Microsoft KB Archive/253268

From BetaArchive Wiki

Article ID: 253268

Article Last Modified on 2/28/2007


  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server

This article was previously published under Q253268


When you are trying to edit the Group Policy object in Group Policy Editor, you may receive the following error message:

Failed to open the Group Policy Object. You may not have appropriate rights.

The system cannot find the path specified.


This behavior can occur if any one of the the following folder structures is missing:

  • %SystemRoot%\Sysvol\Sysvol\DomainName
  • %SystemRoot%\Sysvol\Sysvol\DomainName\Policies
  • %SystemRoot%\Sysvol\Sysvol\DomainName\Policies\{GUID}
  • %SystemRoot%\Sysvol\Sysvol\DomainName\Policies\{GUID}\Machine
  • %SystemRoot%\Sysvol\Sysvol\DomainName\Policies\{GUID}\User


There are two ways to recover from this situation if you have a single-domain environment. If you have multiple domain controllers in the domain, you can obtain the information from a replica domain controller.

  • Restore the Sysvol contents from a backup tape.
  • Re-create the folder structures within the Sysvol container. The {GUID} folder names must include both the leading brace - "{" and the trailing brace - "}"

NOTE: If you re-create the folder structure, a blank policy is created. The files and folders in the Machine and User folders are re-created after a modification is made to the policy file by using the Group Policy snap-in.


To locate the Globally Unique Identifier (GUID) for the associated group policy objects (GPOs) in the directory, use either of the following methods.

Using the Active Directory Users and Computers Snap-in

  1. Start the Active Directory Users and Computers snap-in in Microsoft Management Console (MMC).
  2. On the View menu, click Advanced Features.
  3. Click the plus sign (+) next to the System folder.
  4. Click the plus sign (+) next to the Policies folder.

The GUIDs for the GPOs are listed as folders.

Using Ldp.exe

  1. Start Ldp.exe from the Support\Reskit\Netmgmt\Dstool folder on the retail Windows 2000 CD-ROM.
  2. On the Connection menu, click Connect.
  3. Type the server name, verify that the port setting is set to 389, click to clear the Connectionless check box, and then click OK. When the connection is complete, server-specific data is displayed in the right pane.
  4. On the Connection menu, click Bind. Type the user name, password, and domain name (in DNS format) in the appropriate boxes (you may need to click to select the Domain check box), and then click OK. If the binding is successful, you should receive a message similar to "Authenticated as dn:'YourUserID'" in the right pane.
  5. On the View menu, click Tree.
  6. In the Base DN box, type dc=mydomain,dc=mydomain, replacing mydomain and mydomain with the appropriate domain name.
  7. Click the plus sign (+) next to the System container.
  8. Click the plus sign (+) next to the Policies container.

There should be a container with a GUID for every policy object created in the directory.

Keywords: kbenv kberrmsg kbprb KB253268