Announcement

Collapse
No announcement yet.

default permission for default domain policy in SYSVOL ?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • default permission for default domain policy in SYSVOL ?

    I'm getting 1058/1030 errors and it's pointing to an access denied error on gpt.ini in the default domain policy. I'm getting this on all DC's on my child domain in the event viewer.

    I've consulted the following thread as well: http://forums.petri.com/showthread.php?t=1101

    and numerous others.

    so far i know this:

    1. i can net user \\anydc\sysvol and no connection issue
    2. I can physically access the files and all folders that the error is pointing to on any dc

    When I checked the folder permission for folder {31B..} under \\DC\SYSVOL\child.domain.com\policies\{31b..}

    was:

    Administrators - Full Control
    Authenticated users - Read and Execute
    Server Operators - Read and Execute
    Creator Owner - Special - Full Control
    System - Special - Full Control

    this was inherited to all file and folders under the root folder.

    Is the permissions correct? What is the default permissions for default domain policy in sysvol share?

    the other GPO's folder permissions are:

    Domain Admins (Child Domain\Domain Admins) - Full Control
    Creator Owner - Full Control
    SYSTEM - Full Control
    Enterprise ADmins (Root forest\Enterprise Admins) - full control
    Authenticated Users - Read and Execute
    Enterprise Domain Controllers - Read and Execute

    should i reset the "problem" folder to the the following above?

    I really hate this error because it's so hard to track down.

    Other than seeing this on my event viewer, there is nothing wrong with the domain. Users can login and so forth.


    Thanks in advance

  • #2
    Re: default permission for default domain policy in SYSVOL ?

    Hi,

    Check this out:

    http://support.microsoft.com/kb/888943

    http://support.microsoft.com/kb/842804

    Regards,
    Kapil Sharma
    ~~~~~~~~~~~~~
    Life is too short, Enjoy It.

    Comment


    • #3
      Re: default permission for default domain policy in SYSVOL ?

      Thanks for your reply.

      The first KB article doesn't apply to me as I don't have problems opening up the gpo snap-in.

      I've looked through the 2nd article and verified the services are started. I've doubled checked the sysvol share/ntfs permission and it's set to what other articles have pointed out.

      I'm curious, but under the sysvol/policies share, are all the permissions there different for every policy? Does anyone know what the default domain policy permissions should be?

      Comment


      • #4
        Re: default permission for default domain policy in SYSVOL ?

        I've also noticed a strange thing. On my DC, whenever I access the sysvol share, i get an event ID 3019 MRxSMB warning - The redirector failed to determine the connection type?

        every time i navigate a folder I get one warning in the SYSVOL share. Is this normal?

        Comment


        • #5
          Re: default permission for default domain policy in SYSVOL ?

          Hi,

          You can safely ignore this information:

          http://support.microsoft.com/kb/315244

          Regards,
          Kapil Sharma
          ~~~~~~~~~~~~~
          Life is too short, Enjoy It.

          Comment


          • #6
            Re: default permission for default domain policy in SYSVOL ?

            Additionally default permissions are as given in below KB:

            http://support.microsoft.com/kb/319808

            Regards,
            Kapil Sharma
            ~~~~~~~~~~~~~
            Life is too short, Enjoy It.

            Comment


            • #7
              Re: default permission for default domain policy in SYSVOL ?

              Thanks for the links!

              so status update, after rebooting the servers the messages have completely disappeared.

              prior to that, I thought there was some FRS replication issue or something so i watched it with sonar and nothing turned up. As far as I can tell, the domain was functioning fine before the reboot. After the reboot there has been no change in functionality, just the errors are gone.

              this is quite mysterious.

              Comment

              Working...
              X