Export (0) Print
Expand All

Replication of Group Policy settings between domain controllers fails

Updated: March 2, 2005

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Replication of Group Policy settings between domain controllers fails.


A replication problem may occur if you assign incorrect permissions to the %SystemRoot%\Winnt\Sysvol folder or when you assign improper groups to the Bypass Traverse Checking User Rights Assignment. The replication issue also occurs if the sysvol share permissions are too restrictive.


To troubleshoot this issue:

  • Ensure that the permissions for the %SystemRoot%\Winnt\Sysvol folder and sub-folders are set as described in Event ID 1000, 1001 Is Logged Every Five Minutes in the Application Event Log on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=35272).

  • In Group Policy Management Console, right-click the Default Domain Controllers Policy GPO (in the Domain Controllers OU), click Edit, and verify that the Bypass traverse checking security setting (in Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment) contains the following default groups:

    • Authenticated Users

    • Everyone

    • Administrators

  • Refresh security policy by running gpupdate /force.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft