This Group Policy object (GPO) is inaccessible because you do not have the read-level permission on it


If you lost permissions to a GPO, obviously you cannot edit the GPO in Group Policy Management Console (GPMC). You would get this error: This Group Policy object (GPO) is inaccessible because you do not have the read-level permission on it.

Don’t you worry. There is an easy fix as long as you are a domain admin.

  • Open ADSIEdit.msc console
  • Right click on ADSI Edit and select “Connect to…”. Choose “Default Naming Context” and click OK.
  • Expland to ADSI Edit >>> Default Naming Context (domain.com) >>> DC=company,DC=com >>> System >>> Policies
  • Find the GUID of the GPO you lost access in Group Policy Management Console. Select the GUID of the Policy under CN=Polices OU.
  • Right click on Policy and choose Properties.
  • Select Security Tab and Click Advanced Button.
  • Take ownership of the policy by changing the owner to yourself (or better to Domain Admins). Close the properites dialog box.
  • Right click on the Policy and open Properties again.
  • Go to Security Tab. I would suggest to add permissions by copying the default permissions from other policy.
  • You may close the ADSI Edit console.

That’s all. After permissioning try accessing the GPO in GPMC.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s