I am running a mix of 2003 sp2 and 2000 sp 4 server domain.
I was wondering if I can delete GPO's directly from the Sysvol folder?
Is there anything that I need to worry about?
for ex: never delete the domain GPO.

Any thoughts?
Regards,

Hello (E-Mail Removed),

Why not using GPMC? Then can be sure that it is done correctly, because not
only SYSVOL is used also Active directory service.

Each Group Policy object (GPO) is stored partly in the Sysvol folder on the
domain controller and partly in the Active Directory directory service. GPMC,
Group Policy Object Editor, and the old Group Policy user interface that
is provided in the Active Directory snap-ins present and manage a GPO as
a single unit. For example, when you set permissions on a GPO in GPMC, GPMC
sets permissions on objects both in Active Directory and in the Sysvol folder.
For each GPO, the permissions in Active Directory must be consistent with
the permissions in the Sysvol folder. You must not change these separate
objects outside GPMC and Group Policy Object Editor. If you do so, this may
cause Group Policy processing on the client to fail, or certain users who
generally have access may no longer be able to edit a GPO.

Additionally, file system objects and directory service objects do not have
the same available permissions because they are different types of objects.
When permissions mismatch, it may not be easy to make them consistent. To
help you make sure that the security for the Active Directory and for the
Sysvol components of a GPO is consistent, GPMC automatically checks the consistency
of the permissions of any GPO when you click the GPO in GPMC. If GPMC detects
a problem with a GPO, you receive one of the messages that is described in
the "Symptoms" section, depending on whether or not you have permissions
to modify security on that GPO:

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> I am running a mix of 2003 sp2 and 2000 sp 4 server domain.
> I was wondering if I can delete GPO's directly from the Sysvol folder?
> Is there anything that I need to worry about?
> for ex: never delete the domain GPO.
> Any thoughts?
> Regards

Thanks again for your help.
This answers my question and gives me something more to work with.
I am having some errors while I am migrating the domain to 2003.

regards,

"Meinolf Weber" wrote:

> Hello (E-Mail Removed),
>
> Why not using GPMC? Then can be sure that it is done correctly, because not
> only SYSVOL is used also Active directory service.
>
> Each Group Policy object (GPO) is stored partly in the Sysvol folder on the
> domain controller and partly in the Active Directory directory service. GPMC,
> Group Policy Object Editor, and the old Group Policy user interface that
> is provided in the Active Directory snap-ins present and manage a GPO as
> a single unit. For example, when you set permissions on a GPO in GPMC, GPMC
> sets permissions on objects both in Active Directory and in the Sysvol folder.
> For each GPO, the permissions in Active Directory must be consistent with
> the permissions in the Sysvol folder. You must not change these separate
> objects outside GPMC and Group Policy Object Editor. If you do so, this may
> cause Group Policy processing on the client to fail, or certain users who
> generally have access may no longer be able to edit a GPO.
>
> Additionally, file system objects and directory service objects do not have
> the same available permissions because they are different types of objects.
> When permissions mismatch, it may not be easy to make them consistent. To
> help you make sure that the security for the Active Directory and for the
> Sysvol components of a GPO is consistent, GPMC automatically checks the consistency
> of the permissions of any GPO when you click the GPO in GPMC. If GPMC detects
> a problem with a GPO, you receive one of the messages that is described in
> the "Symptoms" section, depending on whether or not you have permissions
> to modify security on that GPO:
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
> > I am running a mix of 2003 sp2 and 2000 sp 4 server domain.
> > I was wondering if I can delete GPO's directly from the Sysvol folder?
> > Is there anything that I need to worry about?
> > for ex: never delete the domain GPO.
> > Any thoughts?
> > Regards,
>
>
>

Hello (E-Mail Removed),

If you post the errors and what you have done, maybe we can find a solution.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Thanks again for your help.
> This answers my question and gives me something more to work with.
> I am having some errors while I am migrating the domain to 2003.
> regards,
>
> "Meinolf Weber" wrote:
>
>> Hello (E-Mail Removed),
>>
>> Why not using GPMC? Then can be sure that it is done correctly,
>> because not only SYSVOL is used also Active directory service.
>>
>> Each Group Policy object (GPO) is stored partly in the Sysvol folder
>> on the domain controller and partly in the Active Directory directory
>> service. GPMC, Group Policy Object Editor, and the old Group Policy
>> user interface that is provided in the Active Directory snap-ins
>> present and manage a GPO as a single unit. For example, when you set
>> permissions on a GPO in GPMC, GPMC sets permissions on objects both
>> in Active Directory and in the Sysvol folder. For each GPO, the
>> permissions in Active Directory must be consistent with the
>> permissions in the Sysvol folder. You must not change these separate
>> objects outside GPMC and Group Policy Object Editor. If you do so,
>> this may cause Group Policy processing on the client to fail, or
>> certain users who generally have access may no longer be able to edit
>> a GPO.
>>
>> Additionally, file system objects and directory service objects do
>> not have the same available permissions because they are different
>> types of objects. When permissions mismatch, it may not be easy to
>> make them consistent. To help you make sure that the security for the
>> Active Directory and for the Sysvol components of a GPO is
>> consistent, GPMC automatically checks the consistency of the
>> permissions of any GPO when you click the GPO in GPMC. If GPMC
>> detects a problem with a GPO, you receive one of the messages that is
>> described in the "Symptoms" section, depending on whether or not you
>> have permissions to modify security on that GPO:
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> I am running a mix of 2003 sp2 and 2000 sp 4 server domain.
>>> I was wondering if I can delete GPO's directly from the Sysvol
>>> folder?
>>> Is there anything that I need to worry about?
>>> for ex: never delete the domain GPO.
>>> Any thoughts?
>>> Regards

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 2/13/2008
Time: 11:26:48 PM
User: NT AUTHORITY\SYSTEM
Computer: 2000SERVER
Description:
Windows cannot access the file gpt.ini for GPO
CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=keypoint,DC=org.
The file must be present at the location
<\\keypoint.org\sysvol\keypoint.org\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


"Meinolf Weber" wrote:

> Hello (E-Mail Removed),
>
> If you post the errors and what you have done, maybe we can find a solution.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
> > Thanks again for your help.
> > This answers my question and gives me something more to work with.
> > I am having some errors while I am migrating the domain to 2003.
> > regards,
> >
> > "Meinolf Weber" wrote:
> >
> >> Hello (E-Mail Removed),
> >>
> >> Why not using GPMC? Then can be sure that it is done correctly,
> >> because not only SYSVOL is used also Active directory service.
> >>
> >> Each Group Policy object (GPO) is stored partly in the Sysvol folder
> >> on the domain controller and partly in the Active Directory directory
> >> service. GPMC, Group Policy Object Editor, and the old Group Policy
> >> user interface that is provided in the Active Directory snap-ins
> >> present and manage a GPO as a single unit. For example, when you set
> >> permissions on a GPO in GPMC, GPMC sets permissions on objects both
> >> in Active Directory and in the Sysvol folder. For each GPO, the
> >> permissions in Active Directory must be consistent with the
> >> permissions in the Sysvol folder. You must not change these separate
> >> objects outside GPMC and Group Policy Object Editor. If you do so,
> >> this may cause Group Policy processing on the client to fail, or
> >> certain users who generally have access may no longer be able to edit
> >> a GPO.
> >>
> >> Additionally, file system objects and directory service objects do
> >> not have the same available permissions because they are different
> >> types of objects. When permissions mismatch, it may not be easy to
> >> make them consistent. To help you make sure that the security for the
> >> Active Directory and for the Sysvol components of a GPO is
> >> consistent, GPMC automatically checks the consistency of the
> >> permissions of any GPO when you click the GPO in GPMC. If GPMC
> >> detects a problem with a GPO, you receive one of the messages that is
> >> described in the "Symptoms" section, depending on whether or not you
> >> have permissions to modify security on that GPO:
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> I am running a mix of 2003 sp2 and 2000 sp 4 server domain.
> >>> I was wondering if I can delete GPO's directly from the Sysvol
> >>> folder?
> >>> Is there anything that I need to worry about?
> >>> for ex: never delete the domain GPO.
> >>> Any thoughts?
> >>> Regards,
>
>
>

Hello (E-Mail Removed),

Event ID 1058 can have a lot of reasons. Google for "event id 1058" and use
them first. It's easier then listing all links here. Also post an ipcomnfig
/all from all DC's and your DNS server, if not a DC.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Event Type: Error
> Event Source: Userenv
> Event Category: None
> Event ID: 1058
> Date: 2/13/2008
> Time: 11:26:48 PM
> User: NT AUTHORITY\SYSTEM
> Computer: 2000SERVER
> Description:
> Windows cannot access the file gpt.ini for GPO
> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=key
> point,DC=org.
> The file must be present at the location
> <\\keypoint.org\sysvol\keypoint.org\Policies\{31B2F340-016D-11D2-945F-
> 00C04FB984F9}\gpt.ini>. (Access is denied. ). Group Policy processing
> aborted.
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> "Meinolf Weber" wrote:
>
>> Hello (E-Mail Removed),
>>
>> If you post the errors and what you have done, maybe we can find a
>> solution.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Thanks again for your help.
>>> This answers my question and gives me something more to work with.
>>> I am having some errors while I am migrating the domain to 2003.
>>> regards,
>>> "Meinolf Weber" wrote:
>>>
>>>> Hello (E-Mail Removed),
>>>>
>>>> Why not using GPMC? Then can be sure that it is done correctly,
>>>> because not only SYSVOL is used also Active directory service.
>>>>
>>>> Each Group Policy object (GPO) is stored partly in the Sysvol
>>>> folder on the domain controller and partly in the Active Directory
>>>> directory service. GPMC, Group Policy Object Editor, and the old
>>>> Group Policy user interface that is provided in the Active
>>>> Directory snap-ins present and manage a GPO as a single unit. For
>>>> example, when you set permissions on a GPO in GPMC, GPMC sets
>>>> permissions on objects both in Active Directory and in the Sysvol
>>>> folder. For each GPO, the permissions in Active Directory must be
>>>> consistent with the permissions in the Sysvol folder. You must not
>>>> change these separate objects outside GPMC and Group Policy Object
>>>> Editor. If you do so, this may cause Group Policy processing on the
>>>> client to fail, or certain users who generally have access may no
>>>> longer be able to edit a GPO.
>>>>
>>>> Additionally, file system objects and directory service objects do
>>>> not have the same available permissions because they are different
>>>> types of objects. When permissions mismatch, it may not be easy to
>>>> make them consistent. To help you make sure that the security for
>>>> the Active Directory and for the Sysvol components of a GPO is
>>>> consistent, GPMC automatically checks the consistency of the
>>>> permissions of any GPO when you click the GPO in GPMC. If GPMC
>>>> detects a problem with a GPO, you receive one of the messages that
>>>> is described in the "Symptoms" section, depending on whether or not
>>>> you have permissions to modify security on that GPO:
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers
>>>> no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> I am running a mix of 2003 sp2 and 2000 sp 4 server domain.
>>>>> I was wondering if I can delete GPO's directly from the Sysvol
>>>>> folder?
>>>>> Is there anything that I need to worry about?
>>>>> for ex: never delete the domain GPO.
>>>>> Any thoughts?
>>>>> Regards,