Announcement

Collapse
No announcement yet.

Can't Create GPO This security ID may not be assigned as the owner of this object.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can't Create GPO This security ID may not be assigned as the owner of this object.

    Hi,

    I am unable to create a new GPO in my Domain 2012 R2 DC. I created many of the GPOs that are in the domain currently but recently I am getting:

    This security ID may not be assigned as the owner of this object.

    When trying to add a new policy. Tried the GUI and also from the powershell cmd new-gpo - hoping that perhaps I would get more diagnostic information from the powershell -- but same message either way.

    From several sites I have read this error indicates the user doesn't have the correct permissions for SOMETHING -- but cannot figure out where it is missing.

    Tried resetting permissions to default via https://technet.microsoft.com/en-us/...(v=ws.10).aspx


    C:\Windows\system32>icacls c:\Windows\SYSVOL
    c:\Windows\SYSVOL NT AUTHORITY\Authenticated Users: (RX)
    NT AUTHORITY\Authenticated Users: (OI)(CI)(IO)(GR,GE)
    BUILTIN\Server Operators: (RX)
    BUILTIN\Server Operators: (OI)(CI)(IO)(GR,GE)
    BUILTIN\Administrators: (F)
    BUILTIN\Administrators: (OI)(CI)(IO)(F)
    NT AUTHORITY\SYSTEM: (F)
    NT AUTHORITY\SYSTEM: (OI)(CI)(IO)(F)
    BUILTIN\Administrators: (F)
    CREATOR OWNER: (OI)(CI)(IO)(F)


    Anyone have know what I am doing wrong? Where can I look?

    Really appreciate insights.

    Beth

  • #2
    What account are you using to create the GPO?
    Have you tried a different domain admin account?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Hi,

      I am using a Domain administrator account and I have tried another domain administrator account. Neither work.

      Thank you.
      ****EDIT****
      Thank you again. This is resolved. I disabled a compliance GPO required by our company and the issue has resolved. I do not know which setting was causing the issue yet but I will at some point have to go through each setting and determine which caused this problem. Thank you again for your response...I will focus on any settings involving user rights.

      Beth
      Last edited by bethk; 22nd May 2017, 18:50. Reason: Fixed the issue

      Comment


      • #4
        Thanks Beth. When you find the issue could you share it here as it may help others too?

        Thanks!
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment

        Working...
        X