Windows Server 2003

//

  1. Set the folder security permissions. To do this, follow these steps:
    1. In Windows Explorer, right-click the %SystemRoot%\Windows\Sysvol folder, and then click Properties.
    2. On the Security tab, click Advanced, click to clear the Allow
      inheritable permissions from parent to propagate to this object
      check
      box, and then click OK. Make sure that the
      security settings match the following settings, and then click OK:

      Administrators: Full Control
      Authenticated Users: Read,
      Read & Execute, and List Folder Contents
      Creator Owner: Nothing
      selected
      Server Operators: Read, Read & Execute, and List Folder
      Contents
      System: Full Control
    3. Right-click the %SystemRoot%\Windows\Sysvol\Sysvol folder, and then click
      Properties.
    4. On the Security tab, click Advanced, click to clear the Allow
      inheritable permissions from parent to propagate to this object
      check
      box, and then click OKtwo times.
    5. Right-click the %SystemRoot%\Winnt\Sysvol\Sysvol\domain folder,
      and then click Properties.
    6. On the Security tab, click Advanced, click to clear the Allow
      inheritable permissions from parent to propagate to this object
      check
      box, and then click OKtwo times.
    7. Right-click the %SystemRoot%\Winnt\Sysvol\Sysvol\domain\Policies
      folder, and then click Properties.
    8. On the Security tab, click Advanced, click to clear the Allow
      inheritable permissions from parent to propagate to this object
      check
      box, and then click OK. Make sure that the
      security settings match the following settings, and then click OK:

      Administrators: Full Control
      Authenticated Users: Read,
      Read & Execute, and List Folder Contents
      Creator Owner: Nothing
      selected
      Group Policy Creator Owners: Read, Read & Execute, List Folder
      Contents, Modify, and Write
      Server Operators: Read, Read & Execute, and
      List Folder Contents
      System: Full Control
    9. For each file or folder that is located in the
      %SystemRoot%\Winnt\Sysvol\Sysvol\domain\Policies folder, right-click
      the file or folder, and then click Properties.
    10. On the Security tab, click Advanced, click to select the Allow
      inheritable permissions from parent to propagate to this object
      check
      box, and then click OK two times.
  2. Open Active Directory Users and Computers. To do this, click Start, click All Programs,
    and then click Administrative Tools.
  3. Expand Active Directory Users and Computers, expand the domain name,
    right-click Domain Controllers, and then click
    Properties.
  4. On the Group Policy tab, click Default Domain Controllers Policy, and then click Edit.

    Note The Edit button is not available
    if the Group Policy Management Console is installed. In this scenario, click
    Open to start the Group Policy Management Console,
    expand domain name, expand Domain Controllers, right-click Default Domain Controllers Policy, and then click Edit.

    For additional information about the Group
    Policy Management Console, visit the following Microsoft Web site:

  5. Expand the following folders:
    Computer Configuration
    Windows Settings
    Security
    Settings
    Local Policies
  6. Click User Rights Assignment, and then
    double-click Bypass traverse checking. The
    following default settings should be present:

    Authenticated Users
    Everyone
    Administrators

    To add
    these groups if they are not present, click Add User or
    Group
    , and then click Browse.

  7. Click Start, click Run, type gpupdate, and then
    click OK.
  8. Verify that the sysvol share permissions are set correctly, as follows:
    Administrators = Full Control
    Authenticated Users = Full
    Control
    Everyone = Read

Note If this procedure does
not resolve the issue, or if you have problems accessing the Global Policy,
examine the binding order on the server to make sure the internal network
adaptor is first in the binding order list. To examine the binding order, follow
these steps:

  1. Right-click My Network Places, and then click
    Properties.
  2. On the Advanced menu, click Advanced Settings.
  3. In the Connections box, make sure that the
    internal network adaptor is listed first. If it is not, use the arrows to move
    it to the top of the list.
Advertisements