If you have a root domain and multiple child domains, you will encounter Access is Denied when creating GPO's in a child domain if your GPOAdmin service account is not a root domain admin. An error similar to this may be displayed:
Error Creating Group Policy Object
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
Server stack trace:
at Quest.Avalanche.Interops.GpmGmt.GPMDomainClass.CreateGPO()
...etc.
It's possible your GPOAdmin service account does not have enough permissions on the child domain(s). This can happen if your GPOadmin account is from one of your child domains - and therefore has no permissions on the second child domain.
Create a root domain service account, make it a member of your root domain admins group. This will give GPOAdmin full rights to each child domain.
Optionally, you can configure GPOADMIN to use a minimum permission model for the service account.
See SOL below:
© ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité Cookie Preference Center