Default Group Policy - Custom policies don't apply?
We have some computers in TEST OU with password lockout after 4 attempts but it doesn't work. If we disable the Default Group policy in the domain controller then it works.
With the Default Group Policy enable, we run RSOP.exe and it does show the correct policies was applied but why it still doesn't lock the user accounts after 4 attempts? There is no password lockout policy in the Default Group Policy.
Thank you!
> Local Group Policy
This is present because someone opened gpedit.msc on the computer and
configured something in there.
> Not sure why, local policy applied to Windows 7 computer. But for both
> computers, the lockout policy is still not working.
Because Account policies for domain users can only be changed at the
Domain level, not at OU level. Account policies at OU level are only
applied to LOCAL accounts, not to domain accounts.
If you're running 2008 DFL, you can use FGPP and PSO.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :))
Similar Messages
-
How to roll back settings applied by a Group Policy Custom Administrative Template
Hi,
I have disabled USB port on a number of workstations using a Group Policy Custom Administrative Template. Now I need to enable it again. Is it possible to do it through Group Policy Custom Administrative Template again? If not how can I enable the USB ports?
TIA
BijanWhat I have exactly done is adding a custom administrative template which through it I can disable the removable medias. Sorry for the mistake, I was working on another issue and that made me confused. Anyway I put the content of adm file here to be inspected.
Disableportable.adm content:
CLASS MACHINE
CATEGORY !!category
CATEGORY !!categoryname
POLICY !!policynameusb
KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR"
EXPLAIN !!explaintextusb
PART !!labeltextusb DROPDOWNLIST REQUIRED
VALUENAME "Start"
ITEMLIST
NAME !!Disabled VALUE NUMERIC 3 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST
END PART
END POLICY
POLICY !!policynamecd
KEYNAME "SYSTEM\CurrentControlSet\Services\Cdrom"
EXPLAIN !!explaintextcd
PART !!labeltextcd DROPDOWNLIST REQUIRED
VALUENAME "Start"
ITEMLIST
NAME !!Disabled VALUE NUMERIC 1 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST
END PART
END POLICY
POLICY !!policynameflpy
KEYNAME "SYSTEM\CurrentControlSet\Services\Flpydisk"
EXPLAIN !!explaintextflpy
PART !!labeltextflpy DROPDOWNLIST REQUIRED
VALUENAME "Start"
ITEMLIST
NAME !!Disabled VALUE NUMERIC 3 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST
END PART
END POLICY
POLICY !!policynamels120
KEYNAME "SYSTEM\CurrentControlSet\Services\Sfloppy"
EXPLAIN !!explaintextls120
PART !!labeltextls120 DROPDOWNLIST REQUIRED
VALUENAME "Start"
ITEMLIST
NAME !!Disabled VALUE NUMERIC 3 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST
END PART
END POLICY
END CATEGORY
END CATEGORY
[strings]
category="Custom Policy Settings"
categoryname="Restrict Drives"
policynameusb="Disable USB"
policynamecd="Disable CD-ROM"
policynameflpy="Disable Floppy"
policynamels120="Disable High Capacity Floppy"
explaintextusb="Disables the computers USB ports by disabling the usbstor.sys driver"
explaintextcd="Disables the computers CD-ROM Drive by disabling the cdrom.sys driver"
explaintextflpy="Disables the computers Floppy Drive by disabling the flpydisk.sys driver"
explaintextls120="Disables the computers High Capacity Floppy Drive by disabling the sfloppy.sys driver"
labeltextusb="Disable USB Ports"
labeltextcd="Disable CD-ROM Drive"
labeltextflpy="Disable Floppy Drive"
labeltextls120="Disable High Capacity Floppy Drive"
Enabled="Enabled"
Disabled="Disabled"
Bijan -
Group Policy Pref - Mapped Drives Not Applying to One User
Hi All,
I’m new to this list, so please excuse any etiquette slip ups.
I have three users at a site. All their machines are running Windows XP Service Pack 3 and have client side extensions installed. I created a group policy to map their default drives using GP User Preferences.
Each of the drives is set to "update".
As an example of the policy created XML is as follows:
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="H:" status="H:"
image="2" changed="2009-11-25 05:13:58"
uid="{8A44D2F4-AAE5-4F43-AEEC-D36F08EA619C}" desc="Maps the users H drive to
ServerName\users$\%username%" bypassErrors="1"><Properties action="U"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\users$\%username%" label="Home (ServerName)"
persistent="1" useLetter="1" letter="H"/></Drive>
and
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="J:" status="J:"
image="0" changed="2009-11-30 03:52:58"
uid="{535CD462-A45D-4363-ADA1-2316D5ECC703}" desc="Maps J drive for users to
\\ServerName\apps" bypassErrors="1"><Properties action="C"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\Apps" label="Apps (ServerName)" persistent="1"
useLetter="1" letter="J"/></Drive>
The group policy is applied to an OU for that site.
All three users are in the same OU.
All three users are also in the same “xxsitecode Users” group.
2 of the users log into their pc and get the mapped drives with no issue, but one user doesn’t.
There are no other login scripts and the user has no manually mapped drives.
He does have a H drive mapped using the profile field in his AD object as a temp measure. But every 90 mins any other manually mapped drives are removed by the policy.
We don’t use roaming profiles
To trouble shoot I have tried
- Reinstalling client side extensions
- Re-joining the pc to the domain
- Running gpupdate from the command prompt to see if any event logs are generated (none are)
- Manually mapping the drives to make sure there is network access etc – I can manually map them/he can access them.
- Creating the user a new account, when he logs in using that account he gets his mapped drives on all PC’s
- Getting the user to log into a different pc, when he does this he doesn’t get his drives – so it’s not his machine or profile
- Manually checking the security on the user object in AD against one of the users who gets their drives mapped
I'm sure the GP is fine because it works for two other users and the testing isolates his user account as the issue.
The Policy I’m having issues with is xxxx Mapped Drives/ Printers
I have posted this issue on the tech net GP discussion groups page, but haven’t had any replies.
Any suggestions would be appreciated.
SimoneWhat's interesting is that I applied a new GP to users - it has one policy setting and one preferences setting. He only gets the policy setting.. aka he gets the wallpaper but not the homepage.
Also, Jorke asked me to post the gpresult /z .
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 10/02/2010 at 2:19:34 PM
RSOP results for DOMAIN\USER on MACHINENAME : Logging Mode
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: DOMAIN
Domain Type: Windows 2000
Site Name: SITECODE
Roaming Profile:
Local Profile: C:\Documents and Settings\USER.DOMAIN
Connected over a slow link?: No
COMPUTER SETTINGS
CN=MACHINENAME,OU=Laptops,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:06:38 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
Allow Remote Assistance
au-mdwsus
Default Domain Policy
Legal Notice
Proxy Settings
Logon as service, operating system
AU-WSUS
Desktop Background & Home Page
Reg Permissions for default desktop
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
SITECODE Mapped Drives/ Printers
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The computer is a part of the following security groups:
BUILTIN\Administrators
Everyone
Debugger Users
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
MACHINENAME$
Domain Computers
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for Computer:
Software Installations
N/A
Startup Scripts
GPO: Desktop Background & Home Page
Name: image.bat
Parameters:
LastExecuted: 7:55:34 PM
Name: swiftdesktop.vbs
Parameters:
LastExecuted: 7:55:35 PM
Shutdown Scripts
N/A
Account Policies
Audit Policy
User Rights
Security Options
Event Log Settings
Restricted Groups
System Services
Registry Settings
File System Settings
Public Key Policies
N/A
Administrative Templates
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\CurrentVersion\Winlogon
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Desktop Background & Home Page
Setting: Software\Policies\Microsoft\Internet Explorer\Security
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
USER SETTINGS
CN=Matthew Luhrs,OU=Users,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:54:53 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
Allow Remote Assistance
**** SITECODE Mapped Drives/ Printers - has Gp Pref's that should apply
Default Domain Policy
Proxy Settings
**** Desktop Background & Home Page - has Gp Pref's that should apply
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
AU-WSUS
Filtering: Not Applied (Empty)
Legal Notice
Filtering: Disabled (GPO)
Reg Permissions for default desktop
Filtering: Not Applied (Empty)
Logon as service, operating system
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
au-mdwsus
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The user is a part of the following security groups:
Domain Users
Everyone
Offer Remote Assistance Helpers
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Computer Account Operators
Internet Users
SITECODE Users
DOMAIN-Public Folders Administrators
All Email Users
DOMAINSWIFTEMAIL
Domain Admins
Offer Remote Assistance Helpers
WSUS Administrators
DHCP Administrators
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for User:
Software Installations
N/A
Public Key Policies
N/A
Administrative Templates
N/A
Folder Redirection
N/A
Internet Explorer Browser User Interface
GPO: Proxy Settings
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: N/A
UserAgent Text: N/A
Delete existing toolbar buttons: No
Internet Explorer Connection
HTTP Proxy Server: Proxy:port
Secure Proxy Server: Proxy:port
FTP Proxy Server: Proxy:port
Gopher Proxy Server: Proxy:port
Socks Proxy Server: Proxy:port
Auto Config Enable: Yes
Enable Proxy: Yes
Use same Proxy: Yes
Internet Explorer URLs
GPO: Proxy Settings
Home page URL: N/A
Search page URL: N/A
Online support page URL: N/A
Internet Explorer Security
Always Viewable Sites: N/A
Password Override Enabled: False
GPO: Proxy Settings
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: No
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
Internet Explorer Programs
GPO: Proxy Settings
Import the current Program Settings: No -
User Policies don't apply to just ONE system
Hi
Can somb help me out here?
I have created a user policy for all users to disable control panel and "run...". But on just
one single system they don't apply nomather what account I'm using. When I log on to anonther system with the same account they do apply.
I'm using Windows Server 2008R2 and clients are XP sp3.Dear PJ1337, what's up?
On the the computer that you're having this problem, please open an elevated command prompt and type:
gpupdate /force . After that reboot your system and verify if the problem is fixed. If it's not, open again the command prompt and execute:
gpresult /h . After that search for GPresult.html and verify the GP is there but not getting applied.
I suggest you to verify if RSOP on the server side too.
Kindly Regards, -
Group Policy Preferences IE9 settings inconsistently applying on Windows 7 Clients
We have two Windows 2008 R2 Domain Controllers.
We have only Windows 7 SP1 clients.
We have a mix of IE 9, 10 ,11 on the clients.
We moved to using GPP to control IE Proxy settings some considerable time ago.
We recently needed add a site the the proxy exceptions list. This appeared to work. However we discovered that for IE 10+ the setting was not effective. So we spun up a Windows 8.1 VM with RSAT and added a new IE Settings object into GP targeting IE
11. This appeared to have the desired effect.
After a while some (and it appears only some) IE9 machines, found their proxy settings reverting. This could be resolved by closing IE down and issuing a gpupdate /force command. However the issue would re-occur for these users, and they would be required
to close their browser and re-issue update /force again.
Furthermore (this may or may not be linked) we have been seeing JavaScript disabled warnings from OWA from some machines running IE11.
Any thoughts on troubleshooting this would be appreciated.
NickWould you please let me know if the issue only occurred on all Windows 7 with IE 9 installed machines? Or
only some Windows 7 with IE 9 installed machines have this issue?
The issue is affecting about 20-25% of machines. Generally after a logon they are fine, but then after a background gp refresh they pick up 'old' settings for the bypass proxy list.
Would you please let me know how did you configure the GPP settings?
We opened up an existing GPO that contained our previous Internet Explorer GPP settings on our first domain controller (which appears to have IE11 installed) made the changes to the existing
GPP IE Settings.
We then noticed that the settings hadn't taken on IE11 machines, so we used a windows 8.1 RTM VM with RSAT installed to add an additional "Internet Explorer 8: Internet Explorer 11" only
set of preferences. The IE8/9/10 preferences had priority of 1 the IE 11 preferences a priority of 2
I think the original GPP settings were created from a Windows 7 machine with IE9 and the Enterprise Hotfix Rollup installed.
Did you configure it in one GPO and applied to all machines?
Yes.
Have you tried to just configure it separately on Windows 2008 R2 DC and applied it to these Windows 7 with IE 9 installed machines?
Not yet. We currently have a some LOB activities that require one of the sites in the proxy bypass list. I do not want to risk breaking that until later on this week.
How to enable Group Policy Preferences support for IE9
http://www.grouppolicy.biz/2011/03/how-to-enable-group-policy-preferences-support-for-ie9/
We have the enterprise hotfix rollup installed on the Clients. However
it appears it is not installed on the DCs.
Further examination of the output of a gpresult /h shows that legacy settings from the IE Maintenance object within the GPO match the settings we see applying from time to time. Is that possible? How can we remove the IE Maintenence settings from the
GPO to test? -
Group Policy IE Maintenance settings not applied locally
Users with cached Group Policies, logging in "workstation only", are not receiving all of the settings specified.
I have followed the steps in TID 3655065, but security tab settings, and homepage are still incorrect.
Windows XP SP2
Zenworks 7
ZDM 7 SP1 IR4 HP4 applied
Workstation policy package GPO:
Computer and Security checked - with persist
User policy package GPO
User checked - with Cache set
When logging in to Novell client on network, the policies work fine.
Logging in workstation only is when the problem exists.
Two errors show -
Error 2 reading Cache User Settings
Error 0x2 refreshing User policy.
Attached is the WMGrpPolUser.logmdavidso,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
Applying custom Group policy to existing users using group policy
Hello Everyone,
i am unable to find a way to push a custom theme to client PC using group policy.
I have tried "Load a Specific Theme" Group Policy but it is only applying to a new user logging on windows.
I have a custom theme that i want it to load to every existing user's machine.
Is there any way to do it using GPO??Apply theme group policy does not work. Known issue.
I use a vb script,
'@SLH // This Script applies the Themepack "
On Error Resume Next
Select Case themeApplied
Case "yes"
'Has been set once before, nothing happens!
Case Else
'Has not been set before, Company theme is applied
strRegistryKey = readfromRegistry("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperSource", "C:\Windows\web\wallpaper\Windows\img0.jpg")
End Select
Function readFromRegistry (strRegistryKey, strDefault )
Dim WshShell, value
Set WshShell = CreateObject("WScript.Shell")
value = WshShell.RegRead( strRegistryKey )
if strDefault = value then
'Write key in registry
WshShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\themeApplied", "yes", "REG_SZ"
'Applying theme from server
'Remember to change the path tothe location of your .themepack file
WshShell.Run "rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:""\\seraddressto\ Default.themepack"""
WScript.Sleep 1000
WshShell.AppActivate("Desktop Properties")
WshShell.Sendkeys "%{F4}"
end if
End Function
I then run this in a run once script when the user first logs in, this sets the theme once on new profile generation. -
How to apply Software Restriction policy for specific user in local group policy object ?
I am working on implementing user based software restriction policy programmatically for local group policy object.
If i create a policy through Domain Controller,i do have option for software restriction policy in user configuration but in local group policy editor i don't have option for that.
When i look for the changes made by policy applied from Domain Controller in registry, they modifies registry values for specific users on path HKEY_USERS\(SID of User)\Softwares\Policies\Microsoft\Windows\Safer\Codeidentifiers
They also have registry.pol stored in SYSvol folder in Domain Controller. When i make the same changes in registry to block any other application, application is getting blocked.
I achieved what i wanted but is it right to modify registry values ?
PS:- I am using Igrouppolicyobject APII achieved what I wanted but is it right to modify registry values ?
You also can modify a registry programmatically based policy. Check this:
http://blogs.msdn.com/b/dsadsi/archive/2009/07/23/working-with-group-policy-objects-programmatically-simple-c-example-illustrating-how-to-modify-a-registry-based-policy.aspx
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Group Policies won't apply then un-configure themselves
I'm having problem with Group Policies at ONE school (I have 59 other schools that are not having this problem).
Running ZDM7sp1_SR4 on Netware 6.5 sp7 and e-dir 8.8- "Student Group Policy" files are sitting on sys\public\gpolicy\student\ I edit the Group Policy in ConsoleOne and then apply to Student container on Event:UserLogin; NDS Rights are for the entire School OU.
Student user logs in, Policy does not apply on login. Open ConsoleOne to see if I missed configured something, and all settings I had previously set have disappeard- everything is unconfigured: Proxy settings and everything in Administrative Templates.
Run WMSched on workstation, see the Student_Group_Policy is associated, and when I "Run Now" it runs for about 2 secs then goes back to "Not" running.
WMgrpPolicy.log are exactly the same as the WMgrpPolicy.log a PC (at a different OU) that does have Group Policies applying. Line-by-line, they are identical.
I don't know what to do next.It seems to mee that the settings you configure in ConsoleOne are not written to the policy files on the filesystem or the location of the files is incorrect.
Could you verify that the location where the files reside (shown in top of the policy details screen) is writable to the user that creates the policy, and that it's readable by the workstations ? -
FEP Desktop Policies not compatible with GPMC Group Policy Results
Hello,
After aplying FEP default desktop policy I am not able to see Group Policy Results - policies for that computer.
I get this error:
The following errors were encountered: Registry value "%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs" is of unexpected type.
This is a standard exclusion in the installed FEP policy.
You can see only this error and nothing more. Sometimes it is another error mostly over registry value 2 or 3 or 4. It depens although the policy does not change.
I tested it by deleting all other policies from that OU. The only one Default Desktop policy was linked to it.
Also without FEP policy applied it workd as expected.
Is this a known issue?Hello,
After aplying FEP default desktop policy I am not able to see Group Policy Results - policies for that computer.
I get this error:
The following errors were encountered: Registry value "%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs" is of unexpected type.
This is a standard exclusion in the installed FEP policy.
You can see only this error and nothing more. Sometimes it is another error mostly over registry value 2 or 3 or 4. It depens although the policy does not change.
I tested it by deleting all other policies from that OU. The only one Default Desktop policy was linked to it.
Also without FEP policy applied it workd as expected.
Is this a known issue?
It's still a problem. No-one has fixed it.
-=Chris -
How to avoid applying Default domain policy?
Hello! Hope to get some ideas on the following:
I have one PC that I DO NOT want to apply default domain policy to. I have created a separate OU in AD with one security group, that contains only that one PC.
I made sure that pc is a member of only that group and not domain computers or any other groups.
I have created a separate GPO for this PC and linked in to the domain.
I am seeing in the gpresult /r that both the new GPO is applied to the workstation and the default domain gp as well.
Default domain policy is designed to be applied to all authenticated users.
I have create a separate user for that workstation that is not a member of authenticated users.It is only a member of domain users.
Ultimately I want default domain policy to be filtered out and the gpo specific to this pc to be applied.
Any ideas?> Default domain policy is designed to be applied to all authenticated users.
>
> I have create a separate user for that workstation that is not a member
> of authenticated users.It is only a member of domain users.
You cannot exclude any computer or user from being an authenticated user...
> Ultimately I want default domain policy to be filtered out and the gpo
> specific to this pc to be applied.
Then simply block inheritance on the OU this computer lives in, and link
the specific GPO to that OU.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Power Manager - no new profiles, group policy not applying
Hi there!
Having an issue with power manager (latest version, downloaded today) on Vista on a T61. The first problem is that I cannot create a power profile. If I hit New on the advanced page and fill all the stuff out, the named power plan does not show up. It's like I never did it.
The second issue is that group policy doesn't seem to apply, either. I tried to create a new power policy through AD using the GPO available for download. All the settings are filled out, it's named, and it doesn't show up.
For those concerned that the group policy is mucking up the ability to create a new one through the UI, that was the behavior before the group policy was set up.
rsop.msc shows definitively that the policy is applying to this machine.
Does anyone have any hints?
Thank you!rscurr,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
Can't get Aero theme forced (via Group Policy)
Well I'm at a loss. I have a bunch of users. They're all crazy, and I think I'm getting there too. It all started with this three-armed monkey that got loose in the lab....
Ok seriously. I'm having no luck getting the Aero theme forced to any user. 2008 R2 and Win 7 Pro and Enterprise systems. Any user can easily manually set their own Aero theme and it saves after they log off, but for a user that hasn't
done this I cannot get GPO's to get the job done.
I've been all over the web, some people say use the option to "Load a specific theme" which most people agree only affects a user's login for the first time. After they've logged in once, that setting never applies to them again.
And the other one is that if I want to force the theme each time someone logs on, to set the msstyles file under "force a specific visual style file or force Windows Classic". I don't have a company-specific file to share over a network folder
so I just use the default %windir%\resources\Themes\Aero\aero.msstyles path.
Both of these GPO entries are found under User config > Policies > Admin Templates > Control Panel > Personalization.
Some forum posts say not to enable these two items together, others say you need to. For me it doesn't work in any combination - plenty of machine reboots in between to ensure updated GP's get applied. .
Also the Desktop Window Manager Session Manager service is running and set to automatic, and I've tested on more than one system so I am confident the computers are not the problem (some are brand new installs).
Event logs show no errors at all, and also do show successful applies of "4 group policy objects". I suppose I should count how many are supposed to apply to a computer but let's say for argument's sake that there are no errors on this.
Is there something I'm missing?I've been all over the web, some people say use the option to "Load a specific theme" which most people agree only affects a user's login for the first time. After they've logged in once, that setting never applies to them again.
And the other one is that if I want to force the theme each time someone logs on, to set the msstyles file under "force a specific visual style file or force Windows Classic". I don't have a company-specific file to share over a network folder
so I just use the default %windir%\resources\Themes\Aero\aero.msstyles path.
For the "Load a specific theme" policy, you can find the description of the policy in group policy editor, it is only applied when a new user logs in for the first time and it doesn't prevent user from changing the theme
I made a test in my environment, if I applied "force a specific visual style file or force Windows Classic". it works as I want (I use some default visual style file because I don't have customized file ), after that, I can change the
theme, and the aero.msstyles I set via GP remain take effects.
Regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Hello all-
I am currently trying to configure group policy (specifically folder redirects) from a new Windows Server 2008 in my home... the server acts as both an AD DS and file server for 4 client computers, all running Windows Vista Ultimate.
Here are the steps I am currently taking:
I create a new Group Policy called All Users and Computers and apply it to the All Users and Computers OU, which contains exactly what it says (all users and computers in the domain).
I verify that a new folder was created in \\<FQDN>\sysvol\<FQDN>\Policies. The new folder created is named {6479C8E0-3134-4B4F-B047-7ADD51684684}
I change the GPO Enforced setting to Enforced.
I attempt to use the gpupdate command to see if the group policy can be updated successfully. In a command prompt, I type gpupdate <enter>. I receive the message 'Updating Policy...' then after about 15 seconds the message 'User Policy update has completed successfully.'
I keep the cmd window open. After about 10 seconds another message apperas which says "Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows attempted to read the file \\<FQDN>\sysvol\<FQDN>\Policies\{6AC1786C-016F-11D2-945F-00C04Fb984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
To diagnose the failure, review the event log or invoke gpmc.msc to access information about Group Policy results."
I confirm that the error code is #3 using the Event Log, "The system cannot find the file specificed"
Of course the system cannot find the file specified because the folder does not exist in the sysvol folder. I am wondering why Windows is trying to read from this location when it does not exist, and is not the new group policy I created! I have no other group policies linked or enforced to any other OU/Domain/etc. Any help resolving this issue would be greatly appreciated.Hello all and thanks for the help. First a few things:
I understand that the DC should not be running RRAS, but this a simple server being used in aa home environment by 4 users and getting another server just for RRAS would be overkill.
Secondly, I currently have it so that while the router is handling DHCP, I have reserved a fixed IP for the server, so it always has 192.168.1.100. If I were to use the server as the DHCP, what would my hardware configuration have to look like? I currently have the router plugged into the ISP modem, and then server plugged into the router. All other clients connect to the router wirelessly.
Here's the dcdiag output. I tried dcdiag /fix but to no avail.
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine KELLERDCFS, is a Directory Server.
Home Server = KELLERDCFS
* Connecting to directory service on server KELLERDCFS.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=keller-pa,DC=net,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=keller-pa,DC=net,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\KELLERDCFS
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... KELLERDCFS passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\KELLERDCFS
Starting test: Advertising
The DC KELLERDCFS is advertising itself as a DC and having a DS.
The DC KELLERDCFS is advertising as an LDAP server
The DC KELLERDCFS is advertising as having a writeable directory
The DC KELLERDCFS is advertising as a Key Distribution Center
The DC KELLERDCFS is advertising as a time server
The DS KELLERDCFS is advertising as a GC.
......................... KELLERDCFS passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the event log File Replication Service does not exist.
......................... KELLERDCFS passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... KELLERDCFS passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... KELLERDCFS passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... KELLERDCFS passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Domain Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role PDC Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Rid Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Infrastructure Update Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
......................... KELLERDCFS passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC KELLERDCFS on DC KELLERDCFS.
* SPN found :LDAP/KELLERDCFS.keller-pa.net/keller-pa.net
* SPN found :LDAP/KELLERDCFS.keller-pa.net
* SPN found :LDAP/KELLERDCFS
* SPN found :LDAP/KELLERDCFS.keller-pa.net/KELLER-PA
* SPN found :LDAP/42268b36-801f-4a6d-b162-34f3b01e04bb._msdcs.keller-pa.net
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/42268b36-801f-4a6d-b162-34f3b01e04bb/keller-pa.net
* SPN found :HOST/KELLERDCFS.keller-pa.net/keller-pa.net
* SPN found :HOST/KELLERDCFS.keller-pa.net
* SPN found :HOST/KELLERDCFS
* SPN found :HOST/KELLERDCFS.keller-pa.net/KELLER-PA
* SPN found :GC/KELLERDCFS.keller-pa.net/keller-pa.net
......................... KELLERDCFS passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC KELLERDCFS.
* Security Permissions Check for
DC=ForestDnsZones,DC=keller-pa,DC=net
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=keller-pa,DC=net
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=keller-pa,DC=net
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=keller-pa,DC=net
(Configuration,Version 3)
* Security Permissions Check for
DC=keller-pa,DC=net
(Domain,Version 3)
......................... KELLERDCFS passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\KELLERDCFS\netlogon
Verified share \\KELLERDCFS\sysvol
......................... KELLERDCFS passed test NetLogons
Starting test: ObjectsReplicated
KELLERDCFS is in domain DC=keller-pa,DC=net
Checking for CN=KELLERDCFS,OU=Domain Controllers,DC=keller-pa,DC=net in domain DC=keller-pa,DC=net on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net in domain CN=Configuration,DC=keller-pa,DC=net on 1 servers
Object is up-to-date on all servers.
......................... KELLERDCFS passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... KELLERDCFS passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 1600 to 1073741823
* KELLERDCFS.keller-pa.net is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1111
......................... KELLERDCFS passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... KELLERDCFS passed test Services
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 17:53:59
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 17:59:02
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:04:04
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:09:06
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:14:08
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:19:10
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:24:12
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:29:15
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:34:17
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:39:19
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:49:23
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
......................... KELLERDCFS failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=KELLERDCFS,OU=Domain Controllers,DC=keller-pa,DC=net and backlink
on
CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
are correct.
The system object reference (serverReferenceBL)
CN=KELLERDCFS,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=keller-pa,DC=net
and backlink on
CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
are correct.
......................... KELLERDCFS passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : keller-pa
Starting test: CheckSDRefDom
......................... keller-pa passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... keller-pa passed test CrossRefValidation
Running enterprise tests on : keller-pa.net
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
PDC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
Time Server Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
KDC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
......................... keller-pa.net passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... keller-pa.net passed test Intersite
Here's the nslookup from Vista client:
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Andrew>nslookup KELLERDCFS
Server: UnKnown
Address: 192.168.1.100
Name: KELLERDCFS.keller-pa.net
Addresses: 192.168.1.150
192.168.1.100
C:\Users\Andrew>
Thanks again! -
I have two Domain Controllers Main ( Main DC ) and Second DC.
the date of some policies is not out of date....
please check these files to know the problem.
dcdiag.txt output:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine ASMDC, is a Directory Server.
Home Server = ASMDC
* Connecting to directory service on server ASMDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=buc,DC=edu,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=buc,DC=edu,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\ASMDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... ASMDC passed test Connectivity
Testing server: Default-First-Site-Name\BSMDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... BSMDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ASMDC
Starting test: Advertising
The DC ASMDC is advertising itself as a DC and having a DS.
The DC ASMDC is advertising as an LDAP server
The DC ASMDC is advertising as having a writeable directory
The DC ASMDC is advertising as a Key Distribution Center
The DC ASMDC is advertising as a time server
The DS ASMDC is advertising as a GC.
......................... ASMDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... ASMDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... ASMDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ASMDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... ASMDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Domain Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role PDC Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Rid Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
......................... ASMDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC ASMDC on DC ASMDC.
* SPN found :LDAP/ASMDC.buc.edu/buc.edu
* SPN found :LDAP/ASMDC.buc.edu
* SPN found :LDAP/ASMDC
* SPN found :LDAP/ASMDC.buc.edu/BUC
* SPN found :LDAP/5e88f85b-15a6-4ff5-b0fd-6df748df06fd._msdcs.buc.edu
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5e88f85b-15a6-4ff5-b0fd-6df748df06fd/buc.edu
* SPN found :HOST/ASMDC.buc.edu/buc.edu
* SPN found :HOST/ASMDC.buc.edu
* SPN found :HOST/ASMDC
* SPN found :HOST/ASMDC.buc.edu/BUC
* SPN found :GC/ASMDC.buc.edu/buc.edu
......................... ASMDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC ASMDC.
* Security Permissions Check for
DC=ForestDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=buc,DC=edu
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=buc,DC=edu
(Configuration,Version 3)
* Security Permissions Check for
DC=buc,DC=edu
(Domain,Version 3)
......................... ASMDC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\ASMDC\netlogon
Verified share \\ASMDC\sysvol
......................... ASMDC passed test NetLogons
Starting test: ObjectsReplicated
ASMDC is in domain DC=buc,DC=edu
Checking for CN=ASMDC,OU=Domain Controllers,DC=buc,DC=edu in domain DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu in domain CN=Configuration,DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
......................... ASMDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=DomainDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Schema,CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
* Replication Site Latency Check
......................... ASMDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8604 to 1073741823
* ASMDC.buc.edu is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 7604 to 8103
* rIDPreviousAllocationPool is 7604 to 8103
* rIDNextRID: 7640
......................... ASMDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... ASMDC passed test Services
Starting test: SystemLog
* The System Event log test
An Warning Event occurred. EventID: 0x825A0024
Time Generated: 08/21/2014 00:22:16
Event String:
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system
time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources.
Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.
An Warning Event occurred. EventID: 0x8000000E
Time Generated: 08/21/2014 00:32:29
Event String:
There were password errors using the Credential Manager. To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential BUC.EDU\administrator.
An Error Event occurred. EventID: 0x00000422
Time Generated: 08/21/2014 00:32:29
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\buc.edu\sysvol\buc.edu\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not
successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
......................... ASMDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=ASMDC,OU=Domain Controllers,DC=buc,DC=edu and backlink on
CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
The system object reference (serverReferenceBL)
CN=ASMDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=buc,DC=edu
and backlink on
CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
......................... ASMDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Default-First-Site-Name\BSMDC
Starting test: Advertising
The DC BSMDC is advertising itself as a DC and having a DS.
The DC BSMDC is advertising as an LDAP server
The DC BSMDC is advertising as having a writeable directory
The DC BSMDC is advertising as a Key Distribution Center
The DC BSMDC is advertising as a time server
The DS BSMDC is advertising as a GC.
......................... BSMDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... BSMDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... BSMDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BSMDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... BSMDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Domain Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role PDC Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Rid Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
......................... BSMDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC BSMDC on DC BSMDC.
* SPN found :LDAP/BSMDC.buc.edu/buc.edu
* SPN found :LDAP/BSMDC.buc.edu
* SPN found :LDAP/BSMDC
* SPN found :LDAP/BSMDC.buc.edu/BUC
* SPN found :LDAP/93561cab-4fb3-421f-9a67-af6b4c280eca._msdcs.buc.edu
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/93561cab-4fb3-421f-9a67-af6b4c280eca/buc.edu
* SPN found :HOST/BSMDC.buc.edu/buc.edu
* SPN found :HOST/BSMDC.buc.edu
* SPN found :HOST/BSMDC
* SPN found :HOST/BSMDC.buc.edu/BUC
* SPN found :GC/BSMDC.buc.edu/buc.edu
......................... BSMDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC BSMDC.
* Security Permissions Check for
DC=ForestDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=buc,DC=edu
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=buc,DC=edu
(Configuration,Version 3)
* Security Permissions Check for
DC=buc,DC=edu
(Domain,Version 3)
......................... BSMDC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\BSMDC\netlogon
Verified share \\BSMDC\sysvol
......................... BSMDC passed test NetLogons
Starting test: ObjectsReplicated
BSMDC is in domain DC=buc,DC=edu
Checking for CN=BSMDC,OU=Domain Controllers,DC=buc,DC=edu in domain DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu in domain CN=Configuration,DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
......................... BSMDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=DomainDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Schema,CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
* Replication Site Latency Check
......................... BSMDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8604 to 1073741823
* ASMDC.buc.edu is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 8104 to 8603
* rIDPreviousAllocationPool is 8104 to 8603
* rIDNextRID: 8106
......................... BSMDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... BSMDC passed test Services
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:15
Event String:
Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:18
Event String:
Driver SolidPDF XChange required for printer SolidPDF XChange is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:18
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!net_pc5!NRG SP 3400N PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:19
Event String:
Driver Send To Microsoft OneNote Driver required for printer !!BUCLAPTOP1!Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:20
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!BUCLAPTOP1!NRG SP 3400N PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An Warning Event occurred. EventID: 0x80000008
Time Generated: 08/20/2014 23:52:20
Event String:
The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 2) were deleted. No user action is required.
To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000004
Time Generated: 08/20/2014 23:52:20
Event String:
Printer Microsoft XPS Document Writer (redirected 2) will be deleted. No user action is required.
To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000003
Time Generated: 08/20/2014 23:52:20
Event String:
Printer Microsoft XPS Document Writer (redirected 2) was deleted, and users will no longer be able to print to this printer. No user action is required.
To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click
the Advanced tab, and then clear the Log spooler information events check box.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:22
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!BUCLAPTOP1!NRG SP 3400N PCL 6 (Copy 1) is unknown. Contact the administrator to install the driver before you log in again.
......................... BSMDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=BSMDC,OU=Domain Controllers,DC=buc,DC=edu and backlink on
CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
The system object reference (serverReferenceBL)
CN=BSMDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=buc,DC=edu
and backlink on
CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
......................... BSMDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : buc
Starting test: CheckSDRefDom
......................... buc passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... buc passed test CrossRefValidation
Running enterprise tests on : buc.edu
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
PDC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
Time Server Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
KDC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
......................... buc.edu passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... buc.edu passed test Intersite
====================================================================
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\ASMDC
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 5e88f85b-15a6-4ff5-b0fd-6df748df06fd
DSA invocationID: 1355f657-cd24-4ad4-b890-f04f5c624acd
==== INBOUND NEIGHBORS ======================================
DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:43:56 was successful.
CN=Configuration,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:41:11 was successful.
CN=Schema,CN=Configuration,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-20 23:51:37 was successful.
DC=DomainDnsZones,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:45:39 was successful.
DC=ForestDnsZones,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-20 23:51:37 was successful.
Regards and thanks in advance
MhiarHi,
Based on the description, the Sysvol is replicated by FRS service.
>>some policies at the main DC are not updated like same policies in second DC.
In this case, we can do a non-authoritative restore on the main DC.
To do so:
Click Start, and then click
Run.
In the
Open box, type cmd and then press ENTER.
In the
Command box, type net stop ntfrs.
Click Start, and then click
Run.
In the
Open box, type regedit and then press ENTER.
Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
In the right pane, double-click
BurFlags.
In the
Edit DWORD Value dialog box, type D2 and then click OK.
Quit Registry Editor, and then switch to the
Command box.
In the
Command box, type net start ntfrs.
Quit the
Command box.
Regarding reinitializing File Replication Service replica sets, the following article can be referred to for more information.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762/en-us
Best regards,
Frank Shen
Maybe you are looking for
-
Can anyone help with this crash report? Safari repeatedly crashing...
Process: Safari [478] Path: /Applications/Safari.app/Contents/MacOS/Safari Identifier: com.apple.Safari Version: 5.1.10 (6534.59.10) Build Info: WebBrowser-75345910~1 Code Type: X86-64 (Native) Parent Process: launchd [117] Date/Time: 2013-11-10 10:
-
How can we know if an entity is active or not in a given period in HFM??
In in the ownship management, we can see the child entity is inactive, but we don't know when it was inactivced, is there any table we can find to see if an entity is active or not??
-
Hi, I am trying to link my Ipad to my email address, but I keep getting a message to click on the link to verify the email account is my own, however I am not seeing a link to click on to. Can someone please help me?
-
WBS - Error in Expected Costs after Service Receipt
Hi to all, we are working with SRM Server 4, sp9 using Extended Classic Scenario. We've created a "PO ref. to contracts" and we've assigned costs to WBS budget. All works fine because total value of PO has been added to "Commitment Line" (expected co
-
Wifi problems in Mountain Lion when resuming from sleep mode.
I have recently upgraded my Macbook Pro to OS X Mountain Lion. I have been noticing that everytime my computer enters sleep mode and I wake it back up to use again the wifi connection is lost or frozen. If I roll over the wifi bars at the top of my d