Hero Banner

Feedback & Support Discussions

Provide feedback on your partner experience.

Reply
Level 1 Contributor

Windows 2016 AD Group Policy - Access Denied

Hi - I'm having a strange problem creating or editing Group Policies on a standalone Windows 2016 server configured as DC for a single domain.
The AD is orginating from a Windows 2012 Essentials server, the current 2016 server have been configured as a DC for the same domain and all FSMO roles have been transferred and finally the old Windows 2012 Essentials server have been decomissioned and recycled.

However, this 2016 server have developed this strange problem when creating or editing Group Policies, access is denied.
I have checked DCDIAG, no problems.
I have configured an extra DC, just to check if it was possible to edit GPO's on a another server, but it was the same problem. This extra DC have been removed afterwards.
It seems to me that the problem might be the ability to write to the directories or files containing the GPO's.
I have done intensive research, but I have not found anything helpful.

 

When creating a new Group Policy, I get an error "Access is denied". No events are logged.
When editing an existing Group Policy, I get an error: "Error (0x80070005) occured saving settings file. Access is denied." No events are logged.

 

The server is configured as a Domain Controller, Active Directory Certificate Authority server and Remote Access server.

 

Any help would be appriciated.

5 REPLIES 5
Microsoft

@kboroumand : See Andra's post above - this is probably not the right community to handle specific technical problems, the Technical community is better suited for this type of discussion: https://techcommunity.microsoft.com/t5/Windows-Server/ct-p/Windows-Server (or even a support ticket).

Visitor 1

Anyone find a solution to this topic?

When I try making changes to my GPO objects I'm getting an access denied exception 0x80070005 and the following details:

 

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at Microsoft.GroupPolicy.AdmTmplEditor.IGPMAdmTmplEditorCallback.ApplyChanges()
at Microsoft.GroupPolicy.AdmTmplEditor.Editor.SaveChanges()
at Microsoft.GroupPolicy.AdmTmplEditor.Editor.buttonApply_Click(Object sender, EventArgs e)
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
Assembly Version: 4.0.0.0
Win32 Version: 4.8.4240.0 built by: NET48REL1LAST_B
CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll
----------------------------------------
Microsoft.GroupPolicy.AdmTmplEditor
Assembly Version: 6.3.0.0
Win32 Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_64/Microsoft.GroupPolicy.AdmTmplEditor/v4.0_6.3.0.0__31bf3856ad364e35/Microsoft.GroupPolicy.AdmTmplEditor.dll
----------------------------------------
System
Assembly Version: 4.0.0.0
Win32 Version: 4.8.4210.0 built by: NET48REL1LAST_B
CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Windows.Forms
Assembly Version: 4.0.0.0
Win32 Version: 4.8.4210.0 built by: NET48REL1LAST_B
CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
Assembly Version: 4.0.0.0
Win32 Version: 4.8.3761.0 built by: NET48REL1
CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Configuration
Assembly Version: 4.0.0.0
Win32 Version: 4.8.4190.0 built by: NET48REL1LAST_B
CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Core
Assembly Version: 4.0.0.0
Win32 Version: 4.8.4240.0 built by: NET48REL1LAST_B
CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
System.Xml
Assembly Version: 4.0.0.0
Win32 Version: 4.8.3761.0 built by: NET48REL1
CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
Accessibility
Assembly Version: 4.0.0.0
Win32 Version: 4.8.3761.0 built by: NET48REL1
CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Accessibility/v4.0_4.0.0.0__b03f5f7f11d50a3a/Accessibility.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

 

Community Manager

Hi @AOSH ,

 

Thank you for sharing your feedback with the Microsoft Partner Community!

While I don`t have an actual solution to this, I could suggest you look into this documentation: https://techcommunity.microsoft.com/t5/Ask-the-Directory-Services-Team/A-Treatise-on-Group-Policy-Troubleshooting-8211-now-with-GPSVC/ba-p/400304.

Also the Windows Server category on Tech Community, is another good place to address this matter.

 

Hope it helps,

Andra

Level 1 Contributor

Hi @Andra,

Thank you for your answer, I will review the article.

Also, I have posted the issue as suggested in the Windows Server category on Tech Community.

 

Brgrds, AOSH

Community Manager

Hi @AOSH ,

 

You are welcome!

Feel free to get back on the community and share the solution or if you need further guidance.

 

Thank you,

Andra