GPO Changes Can Be Written to Different Domain Controllers If the User Is Not a Local Administrator (243430)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server
This article was previously published under Q243430 SYMPTOMS
If a user creates a new Group Policy Object (GPO) and then immediately tries to open the GPO to edit it, the follow error message may occur:
The system cannot find the path specified.
CAUSE
This behavior can occur if the user making the changes to the GPO (to which the user has been delegated change permissions) is not a domain or enterprise administrator and is also not a member of the local Administrators group.
When you use the Group Policy snap-in, the data written to the SYSVOL portion of the GPO may not be written to the same domain controller as the data written to the Active Directory portion of the GPO.
RESOLUTION
Clients behave properly regarding this inconsistency; Active Directory and the File Replication service (FRS) take care of synchronizing the two components. However, if the user who is modifying the GPO specifies the domain controller on which to make the GPO changes, the SYSVOL data may not be present because of the reason described above. In the case of a new GPO, the user must wait for the SYSVOL data to be replicated to the domain controller that is targeted in the Group Policy snap-in before the user can edit the GPO.
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
| Modification Type: | Major | Last Reviewed: | 11/21/2003 |
|---|
| Keywords: | kbenv kbprb KB243430 |
|---|
|