Domain Controller Security Policy problem in detail

Discussion in 'Windows Networking' started by William Tyler, Sep 13, 2004.

  1. Could someone please help me with the following?

    I have two Windows 2000 Servers running Active Directory they both are
    Domain Controllers in same Domain. DNS is up and running with no problem
    between the two of them. My problem is up until about four days ago I was
    able to go into "Domain Controller Security Policy" (in Control Panel -
    Admin Tools) on one of my Servers (lets call it Server1) and add users in
    the "Logon Locally" in the Users Rights Assignment under Local Polices in
    Security Settings. Now whenever I go into "Domain Controller Security
    Policy" the only thing I have access to in "Security Settings" is Public Key
    Polices and IP Security Polices on Active Directory. It will not display
    the "Local Polices" which contains User Rights Assignment nor does it shows
    any longer the following:

    Account Policies

    Event log

    Restricted Groups

    System Services


    File System

    Whenever I go into "Domain Controller Security Policy" on both Servers
    (Server1 or Server2) and click on Security Settings I receive the following
    message on the right window pane; "Windows cannot open Template file".

    The other puzzling thing about this problem is that if I go into the policy
    editor at the command level using; DOMPOL.MSC, I get the following results:

    Server2 = I see all available keys and theirs sub-keys with the "Local
    Setting" and "Effective Setting"

    Server1 = I see all available keys and theirs sub-keys but no "Local
    Setting" and Effective Setting", instead they are all "Not Define".

    Any help you could give me on this would be greatly appreciated.


    William Tyler, Sep 13, 2004
    1. Advertisements

  2. You might have a corrupt Gpttmpl.inf file. The KB link below could be used as a
    guideline on where it is located for Domain Controller Security Policy. Try to open
    and examine them on both domain controllers. If one looks bad or won't open but one
    will you can try to copy the good one over to the other domain controller to see if
    it helps.

    Other options are to try an authoritative restore of Active Directory if you have a
    recent backup of the System State on a domain controller or try to use the
    recreatedefpol.exe tool to rebuilt your default policies. You might want to look in
    Event Viewer to see if any pertinent errors are reported and run the gpotool support
    tool to see what it reports. --- Steve
    Steven L Umbach, Sep 13, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.