Share via

Group Policy Modeling Wizard - Access denied when selecting a server

Jordan Taylor 0 Reputation points
2023-02-20T16:30:43.7933333+00:00

Hi all,

I have 2 domains in the same situation one of which being my test domain so I can post this here.

I have a situation where I have delegated group policy control and it all appears to be working from the DC (users are not domain admin and normally not allowed onto DC but for testing purposes if they are given access [outwith Admin and as a standard user with GPO delegation] then it appears to work]

However when I use GP Modeling from a secondary server (not a DC) with RSAT tools installed then they appear to get an access denied message when selecting a server?

I have ammended DCOM GPO's and Firewall was temporarily disabled... what else can it be?

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Client for IT Pros | User experience | Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 44,751 Reputation points
    2023-02-21T16:45:58.9666667+00:00

    There could be a few reasons why you are experiencing an "Access Denied" error when selecting a server in the Group Policy Modeling Wizard. Here are some steps you can take to troubleshoot the issue:

    1. Verify that the user account you are using to run the Group Policy Modeling Wizard has the appropriate permissions. The user account should be a member of the "Domain Admins" or "Group Policy Creator Owners" group.
    2. Ensure that the Remote Procedure Call (RPC) service is running on the target server. This service is required for communication between the Group Policy Management Console and the server.
    3. Check the Windows Firewall settings on the target server to ensure that the necessary ports are open. The required ports for Group Policy management are 135, 139, 445, and 593.
    4. Ensure that the Distributed Component Object Model (DCOM) settings on the target server are configured correctly. You can do this by following these steps:
    • Open the Component Services console (comexp.msc).
    • Expand "Component Services", "Computers", and "My Computer".
    • Right-click "My Computer" and select "Properties".
    • Click the "COM Security" tab.
    • Under "Access Permissions", click "Edit Limits".
    • Ensure that the user account you are using to run the Group Policy Modeling Wizard has the appropriate permissions.
    • Click "OK" to save your changes.
    1. Check the event logs on the target server for any errors related to Group Policy. This may provide additional information about the cause of the issue.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.