A Group Policy setting is not applied to Windows XP Professional-based client computers when you apply the policy setting to an OU on a Windows 2000-based domain controller (887421)


The information in this article applies to:

  • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server

SYMPTOMS

When you apply a Group Policy setting to an organizational unit (OU) on a Microsoft Windows 2000-based domain controller, the setting is not applied to the Microsoft Windows XP Professional-based client computers that are joined to the domain controller. On the client computers, the following events are logged in the Application log:Event ID: 1101
Source: Userenv
User: NT Authority\System
Description: Windows cannot access the object OU=OU name, DC=domain name, DC=domain, DC=com in Active Directory. The access to the object may be denied. Group Policy processing aborted.Event ID: 1030
Source: Userenv
User: NT AUTHORITY\SYSTEM
Description: Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.

RESOLUTION

To resolve this issue, follow these steps:
  1. On the domain controller, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. On the View menu, click Advanced Features.
  3. In the right pane, right-click the OU to which you applied the Group Policy setting, and then click Properties.
  4. Click the Security tab, and then click Authenticated Users in the list.
  5. In the Permissions box, make sure that the Allow check box is selected for Read.
  6. Click the Group Policy tab, and then click Properties.
  7. Click the Security tab, and then click Authenticated Users in the list.
  8. In the Permissions box, make sure that the Allow check box is selected for Read and Apply Group Policy.
  9. Click OK two times.
  10. Click Console, and then click Exit.
  11. Click Start, click Run, type cmd, and then click OK.
  12. At the command prompt, type secedit /refreshpolicy user_policy /enforce, and then press ENTER.
  13. At the command prompt, type secedit /refreshpolicy machine_policy /enforce, and then press ENTER.
  14. Type exit, and then press ENTER to quit the command prompt.
  15. On the client computer, click Start, click Run, type cmd, and then click OK.
  16. At the command prompt, type gpupdate, and then press ENTER.
  17. Type exit, and then press ENTER to quit the command prompt.
Modification Type:MajorLast Reviewed:12/9/2004
Keywords:kbGPO kbGRPPOLICYprob kbtshoot KB887421 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.