none
Unable to overwrite files in Central Store

    Question

  • I am trying to update the Central Store "\\domain.com\sysvol\domain.com\Policies\PolicyDefinitions"and when I attempt to copy the new admx and adml files, I get access denied overwriting existing files.  I can create a new folder inside the PolicyDefinitions folder, but i cannot move, delete or rename any existing files.

    I looked at the permissions in the policydefinitions folder and there is an "account unknown" SID with full control permissions and the folder owner is also account unknown.

    What could cause this and what is a fix?

    Is it safe to just take over permissions and make domain admins owner of the folder and manually give domain admins full control?

    Seems like that should have been default already. 

    "Administrators" already have full control on the folder and files in the folder and domain admins are administrators on the domain controller, so I don't know why that isn't good enough to manage the files in the folder.
    • Edited by MyGposts Monday, March 14, 2016 8:51 PM
    Monday, March 14, 2016 8:47 PM

Answers

  • Hi MyGposts,

    I looked at the permissions in the policydefinitions folder and there is an "account unknown" SID with full control permissions and the folder owner is also account unknown.

    >>>This may be caused by the account has been deleted or the user is member of trusted domain and the trust relationship expired.

    Is it safe to just take over permissions and make domain admins owner of the folder and manually give domain admins full control?

    >>>You could perform “take ownership” with domain admin and delegate yourself or administrators write rights, then you could override existing files.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, March 16, 2016 12:58 AM
    Moderator

All replies

  • > What could cause this and what is a fix?
     
    User was deleted...
     
    > Is it safe to just take over permissions and make domain admins owner of
    > the folder and manually give domain admins full control?
     
    Yes.
     
    Tuesday, March 15, 2016 8:59 AM
  • Hi MyGposts,

    I looked at the permissions in the policydefinitions folder and there is an "account unknown" SID with full control permissions and the folder owner is also account unknown.

    >>>This may be caused by the account has been deleted or the user is member of trusted domain and the trust relationship expired.

    Is it safe to just take over permissions and make domain admins owner of the folder and manually give domain admins full control?

    >>>You could perform “take ownership” with domain admin and delegate yourself or administrators write rights, then you could override existing files.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, March 16, 2016 12:58 AM
    Moderator