JSI Tip 10310. The Group Policy Modeling Wizard in GPMC issues 'Access is denied' when a Windows Server 2003 SP1 domain controller is selected?

When you use the Group Policy Modeling Wizard in GPMC to select a Windows Server 2003 Service Pack 1 domain controller, you receive Access is denied.

This behavior will occur if you are not an administrator, or the following RSoP (Resultant Set of Policy) tasks have been delegated, because the default COM permissions have been changed in Windows Server 2003 SP1:

- Generate Resultant Set of Policy (logging)
- Generate Resultant Set of Policy (planning)

NOTE: The Windows Server 2003 SP1 COM permissions restrict remote calls that are not authenticated.

To workaround this behavior:

1. Create a new Group Policy on the domain controller's OU (Organizational Unit).

2. In the new policy, navigate through Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options.

3. Double-click DCOM: Machine launch restrictions in Security Descriptor Definition Language (SDDL) syntax.

4. Check the Define this policy setting box and press the Edit Security button.

5. Check the Remote Activation item in the Allow column for the user you want to run the Group Policy Modeling Wizard.

6. Press OK and OK.

7. Exit Group Policy editing.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.