Multiple Access Denied

S

stevekokx

Hello!

A Windows 2000 Server as a PDC with Active Directory installed.

Logged in to the PDC as a domain admin I cannot access Domain Security
Policy. I get Access Denied.

Also, if I log on to a Windows XP Pro workstation as the same domain
admin, some things I cannot do (like change the system time) even
though DOMAIN\Domain Admins is in the local Administrators group.

Any idea why?

Thanks!
 
M

Meinolf Weber

Hello (e-mail address removed),

Is this the only DC? Did you change something in the network/server configuration?
Check the event viewer for errors and post them here.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
S

stevekokx

Yes, this is the only DC.

I have not changed the configuration since the initial installtion.

I have quite a few Netlogon errors in the system portion of the event
viewer relating to DNS.

Any ideas?
 
S

stevekokx

For example:

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5774
Date: 27/03/2008
Time: 2:50:53 PM
User: N/A
Computer: PDC02
Description:
Registration of the DNS record '_kpasswd._udp.DOMAIN.COM. 600 IN SRV 0
100 464 pdc02.DOMAIN.COM.' failed with the following error:
DNS operation refused.
Data:
0000: 2d 23 00 00 -#..
 
M

Meinolf Weber

Hello (e-mail address removed),

Remove them there and configure forwarders in DNS managent console under
the server properties forwarders tab.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
S

stevekokx

Ok, now I have the PDC's IP address set as the DNS (with DNS installed
on the PDC) and I am still getting the errors. I cannot create a
forward or reverse lookup zone - I get Access Denied errors.

Something is seriously screwed up.
 
M

Meinolf Weber

Hello (e-mail address removed),

Did you restart the server? And also post an unedited ipconfig /all from
the server please.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
S

stevekokx

Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : pdc02
Primary DNS Suffix . . . . . . . : DOMAIN.COM
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : DOMAIN.COM

Ethernet adapter ETH0:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 82558-based Integrated
Ethernet with Wake on LAN*
Physical Address. . . . . . . . . : 00-E0-18-98-EE-6F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.100
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Missing DC in ADSS Default-first-site NTDS Settings 9
Trust problems 3
ADMT failure - "Access Denied" 3
ADMT v3 Access is Denied 2
Active Directory Problem 2
error trying to open Domain Security Console 2
domain administrator restricted on new secondary DC 1
child domain logging to parent domain 1

Top