During our migration process from Windows Server 2008 R2 to Windows Server 2012 for all of our DC's, I've noticed a problem with the Default Domain Controller Policy. I can edit this policy from any domain-joined computer running Windows 7 or Windows Server 2008 R2 (and probably earlier versions). However, I can't edit it via Windows 8 or Windows Server 2012.
Here's the error message I receive:
Failed to open the Group Policy Object. You might not have the appropriate rights.
Details: The volume for a file has been externally altered so that the opened file is no longer valid.
- This AD domain has been gradually upgraded since its original introduction Windows 2000 Server.
- I'm a Domain Admin and Enterprise Admin.
- I've triple-checked the ACL for this GPO, even going through every property of each entry, and it is exactly as it should be.
- I've verified that all the standard files and folders for the GPO are in the correct location.
- DFS-R is being used for sysvol replication.
- The policy applies correctly, even to Windows Server 2012 domain controllers.
- As mentioned, I can edit the policy without a problem from earlier versions of Windows.
- This problem does not apply to the Default Domain Policy. Both of these default policies have the proper UUID.
- This problem occurs regardless of which DC I'm connected to via the GPO editor.
- dcdiag /c passes all tests.
I'm stumped! Any suggestions?