Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article helps fix an issue in which you fail to restore a Group Policy Object (GPO) from the backup by using the Group Policy Management Console (GPMC) or the Import-GPO cmdlet.
When you try to import or restore a GPO with one of the following options:
- The wizard by selecting Restore from Backup in GPMC
- The wizard by selecting Import Settings in GPMC
- The Import-GPO cmdlet from the backup
You may receive the following error message:
The process cannot access the file because it is being used by another process.
The GPO file is being accessed by another process
This issue occurs when the wizard in GPMC or the Import-GPO cmdlet tries to acquire an exclusive handle to some file of the GPO in the SYSVOL share, but that file is being accessed by another process. For example, a remote user is refreshing group policies.
The Process Monitor log shows that the caller (mmc.exe or powershell.exe) receives the SHARING VIOLATION result when trying to get a handle to some file of that GPO in the SYSVOL share.
Here's an example of a Registry.pol file:
In this request, ShareMode is None, indicating this handle should be exclusive. That means the handle can't coexist with any existing handle to the same file, and no other handle to the same file is allowed before this exclusive handle is closed.
The exclusive handle is necessary in this scenario because each file of the GPO in the SYSVOL share will be replaced by the corresponding file from the backup. Failure of any file will cause the restore operation to fail.
For more information about the share mode, see:
Specify a different target domain controller (DC)
By default, the target DC used by GPMC or the Import-GPO cmdlet is the primary domain controller (PDC) Flexible Single Master Operation (FSMO) role of the domain. This behavior is by design.
To work around this issue, specify a different DC with no or little user access.
In GPMC, expand Domains in the console tree, right-click the domain, and select Change Domain Controller.
For the Import-GPO cmdlet, use the -Server parameter. For example:
Import-GPO -BackupGpoName TestGPO1 -TargetName TestGPO1 -Path C:\GOPBackup\ -Server ContosoDC2