiş Olursunuz.
Eğer sorununuz çözüldü ise lütfen "çözüldü" olarak işaretlerseniz diğer üyeler için çok büyük kolaylık sağlayacaktır.
*****************************************************************
Gönderildi : 09/12/2019 18:16
