Failed to open the Group Policy Object. You might not have the appropriate rights.
Details: The system cannot find the path specified.
What I am trying to do: I am trying to edit a group policy via Group Policy Management on Windows Server 2019.
What I did try to solve the problem: I did issue the ntacl sysvolreset command in the container systemd-run -M nsdc -t /bin/bash -c "samba-tool ntacl sysvolreset"
I did try to run Group Policy Management as user “admin” and user “Administrator”. I did run Group Policy Management as Administrator too.
I can see the policies and view all settings. But when I click “Edit” then I get the error message about not being able to open the GPO - might not have appropriate rights.
The NethServer installation is up to date. Any ideas?
Nethserver-DC is the only DC in this environment and creating / editing the GPO’s worked indeed fine when the (only) server was running Windows Server 2008 R2. I did convert the server to a Hyper-V VM and had to do an in place upgrade (in steps) to Window Server 2019.
The RSAT tools on Windows 10 work fine in combination with Nethserver-DC. I use the RSAT tools of Windows 10 to manage group policies for a few smaller customers (different environments but all with Nethserver-DC).
I think I’ll go ahead and install the RSAT tools on a Windows 10 client and try again for this environment to edit the policies and see what happens.
OK, these kind of infos should come right front up!
I think you probably need to check if you have “Promisious Mode” Active on Hyper-V. AD on NethServer needs this!
I cant help here as I don’t ever see myself running a Windows Box to run a virtual Linux.
Better the other way around!
My 2 cents
Andy
Hyper-V has had a few caveats in the past check the forum…
I’ll look into that but I can confirm the domain works fine when I look at joining computers/servers and so on. Group policy updates also work fine. I can’t find something obvious in the event logs of the Windows 2019 server.
I believe I did have issues with promiscuous mode before - but I am not sure if that was Hyper-V or Proxmox. I’ll look into this after testing editing the policies with Windows 10.
I did try to edit some GPO’s from a Windows 10 client. Unfortunately this gives the same error message.
I did also sniff the DNS requests. Could it be DNS? The following records (red dot) aren’t being resolved (please see the screenshot).
I did try something else. I did create a new GPO with the name “Test”. Next I did try to edit the GPO - and that works!
I still don’t understand why I can’t edit the existing GPOs. I suspect it has to do with rights. I am reading “Sysvolreset - SambaWiki” at the moment.
Edit:
I did try “samba-check-set-sysvol.sh” but there are are dependencies missing
I did notice the plus-sign in the permissions column and did look into the extended attributes. I can’t find a problem with the permissions.
Not sure how to proceed. What I could do to work around the problem is to backup the GPOs. Next remove the original and restore the GPO? I think I’ll try that after a good night sleep.
I’d suggest having a good look at Proxmox (Just as free as NethServer).
Proxmox can easily run Win2019, even HP ROK or equalivant Dell bundles…
Way better than Hyper-V, and rock solid!
I run Proxmox at home with Nethserver and Nethserver-DC. It’s wonderful.
Although I like Proxmox… I just can’t run Proxmox for this specific environment unfortunately.
It looks like the problem isn’t Hyper-V but permissions. When I create a new GPO, then I am able to edit the GPO.
I just created a backup of the GPO “Printers”. Next I did remove the GPO. Next I did restore the GPO… and voila! I am able to edit the GPO (again)! The only caveat is that I have to link the GPO to the OU.
I don’t know the cause of this specific problem but this work around solves the problem: I just create a backup of the GPOs which I can’t edit and then I just restore and link those GPOs again. I just have to pay attention of the links.
