RSoP Analysis is not including Group Policies that pertain to nested groups that the User or Compute (NETIQKB42655)

fact
NetIQ Group Policy Administrator 4.0

symptom
Receive 'Access Denied' when running RSoP Analysis and specifying a User or Computer that are members of nested groups.

symptom
RSoP Analysis is not including Group Policies that pertain to nested groups that the User or Computer object is a member of.

cause
RSoP Analysis is not processing nested groups when computing Resultant Set of Policies.

fix

This issue is resolved in NetIQ Group Policy Administrator 4.0 Hotfix 41790

This hotfix provides the following improved functionality:

• You may experience improved performance when generating Comparison reports.

This hotfix corrects the following issues:

• Hotfix 41790 allows you to select a trusted domain when mapping security principals with the Domain Map.
• Hotfix 41790 corrects an issue where RSoP Analysis would not process certain nested groups when computing Resultant Set of Permissions.  Hotfix 41790 correctly processes nested groups.
• Hotfix 41790 corrects an issue where the repository would not check in some changes to GPOs that included upgrade packages.  Hotfix 41790 correctly checks-in changes to GPOs that include upgrade packages.

To install this hotfix, run GPA40000_Hotfix41790.exe on each GPA console computer.

This hotfix modifies the following files in the installation folders. By default, this folder is \Program Files\NetIQ\Group Policy Administrator 4.0:

• \Bin\faGPRInterface.dll
• \Bin\faGPR.dll
• \Bin\faTokPrv.dll
• \Bin\XML\GpoCompare\faADMFuncDiff.xsl
• \Bin\XML\GpoCompare\faGPODiffReportXML.xsl
• \Bin\XML\RSOP\faRsopAnalyzeGpsGpos.xsl
• \Bin\XML\Rsop\faRsopExecuteAccountTokenQuery.xsl
• \Bin\XML\Rsop\faRsopExecuteLdapQuery.xsl
• \Bin\XML\Rsop\faRsopHierarchy.xml
• \Bin\XML\Rsop\faRsopProcessLdapResult.xsl

For more information, contact NetIQ Technical Support.

Formerly known as NETIQKB42655