0

In my organization's Windows AD environment, I cam across an error on several machines:

"Security policy cannot be propagated. Cannot access the template. Error code = -536870656. \.net\sysvol<DOMAIN>.net\Policies{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf." (My local domain is .net; not .local).

NSLookup of FDQN returns in all DNS Server IP addresses; dir returns files (which there are none) in the SYSVOL, DIR of the path, returns GptTmpl.inf as a result; so Browsing seems good.

What else should I try? Is the inf file an ASCII file; to be viewed in a simple text editor?

I looked through this link which both steps outlined here result in success; does not seem to be an issue with DNS. Windows cannot access the file gpt.ini for GPO error

Improve this question
New contributor
S M is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct.

1 Answer 1

Reset to default
1

From the computer in error check if you can navigate to the folder with the user account of the user in problem;

.net\sysvol.net\Policies{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf

If you can navigate to the folder, it would possibly mean the Everyone security group from the GPO was removed and a special security group was added, but no access was gave to the computer account to read the GPO while the computer is in pre-login.

In the GPO Editor add in the delegate tab "Domain Computer" - Read, and try again.

Improve this answer
1
  • This is from a FSMO Role Holder server; loggrf in as Administrator; browsing success. Also, with an end-user Windows 10 Pro Domain Joined workstation; browsing success.
    – S M
    yesterday

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .