Group Policy Object Does Not Open

  • Article

You attempt to either open or edit a Group Policy object, and receive an error indicating that the Group Policy object cannot be accessed or opened.

Possible Causes:

  • There is no write access to the Group Policy object.

  • The domain controller you are focused on is down.

  • You have attempted to edit a Group Policy object in another domain and the trust relationship broken.

  • Network connectivity or dropped packets is causing intermittent failures.

Diagnostic Tests:

To check that you have Read and Write access to the Group Policy object

  1. Select the Group Policy object to open or edit on the Group Policy property page of the site, domain, or organizational unit.

  2. Right-click the Group Policy object, and then click Properties .

  3. Click the Security tab.

  4. Verify that you have both Read and Write access. You must have both; you cannot open a Group Policy object in read-only mode.

To confirm that you can successfully connect to the domain controller that you are focused on

  1. Run Netdiag.exe to check network connectivity and to confirm that DNS is configured and working.

  2. Locate the name of the domain controller that you are focused on. At the command prompt, type SET . Look for the variable Logonserver in the output and make a note of the name of the domain controller that it points to. (LOGONSERVER=\\NTDSDCB)

  3. Run Gpotool.exe in verbose mode and confirm that the domain controller that you are focused on is available and online.

If you are editing a Group Policy object in another domain, confirm that the trust relationship is not broken.

Check for group membership that gives the user permissions to edit the Group Policy object in the remote domain.

Check for media sense issues, that is, problems with Windows not detecting peripherals or the network.. If you are logged on locally to the domain controller that contains the Group Policy object you want to edit, even if the domain controller is not replicated, confirm that the following conditions are met.

  • There is a network cable plugged into the network adapter on the domain controller.

  • This network cable is connected to a powered network hub.