Lost ownership of a new GPO

Computing.Net > Forums > Windows 2000 > Lost ownership of a new GPO

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Lost ownership of a new GPO

Name: Steve
Date: December 8, 2003 at 12:16:37 Pacific
OS: Windows 2000 Server, SP-4
CPU/Ram: P-III

Comment:

I just implimented stricter passwords via a new GPO. Unfortunately, I also managed to lose ownership of the GPO!
I didn't want the new policy to be active for Administrator. Because Administrator is an Authenticated User (and by default, new policies affect all authenticated users), I added Administrator to the GPO and checked DENY for Apply Group Policy. I guess I should have also made sure to check Allow for everything else while I was at it (like Write, Create and Delete).
I also deleted Domain Admins and Enterprise Admins from the policy. (On retrospect, this probably wasn't necessary - but I was thinking I'd still have control of the policy as Administrator.)
Of course, now everything in the GPO Security tab (while logged in as Administrator) is grayed out - meaning that I have no permission to make any further changes!
I would like to see if there is a way to regain control of this GPO. If I right-click on the policy, there are normally two options given: 1.) Remove the link from the list, and 2.) Remove the link and delete the Group Policy Object permanently. Option number TWO is now grayed out.
I thought, if worse comes to worse, I have already re-created the GPO (and left Domain Admins and Enterprise Admins as is). However since I can apparently only remove THE LINK and not delete THE OBJECT permanently, I'm thinking that I will just be digging myself in deeper! I am loathe to simply remove the link to this GPO. (Wouldn't it still be active for all users?)
If I go into properties on the GPO and click the Security tab and click the Advanced button and then the Owner tab, I can see that the GPO is still owned by Domain Admins. And upon examining Administrator, I see that Administrator is already a member of Domain Admins (and Enterprise Admins too). But that fact doesn't seem to get me anywhere.
Also the user group named "System" still has Read, Write, Create and Delete permission to the GPO. Again, I am not sure how that can help me either.
Please let me know if anyone knows a way to back out of this corner that I have painted myself into. Thanks!

Sponsored Link

Ads by Google

changing ownership of operation not permitted Read, Write but no Delete Permission on Windows 2003 new GPO not applying authenticated users vs domain users member of domain greyed out Process even if the Group Policy objects have not changed enterprise admin rights gpo autologoff deny delete permission gpo password	log gpo gpo zap kiosk gpo gpo permissions win2008 gpo GPO and deny interactive logon deny gpo deny delete permission delete permission no security tab
See More

windows socket error

Need help cleaning up com...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows 2000 Forum Home

Sponsored links

Ads by Google

Results for: Lost ownership of a new GPO

problems with installing a new OS

Summary

www.computing.net/answers/windows-2000/problems-with-installing-a-new-os/61364.html

can't take ownership of My Pictures

Summary

www.computing.net/answers/windows-2000/cant-take-ownership-of-my-pictures/51628.html

Applying more than 1 GPO to a user

Summary

www.computing.net/answers/windows-2000/applying-more-than-1-gpo-to-a-user/48436.html

From the Geek Dictionary
BASIC - The first programming language available for DOS PC in the 80s. Also, bas...

Ask a Question!

Weekly Poll
Do you think Comcast should have bought NBC?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
Preventing program start

Microsoft Exchange Server 2003

I need apollo p1200 printer driver for winxp

Unable to connect to 192.168.0.1

malicious program

All Awaiting Reply

Tom's News
Verizon: iPhone is Digitally Clueless Beauty Queen

Nintendo DS Flash Cards are Legal Says Judge

Go Retro: Dragon's Lair Confirmed for iPhone

Sony's PSPgo May Get External UMD Reader

Report: Teen Internet Addicts Likely to Self-Harm

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE