Replication of Group Policy settings between domain controllers fails
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Replication of Group Policy settings between domain controllers fails.
A replication problem may occur if you assign incorrect permissions to the %SystemRoot%\Winnt\Sysvol folder or when you assign improper groups to the Bypass Traverse Checking User Rights Assignment. The replication issue also occurs if the sysvol share permissions are too restrictive.
To troubleshoot this issue:
Ensure that the permissions for the %SystemRoot%\Winnt\Sysvol folder and sub-folders are set as described in Event ID 1000, 1001 Is Logged Every Five Minutes in the Application Event Log on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=35272).
In Group Policy Management Console, right-click the Default Domain Controllers Policy GPO (in the Domain Controllers OU), click Edit, and verify that the Bypass traverse checking security setting (in Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment) contains the following default groups:
- Authenticated Users
Refresh security policy by running gpupdate /force.