Group Policy Error Message When Appropriate Sysvol Contents Are Missing

Article translations Article translations
Article ID: 253268 - View products that this article applies to.
This article was previously published under Q253268
Expand all | Collapse all

On This Page

SYMPTOMS

When you are trying to edit the Group Policy object in Group Policy Editor, you may receive the following error message:
Failed to open the Group Policy Object. You may not have appropriate rights.

Details:
The system cannot find the path specified.

CAUSE

This behavior can occur if any one of the the following folder structures is missing:
  • %SystemRoot%\Sysvol\Sysvol\DomainName
  • %SystemRoot%\Sysvol\Sysvol\DomainName\Policies
  • %SystemRoot%\Sysvol\Sysvol\DomainName\Policies\{GUID}
  • %SystemRoot%\Sysvol\Sysvol\DomainName\Policies\{GUID}\Machine
  • %SystemRoot%\Sysvol\Sysvol\DomainName\Policies\{GUID}\User

RESOLUTION

There are two ways to recover from this situation if you have a single-domain environment. If you have multiple domain controllers in the domain, you can obtain the information from a replica domain controller.
  • Restore the Sysvol contents from a backup tape.
  • Re-create the folder structures within the Sysvol container. The {GUID} folder names must include both the leading brace - "{" and the trailing brace - "}"
NOTE: If you re-create the folder structure, a blank policy is created. The files and folders in the Machine and User folders are re-created after a modification is made to the policy file by using the Group Policy snap-in.

MORE INFORMATION

To locate the Globally Unique Identifier (GUID) for the associated group policy objects (GPOs) in the directory, use either of the following methods.

Using the Active Directory Users and Computers Snap-in

  1. Start the Active Directory Users and Computers snap-in in Microsoft Management Console (MMC).
  2. On the View menu, click Advanced Features.
  3. Click the plus sign (+) next to the System folder.
  4. Click the plus sign (+) next to the Policies folder.
The GUIDs for the GPOs are listed as folders.

Using Ldp.exe

  1. Start Ldp.exe from the Support\Reskit\Netmgmt\Dstool folder on the retail Windows 2000 CD-ROM.
  2. On the Connection menu, click Connect.
  3. Type the server name, verify that the port setting is set to 389, click to clear the Connectionless check box, and then click OK. When the connection is complete, server-specific data is displayed in the right pane.
  4. On the Connection menu, click Bind. Type the user name, password, and domain name (in DNS format) in the appropriate boxes (you may need to click to select the Domain check box), and then click OK. If the binding is successful, you should receive a message similar to "Authenticated as dn:'YourUserID'" in the right pane.
  5. On the View menu, click Tree.
  6. In the Base DN box, type dc=mydomain,dc=mydomain, replacing mydomain and mydomain with the appropriate domain name.
  7. Click the plus sign (+) next to the System container.
  8. Click the plus sign (+) next to the Policies container.
There should be a container with a GUID for every policy object created in the directory.

Properties

Article ID: 253268 - Last Review: February 28, 2007 - Revision: 2.2
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
Keywords: 
kbenv kberrmsg kbprb KB253268

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com