Looks like I've managed to resolve this....there seems to be a replication issue to some of our DCs. Strange that neither the DCs nor OpsManager seem to have picked up on this, but when I replicated the GPO folder manually, everything behaved as it should.
Now onto the replication issue... 2009/1/29 James Rankin <[email protected]> > Mornin' all > > Having a little problem with the application of a GPO to a member server on > Windows 2003 AD. The OU for the server in question applies a policy for User > Rights that restricts the "Load and unload device drivers" to the > Administrators group. Another OU at the same level that holds our Citrix > servers applies the "load and unload device drivers" right to the > Administrators group and the local ctx_cpsvcuser account. However, the first > OU is applying the settings that should be getting applied to the Citrix OU, > and as the local user account doesn't exist on these servers, it is throwing > an error. > > RSOP shows the source GPO as the correct one (i.e. the non-Citrix GPO). > However, the settings it is showing as applying are obviously incorrect. In > the Precedence tab of the GPO properties, there is a red 'x' with the > following error:- > > "The policy *User Rights and Restricted Groups policy (UH)* resulted in > the following error An unknown error occurred when attempting to open the > database" > > Does anyone have any ideas about how to go about sorting this? Google-fu > seems a bit lacking...I have tried the obvious such as unlinking and > recreating the GPO, with no success. I have also checked the .adm files for > this particular GPO and none of them seem inconsistent with the other > policies. > > > TIA, > > > > JRR > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
