EFS recovery agent
Hello Geeks,
In windows 2012R2 CA , I duplicated recovery efs agent template , then in security tab added my agent and grant enroll and autoenroll,
in properties of CA server , added the recovery agent,
but in gpmc , when I want to add my agent to recovery agent , it shows me that no certificate available!!!!!!
please someone help me??
thanks in advance
I think you are confusing Key Recovery and Data Recovery agents:
In the properties of the CA in certsrv.msc you add a KRA (you change a registry key at the CA after you read KRA's certificates from an object on config. container). This will allow storing users' private keys in the CA DB - it can be used as an alternative
to DRAs but it is unrelated to the DRAs in the GPO.
In order to add the DRAs to a GPO their certificates need to be published the agent users' objects in AD (option Publish certificate to AD needs to be selected in the template) or you need to have the certificates as files. I would prefer the latter not
to complicate things now. So if you have issued proper EFS Recovery certificates
export their certificates from the CA DB (Issued Certificates) or from those agents' personal stores as CRT files and import them to the GPO.
But make sure that these are really EFS Data Recovery certificates and not Key Recovery certificates, otherwise data recovery will not work. The extended key usage should include File Recovery.
Elke
Similar Messages
-
EFS Recovery Agent not working on Windows 8.1
I know EFS data recovery has been discussed so many times in the forums but I could not find anything useful in the other threads as I believe I have followed all the required steps but still cannot get EFS recovery agent to work.
I have a Client1 (Win 8.1) and a DC1 (Windows Server 2012 R2) under beta.com domain.
DC1 is a CA server as well as a domain controller.
I logged into DC1 as beta.com\Administrator
which is the Domain Administrator account.
I duplicated the EFS Recovery Agent template on the
DC1 and published it into Active Directory.
Then I edited the Default Domain Policy GPO and under
Computer Settings\Policies\Windows Settings\Security Settings\Public Key Policies
I right clicked Encrypting File System and selected Create a Data Recovery Agent
and a new file recovery certificate was generated for the Administrator account.
I exported the newly-created Recovery Agent certificate and then logged into
Client1 as beta.com\Administrator and imported
it.
I then logged off from Client1 and logged back in using a different account beta.com\johns
and encrypted a folder (with a text file inside) using EFS. (The folder address on local disk is
C:\Reports)
Then I logged back into Client1 again using beta.com\Administrator
but I am unable to open the file inside the folder and I get an
Access is denied message.
It is very strange to get an "Access is denied" message because on the text file when I right click and click Properties -> Advanced -> Details, under the Recovery Certificates, the Administrator account's certificate is listed
and its thumbprint corresponds to the same recovery certificate which I created in step 3. But I am still unable to access the file.
Do you have any idea why? Am I missing something?
Thanks in advance.
MCT, MCSA/MCSE Security
http://esitech.spaces.live.com/Hi
The Client1 user needs to enrol via GPO to get the recovery certificate normally via automatic enrolment
Check the Personal Certificate store for Client1
I think the policy needs to be applied before you encrypt any data
To manually recover
Did you export the Private key when you did the export ?
Did you export to a .cer file -
Using Bitlocker Data Recovery Agent (DRA) on Surface Pro 3
We currently have the Data Recovery Agent (DRA) configured in our Bitlocker Policy for our Windows 7 Systems, and it works fine. In situations where the Recovery Key for the computer object was not backed up to AD correctly for whatever reason or the computer
object was deleted, our HelpDesk can connect the encrypted drive to another system, and then use the certificate for the DRA to unlock the drive.
I'm wondering if the BitLocker DRA Certificate unlock method will work for Surface Pro 3 devices, in the case that that their computer object and normal BitLocker recovery key is deleted or missing in AD for whatever reason. Seeing as how our helpdesk can't
easily remove the internal HD from a Surface Pro 3 (I think only MS can do this?), I'm wondering if this BitLocker recovery option is still an option for Surface Pro 3's and if it is not then if there is another recommended option for Surface Pro 3's and/or
other Windows 8.1 Tablets used in an enterprise environment.noctlos wrote:
Using linux-3.18 and -3.19 kernels, with wayland/weston v. 1.7. In its own tty, i try to run weston, and I get the following stderr:
Could anyone help me to figure this out? Thanks.
Seems that the problem lies in libinput. Maybe you can report that upstream. I suggest you recompile libinput with debug info and do not strip the binaries to obtain better backtraces.
Edit:
I have also tried running `swc-launch -- velox`, and get the following error:
Running on /dev/tty2
velox: error while loading shared libraries: libinput.so.5: cannot open shared object file: No such file or directory
Server exited with status 127
Restoring VT to original state
So, perhaps I am having some libinput trouble. Does this seem correct?
Well, that's a different problem. libinput has several soname bumps because of API and ABI incompatibility. You have to rebuild swc against the newest libinput. (Although I'm not sure if swc developer updated the code to new API)
Edit 2:
Just to tack this on here for `gnome-session --session=gnome-wayland --debug`
I'm not expert on this, it may be related to libinput problem. If you don't include GDK_BACKEND=wayland environment variable when launching gnome-wayland.
Last edited by jdbrown (2015-03-01 08:04:39) -
How can I add a bitlocker data recovery agent?
Hi,
I'm using an SCCM 2012 task sequence to encrypt laptop disks using bitlocker.
If I want to add a data recovery agent, can I just configure a GPO with the specific DRA settings as shown here:
http://sourcedaddy.com/windows-7/how-to-configure-data-recovery-agent.html ?
Or is there another method I should be using for SCCM 2012?
ThanksYes, I know this is an old post, but I’m trying to clean them up.
Did you solve this problem, if so what was the solution?
Have you looked at MBAM?
Garth Jones | My blogs: Enhansoft and
Old Blog site | Twitter:
@GarthMJ -
IFolder 3.8.4 AutoAccount.xml setting for recovery agent
hi,
Does the AutoAccount.xml response file have setting for recovery agent setting on client.
I would like to deploy ifolder client must using server default for the passphrase recover, rather sscert, sscert is much complex.
Many thankslywwing,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/ -
Urgent! Can't open encrypted file under the same user.
My system is X61s, Windows XP pro sp3.
There is no change of user account, no reinstallation or recovery of system.
I used EPS encrypted some of my important files last month. Without any user account changes and system reinstallation I suddenly can not open the encrypted files anymore. I am aware that the change of user account or reinstalling the system will change the encrypted ID, then the encrypted file will not be opened unless there is a digital certificate of the user that encrypted the file. However I have been using the same user account since I bought the laptop and I have never reinstalled or recovered the system.
I have tried to encrypted some other files and these files can be opened without any problem. But only the file that I encrypted about a month ago can not be opened. Those are very important files for me. Can anyone help me to get my files back please!!!
mod edit: moved to windows forum for better exposure.
Message Edited by erik on 10-01-2008 11:51 PMhello you did not mention any error messages you were facing??
i can only assume you are getting the follwing messages if you try to open an encrypted file...
Cause: Encrypting File System (EFS) only works on files and folders on NTFS file system volumes. If the folder or file you are trying to encrypt is on a FAT or FAT32 volume, the Advanced button does not appear in the properties of that folder or file.
Solution:
Convert the volume to NTFS with the convert utility.
Open command prompt
Type:
convert drive /fs:ntfs
where drive is the drive letter of the intended drive.
"the recovery policy configured for this system contains an invalid security certificate" or "BAD_RECOVERY_POLICY" OCCURS
Cause: The Encrypting File System (EFS) recovery policy implemented on this computer contains one or more EFS recovery agent certificates that have expired. These certificates cannot be used.
Solution:
Either renew the existing certificates or generate new certificates for the EFS recovery agents and reapply the recovery agent policy with those certificates.
the acess denied message occurs when trying to open an encrypted file
Cause: The file was encrypted by Encrypting File System (EFS) using a public key certificate and the associated private key for this certificate is not available on this computer.
Solution:
Locate the private key for the appropriate certificate and import it onto this computer using the Certificates snap-in.
Cheers and regards,
• » νιנαソѕαяα∂нι ѕαмανє∂αм ™ « •
●๋•کáŕádhí'ک díáŕý ツ
I am a volunteer here. I don't work for Lenovo -
Hello All,
we are in the process of upgrading our AD from 2008 r2 to 2k12 r2 and like to take experts opinion in this forum about the approach
we have multiple sites and two child domains under parent domain ( eg: bixel.com ( Root ) , physics.bixel.com, chemist.bixel.com
) which is spanned across 15 sites.
Question:
how do we generally plan upgrade ?, do we upgrade FSMO first and then GC's or DC's ? or do we upgrade GC's , DC"s in all other sites and at the end upgrade FSMO role holders ?
also are there any horror stories during upgrade process which i can take into consideration ?
Any replication issues / trust issues ?Your plan sounds fine, and I assume that by saying upgrading the FSMO role holders first, that you are specifically going to run adprep on the Schema Master first, then upgrade that DC first, which I will assume that it's also the Domain Naming Master
and a GC. Of course, you should upgrade the PDC immediately if you plan on cloning your virtualized DCs using the VM-GenID.
Keep in mind, there are some things that have changed on 2012 R2, so you must keep them in mind.
The info above, and much more, are all in the matrix in the following link that I think you should take a close look before you start:
Upgrade Domain Controllers to Windows Server 2012 R2 and Windows Server 2012
http://technet.microsoft.com/en-us/library/hh994618.aspx
Another thing to consider is DNS design to support the forest. How is DNS designed to support your child domains? Are the parent and child zones set to domain wide replication and each is delegated from the parent to the child and the child has a forwarder
back to the parent, or are all zones set to forest wide replication? Here's what I mean:
DNS Design Options in a Multi-Domain Forest - How to create a Parent-Child DNS Delegation, and How to Configure DNS to create a new Tree in the Forest
http://blogs.msmvps.com/acefekay/2010/10/01/dns-parent-child-dns-delegation-how-to-create-a-dns-delegation/
Make sure all AV are disabled or better, uninstalled first.
If using EFS...
Back Up the Private Key of the Domain's EFS Recovery Agent
http://technet.microsoft.com/en-us/library/cc755157(WS.10).aspx
How to back up the recovery agent Encrypting File System (EFS) private key in Windows
http://support.microsoft.com/kb/241201
Are there any third party apps or services installed that need to be addressed for compatibility? Contact the vendor.
Are all DCs in your forest a GC? IF not, did you move the IM role off a GC in each domain?
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights. -
Access Denied when trying to open a file that is encrypted on network share with EFS
I just recently enabled EFS on the default domain policy and created a new network share, encrypted a file and added myself to that file and tried to open the file from my workstation. I then receive an error "Access denied", I also tried
to create a file and encrypt it on that same share and get an error "The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation."
My steps.
1. Enable group policy for EFS, removed the expired certificate that was already there and Created a new Data recovery agent.
2. Created a network share, created a test file, enabled encryption on the file
3. certmgr.msc, personal and requested a new certificate, Basic EFS
4. On the network share and properties of file, advanced, details and added the user
5. from the workstation tried to access the file, Access Denied. I can create any file I won't just can't add attributes to encrypt the file or open an encrypted file
Now if I go to the server where the CA is located which is also the AD server and create share and run the same process it works as expected. I'm guessing I have to export the cert from the CA server as a pfx and import that to both the server that
has the network share and the workstation but that still doesn't seem to work. Maybe I don't understand how EFS works and this is not possible? Any suggestions would be appreciated.You are correct in not understanding how EFS works.
When you connect to an encrypted file via a network share, the encryption/decryption takes place *on* the server. To enable over the network access, the server's computer account must be trusted for delegation.
The server actually impersonates the user and creates a user profile on the server (containing the defined EFS certificate and private key). The important thing to remember is that the files is transmitted in clear text from the server to the client.
See http://blogs.technet.com/b/instan/archive/2010/08/11/remote-efs-decryption-and-trusted-for-delegation-requirements.aspx
Brian -
Backup and Restore and Recovery
I just recently ran the Backup for my NB255-N245 Notebook with Windows 7 Starter. I did not use the Online Backup but used a USB drive with 128GB of capacity. After doing this I was looking to see what was on the drive because it seemed only 2GB of space was used. I on see 2 items 1 named Notebook and another file MediaID.bin. I am curious what is on this drive and what can be restored or recovered with it? I was originally trying to make a copy of the C drive so I could restore it from the original files, if I am explaining that correctly. This being I think there may be a corrupted file somewhere. I did find out apparently recovery disks seem to be needed to do what I was going to do but not sure if that is correct?
There is a lot of information around, but I will try to explain it in simple terms from my head (sorry, I won't provide links).
Anyway, here is how it is supposed to work.
You must create a user who will be designated as a Data Recovery Agent (DRA).
Do the following on a domain joined workstation - could be a VM.
Encrypt a file using this account so that EFS certificate is created for the DRA.
Export the certificate and export private key. Delete private key during the export.
Save the exported certificate into the safe. Delete exported certificate from the workstation. Optionally, if it was a VM, delete a VM too.
This leaves you with account for DRA that only has the public key, but not the private key. This user can encrypt EFS files, but cannot read them. This is your DRA account. You don't use it for anything else but as a DRA.
So, configure Data recovery policy, using your prepared account as DRA.
That's all.
When you need to recover files, get a new (clean) domain joined workstation - could be a VM.
Get certificate from the safe.
Create a new user JohnDoe.
Import a certificate from the safe to JohnDoe.
Now JonhnDoe has both private and public key and can read EFS encrypted data.
Decrypt the data as you like.
When you are finished, destroy JohnDoe and workstation (VM).
HTH -
Escrow the recovery key in DB server and not in AD when removable drive is encrypted.
Is there any way to escrow the recovery key in the database server and not in AD when removable drive (USB drive) is encrypted via manage-bde command line? The data recovery agent is not enabled in our organization.
"Choose how bitlocker protected removable Drives can be recovered" for removable drives is disabled in our Group policy also.
Please advise. Thank you.As far as I am concerned, you cannot do that when you are using the command line "Manage-bde".
The reason is because, the manage-bde command line parameters doesn't support saving recovery keys to databases. Also there is not any group policy defined for it.
I you want an option to save recovery keys in a database rather than the AD, I would recommend to use MBAM (Microsoft Bitlocker Administration and Monitoring).
Gaurav Ranjan -
Drive Recovery Using DRA on another Computer Shows No Protectors
We are rolling out a new series of laptop using MBAM 2.5 next week. We are encrypting the OS drive with 256bit encryption using MBAM GPOs and use TPM+PIN. We have also setup DRAs via GPO, which was done on our previous generation of laptops, but
without MBAM. We are able to recover a drive using the recovery password. Manage-bde -protectors -get c: on the laptop shows all the correct protectors. When I remove the disk drive and put it in a USB carrier and plug it into a similarly configured laptop
to decrypt the drive via DRA, the drive shows as unformatted and a showing of protectors for the drive lists no protectors. I don't understand. We have done this same process for several years with our previous generation of laptops. I am stumped.You may want to check the settings configured for the policy “Choose how BitLocker-protected operating system drives can be recovered”
From Planning for MBAM 2.5 Group Policy Requirements
Suggested configuration: Not Configured
Configure this policy to enable the BitLocker data recovery agent or to save BitLocker recovery information to Active Directory Domain Services (AD DS).
When this policy is not configured, the data recovery agent is allowed, and recovery information is not backed up to AD DS.
MBAM operation does not require recovery information to be backed up to AD DS.
Brandon
MDOP on the Springboard Series on TechNet -
MBAM bitlocker-protected removable drives recovery keys saved on sql database not active directory
Hi Guys
I need help in saving bitlocker protected removable drives on the sql database instead of active directory .
I have tried to play around with the policy and I am not winning , currently my GPO : Choose how bitlocker-protected removable drives can be recovered has only the allow data recovery agent chosen and I have left out all the AD DS option unticked
Please point me in the right direction on how to achieve this , I want all my keys in a SQL database so the users can recover the keys themselves using the mbam helpdesk websiteUnder client management, define your endpoint URLs. You can see the help and the description section for that particular policy. Copy and paste the URL removing the port number and replace the name of the Server with that of your MBAM Web server.
Also, Disable or don't configure the policy "Choose how bitlocker protected removable Drives can
be recovered".
This will save your recovery keys to the MBAM DBs.
Gaurav Ranjan -
I have deployed image window 7 image with factory reset on separate partition. I am able to recover the solution to factory fresh install but the problem i see here is after recovering to full reset. After booting when OOBE is starting , In case this OOBE
is disturbed like power down or any manual interruption. On Next boot window installation error pops up and also Function boot key which i set using ReAgentc.exe also not working. I get window error Recovery follower with below errror
During this time Fn Key[F11 using ReAgentc.exxe) I have configured for Windows Recovery is not working.
Implementation Detail:
Installing OS:
1. create partition
1. par 1 = Recovery partition = Label(R),set iD=27
2. System Boot partition = Label(S)
3. Window partition = label(W)
2. Copy Image to Recovery partition == R:\Recovery\WindowsRE\Install.wim,WinRe.Wim and Boot.sdi
3. Apply Image to W:\ using Image X tool
4. setting boot path W:\windows
5. Setting Recovery option to Fn11 key
W:\Windows\System32\ReAgentc.exe /SetReImage /Target W:\Windows /Path R:\Recovery\WindowsRE /BootKey 0x8500
W:\Windows\System32\ReAgentc.exe /SetOsImage /Target W:\Windows /Path R:\Recovery\WindowsRE
Factory Resetting Implementation:
1. Assign back all label to respective partition
2. format Drive W:\ and apply Install.wim from R:\Recovery\WindowsRE using Imagex tool
3.Deleting Boot Enviroment W:\Windows\System32\Bcdboot.exe W:\windows /l EN-US /s S:
4. Setting Recovery
W:\Windows\System32\ReAgentc.exe /SetReImage /Target W:\Windows /Path R:\Recovery\WindowsRE /BootKey 0x8500
W:\Windows\System32\ReAgentc.exe /SetOsImage /Target W:\Windows /Path R:\Recovery\WindowsRE
5.Shutdown
Steps to repro:
1. Install Factory Setting by pressing F11
2. During OOBE , Plug out the power.
Issue. Recovery partion is not accessible using registered Function Key F11
Any help will be great helpModified instruction from this tutorial.
I have replaced Setting Recovery Agent code by below lines. It working as expected. Still I haven't tested all corner case. But it resolved my problem in my code
R is Partition where my Recovery Option resides.
bcdedit.exe /CREATE {ramdiskoptions} /d "Ramdisk Options"
bcdedit.exe /SET {ramdiskoptions} ramdisksdidevice partition=R:
bcdedit.exe /SET {ramdiskoptions} ramdisksdipath \Recovery\WindowsRE\boot.sdi
for /f "tokens=2 delims={}" %%g in ('bcdedit.exe /create /d "W7 Recovery" /application osloader') do (set guid={%%g})
echo %guid%
bcdedit.exe /SET %guid% device ramdisk=[R:]\Recovery\windowsRE\Winre.wim,{ramdiskoptions}
bcdedit.exe /SET %guid% path \Windows\system32\winload.exe
bcdedit.exe /SET %guid% osdevice ramdisk=[R:]\Recovery\windowsRE\Winre.wim,{ramdiskoptions}
bcdedit.exe /SET %guid% systemroot \windows
bcdedit.exe /SET %guid% winpe yes
bcdedit.exe /SET %guid% detecthal yes
bcdedit.exe /SET %guid% nx OptIn
bcdedit.exe /SET {globalsettings} extendedinput 1
bcdedit.exe /SET {BOOTMGR} custom:0x54000001 %guid%
bcdedit.exe /SET {BOOTMGR} customactions 0x1000085000001 0x54000001 -
When messages end up on the manual recovery queue the operator needs to intervene.
I thought I read somewhere there was a recovery agent that can be configured to automatically recover the messages.
Does anyone know if this is true.
PeteFor invocation msgs. Similar for other cases. Just an example.
import com.oracle.bpel.client.IBPELDomainHandle;
import com.oracle.bpel.client.IBPELProcessHandle;
import com.oracle.bpel.client.IDeliveryConstants;
import com.oracle.bpel.client.IInvokeMetaData;
import com.oracle.bpel.client.Locator;
import com.oracle.bpel.client.NormalizedMessage;
import com.oracle.bpel.client.ServerException;
import com.oracle.bpel.client.delivery.IDeliveryService;
import com.oracle.bpel.client.util.SQLDefs;
import com.oracle.bpel.client.util.WhereCondition;
import java.util.Hashtable;
import com.evermind.server.rmi.RMIInitialContextFactory;
public class BpelRecovery
private Locator locator = null;
public BpelRecovery() throws Exception
Hashtable ctx = new Hashtable();
ctx.put("orabpel.platform", "oc4j_10g");
ctx.put("java.naming.factory.initial", "com.evermind.server.rmi.RMIInitialContextFactory");
ctx.put("java.naming.provider.url", "ormi://localhost/orabpel");
ctx.put("java.naming.security.principal", "admin");
ctx.put("java.naming.security.credentials", "welcome");
try
System.out.println ("Connecting to BPEL...");
locator = new Locator("default","bpel", ctx);
IDeliveryService deliveryService = (IDeliveryService)locator.lookupService(IDeliveryService.SERVICE_NAME );
catch (Exception e)
e.printStackTrace();
throw new Exception ("Failed to connect to BPEL, caused by " + e.getMessage());
public void recovery() throws Exception
IBPELProcessHandle[] pcs = locator.listProcesses();
StringBuffer buf = new StringBuffer();
WhereCondition where = new WhereCondition( buf.append(SQLDefs.IM_state)
.append( " = " )
.append( IDeliveryConstants.STATE_UNRESOLVED )
.toString() );
IInvokeMetaData[]imd = locator.listInvokeMessages(where);
String[] ids = new String[imd.length];
for (int i = 0; i < imd.length; i++)
System.out.println("ConversationId=" + imd.getConversationId());
System.out.println("ProcessId=" + imd[i].getProcessId());
System.out.println("State=" + imd[i].getState());
ids[1] = imd[i].getConversationId();
locator.lookupDomain().recoverInvokeMessages(ids);
public static void main(String[] args) throws Exception
BpelRecovery recovery = new BpelRecovery();
recovery.recovery();
System.out.println("done"); -
Slow log on with Windows XP / Active directory
Hi
I have been trying to work out what is causing my computers to take a long time to log on. The computers are Windows XP and take roughly a 1minute to log on(at worse).
I have turned on userenv debugging and reviewed the files. I think the problem may be related to DNS but not 100% sure.
Please could someone review the log below and see if I am looking in the right direction. Thanks (I've cut the log down slightly)
USERENV(36c.a98) 15:23:07:000 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:000 CheckGPOs: No GPO changes but couldn't read extension EFS recovery's status or policy time.
USERENV(36c.a98) 15:23:07:000 ProcessGPOs: Extension EFS recovery skipped with flags 0x6.
USERENV(36c.a98) 15:23:07:000 ProcessGPOs: -----------------------
USERENV(36c.a98) 15:23:07:000 ProcessGPOs: Processing extension 802.3 Group Policy
USERENV(36c.a98) 15:23:07:000 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:000 CheckGPOs: No GPO changes but couldn't read extension 802.3 Group Policy's status or policy time.
USERENV(36c.a98) 15:23:07:000 ProcessGPOs: Extension 802.3 Group Policy skipped with flags 0x6.
USERENV(36c.a98) 15:23:07:000 ProcessGPOs: -----------------------
USERENV(36c.a98) 15:23:07:000 ProcessGPOs: Processing extension Group Policy Printers
USERENV(36c.a98) 15:23:07:000 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:000 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:000 CheckGPOs: No GPO changes but couldn't read extension Group Policy Printers's status or policy time.
USERENV(36c.a98) 15:23:07:000 ProcessGPOs: Extension Group Policy Printers skipped because both deleted and changed GPO lists are empty.
USERENV(36c.a98) 15:23:07:000 ProcessGPOs: -----------------------
USERENV(36c.a98) 15:23:07:000 ProcessGPOs: Processing extension Group Policy Shortcuts
USERENV(36c.a98) 15:23:07:000 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:000 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:000 CheckGPOs: No GPO changes but couldn't read extension Group Policy Shortcuts's status or policy time.
USERENV(36c.a98) 15:23:07:000 ProcessGPOs: Extension Group Policy Shortcuts skipped because both deleted and changed GPO lists are empty.
USERENV(36c.a98) 15:23:07:000 ProcessGPOs: -----------------------
USERENV(36c.a98) 15:23:07:000 ProcessGPOs: Processing extension Microsoft Offline Files
USERENV(36c.a98) 15:23:07:000 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:000 CheckGPOs: No GPO changes but couldn't read extension Microsoft Offline Files's status or policy time.
USERENV(36c.a98) 15:23:07:000 ProcessGPOs: Extension Microsoft Offline Files skipped with flags 0x6.
USERENV(36c.a98) 15:23:07:000 ProcessGPOs: -----------------------
USERENV(36c.a98) 15:23:07:000 ProcessGPOs: Processing extension Software Installation
USERENV(36c.a98) 15:23:07:000 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:000 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:000 CheckGPOs: No GPO changes but couldn't read extension Software Installation's status or policy time.
USERENV(36c.a98) 15:23:07:000 ProcessGPOs: Extension Software Installation skipped because both deleted and changed GPO lists are empty.
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: -----------------------
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: Processing extension Internet Explorer Machine Accelerators
USERENV(36c.a98) 15:23:07:015 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:015 CheckGPOs: No GPO changes but couldn't read extension Internet Explorer Machine Accelerators's status or policy
time.
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: Extension Internet Explorer Machine Accelerators skipped because both deleted and changed GPO lists
are empty.
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: -----------------------
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: Processing extension IP Security
USERENV(36c.a98) 15:23:07:015 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:015 CheckGPOs: No GPO changes but couldn't read extension IP Security's status or policy time.
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: Extension IP Security skipped with flags 0x6.
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: -----------------------
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: Processing extension Group Policy Internet Settings
USERENV(36c.a98) 15:23:07:015 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:015 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:015 CheckGPOs: No GPO changes but couldn't read extension Group Policy Internet Settings's status or policy time.
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: Extension Group Policy Internet Settings skipped because both deleted and changed GPO lists are
empty.
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: -----------------------
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: Processing extension Group Policy Start Menu Settings
USERENV(36c.a98) 15:23:07:015 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:015 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:015 CheckGPOs: No GPO changes but couldn't read extension Group Policy Start Menu Settings's status or policy time.
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: Extension Group Policy Start Menu Settings skipped because both deleted and changed GPO lists are
empty.
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: -----------------------
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: Processing extension Group Policy Regional Options
USERENV(36c.a98) 15:23:07:015 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:015 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:015 CheckGPOs: No GPO changes but couldn't read extension Group Policy Regional Options's status or policy time.
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: Extension Group Policy Regional Options skipped because both deleted and changed GPO lists are
empty.
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: -----------------------
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: Processing extension Group Policy Power Options
USERENV(36c.a98) 15:23:07:015 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:015 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:015 CheckGPOs: No GPO changes but couldn't read extension Group Policy Power Options's status or policy time.
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: Extension Group Policy Power Options skipped because both deleted and changed GPO lists are empty.
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: -----------------------
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: Processing extension Group Policy Applications
USERENV(36c.a98) 15:23:07:015 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:015 CompareGPOLists: The lists are the same.
USERENV(36c.a98) 15:23:07:015 CheckGPOs: No GPO changes but couldn't read extension Group Policy Applications's status or policy time.
USERENV(36c.a98) 15:23:07:015 ProcessGPOs: Extension Group Policy Applications skipped because both deleted and changed GPO lists are empty.
USERENV(36c.a98) 15:23:07:015 SetFgRefreshInfo: Previous User Fg policy Synchronous, Reason: NonCachedCredentials.
USERENV(36c.a98) 15:23:07:015 SetFgRefreshInfo: Next User Fg policy Asynchronous, Reason: NoNeedForSync.
USERENV(36c.a98) 15:23:07:031 ProcessGPOs: No WMI logging done in this policy cycle.
USERENV(36c.a98) 15:23:07:031 LeaveCriticalPolicySection: Critical section 0x80c has been released.
USERENV(36c.a98) 15:23:07:031 ProcessGPOs: User Group Policy has been applied.
USERENV(36c.a98) 15:23:07:031 ProcessGPOs: Leaving with 1.
USERENV(36c.a98) 15:23:07:031 ApplyGroupPolicy: Leaving successfully.
USERENV(36c.ed8) 15:23:07:031 GPOThread: Next refresh will happen in 103 minutes
USERENV(36c.ee4) 15:23:07:031 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(36c.650) 15:23:07:031 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(36c.370) 15:23:07:187 IsSyncForegroundPolicyRefresh: Asynchronous, Reason: NoNeedForSync
USERENV(36c.f40) 15:23:07:187 IsSyncForegroundPolicyRefresh: Asynchronous, Reason: NoNeedForSync
USERENV(36c.f40) 15:23:07:187 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(f00.f04) 15:23:07:265 LibMain: Process Name: C:\WINDOWS\system32\userinit.exe
USERENV(c4.c0) 15:23:07:500 LibMain: Process Name: C:\WINDOWS\system32\userinit.exe
USERENV(118.7c) 15:23:07:671 LibMain: Process Name: C:\WINDOWS\system32\userinit.exe
USERENV(3a8.3cc) 15:23:07:765 ImpersonateUser: Failed to impersonate user with 5.
USERENV(3a8.3cc) 15:23:07:765 GetUserNameAndDomain Failed to impersonate user
USERENV(3a8.3cc) 15:23:07:781 ImpersonateUser: Failed to impersonate user with 5.
USERENV(3a8.3cc) 15:23:07:781 GetUserDNSDomainName: Failed to impersonate user
USERENV(3a8.3cc) 15:23:07:781 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(c4.c0) 15:23:07:796 GetProfileType: Profile already loaded.
USERENV(c4.c0) 15:23:07:812 GetProfileType: ProfileFlags is 0
USERENV(888.890) 15:23:07:843 LibMain: Process Name: C:\WINDOWS\Explorer.EXE
USERENV(434.9c) 15:23:07:921 LibMain: Process Name: C:\WINDOWS\system32\WgaTray.exe
USERENV(434.9c) 15:23:07:921 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(434.9c) 15:23:07:968 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(888.978) 15:23:08:046 GetProfileType: Profile already loaded.
USERENV(888.978) 15:23:08:046 GetProfileType: ProfileFlags is 0
USERENV(888.978) 15:23:08:046 GetProfileType: Profile already loaded.
USERENV(888.978) 15:23:08:046 GetProfileType: ProfileFlags is 0
USERENV(888.9d4) 15:23:08:078 GetProfileType: Profile already loaded.
USERENV(888.9d4) 15:23:08:078 GetProfileType: ProfileFlags is 0
USERENV(710.3a0) 15:23:08:156 LibMain: Process Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(51c.67c) 15:23:09:640 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(51c.67c) 15:23:09:671 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(e78.b00) 15:23:10:750 LibMain: Process Name: C:\WINDOWS\system32\RUNDLL32.EXE
USERENV(e14.e20) 15:23:11:125 LibMain: Process Name: C:\WINDOWS\Creator\Remind_XP.exe
USERENV(43c.b5c) 15:23:11:125 LibMain: Process Name: C:\WINDOWS\system32\RUNDLL32.EXE
USERENV(e14.e20) 15:23:11:250 GetProfileType: Profile already loaded.
USERENV(e14.e20) 15:23:11:250 GetProfileType: ProfileFlags is 0
USERENV(a64.b50) 15:23:11:437 LibMain: Process Name: C:\WINDOWS\system32\mobsync.exe
USERENV(fc8.ac) 15:23:12:015 LibMain: Process Name: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
USERENV(54c.550) 15:23:13:515 LibMain: Process Name: C:\WINDOWS\system32\ctfmon.exe
USERENV(54c.550) 15:23:13:968 GetProfileType: Profile already loaded.
USERENV(54c.550) 15:23:14:093 GetProfileType: ProfileFlags is 0
USERENV(9e0.9dc) 15:23:15:109 LibMain: Process Name: C:\WINDOWS\system32\imapi.exe
USERENV(888.978) 15:23:17:421 GetProfileType: Profile already loaded.
USERENV(888.978) 15:23:17:421 GetProfileType: ProfileFlags is 0
USERENV(51c.67c) 15:23:17:656 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(36c.efc) 15:23:22:031 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(f68.970) 15:23:22:250 LibMain: Process Name: C:\WINDOWS\system32\NOTEPAD.EXE
USERENV(d0.f28) 15:23:22:312 LibMain: Process Name: C:\WINDOWS\system32\userinit.exe
USERENV(eec.f18) 15:28:16:531 LibMain: Process Name: C:\Program Files\AVG\AVG10\avgdiagex.exe
USERENV(71c.f5c) 15:32:30:703 LibMain: Process Name: C:\Program Files\OCS Inventory Agent\ocsinventory.exe
USERENV(71c.f5c) 15:32:30:703 ImpersonateUser: Failed to impersonate user with 5.
USERENV(71c.f5c) 15:32:30:703 GetUserNameAndDomain Failed to impersonate user
USERENV(71c.f5c) 15:32:30:718 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(71c.f5c) 15:32:30:718 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(71c.f5c) 15:32:30:750 ImpersonateUser: Failed to impersonate user with 5.
USERENV(71c.f5c) 15:32:30:750 GetUserNameAndDomain Failed to impersonate user
USERENV(71c.f5c) 15:32:30:750 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(71c.f5c) 15:32:30:750 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(71c.f5c) 15:32:30:796 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(71c.f5c) 15:32:30:968 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(71c.f5c) 15:32:31:000 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(71c.f5c) 15:32:31:000 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(93c.97c) 15:32:55:609 LibMain: Process Name: C:\Program Files\AVG\AVG10\avgcmgr.exe
USERENV(534.4b8) 15:34:01:421 LibMain: Process Name: C:\Program Files\OCS Inventory Agent\ocsinventory.exe
USERENV(534.4b8) 15:34:01:421 ImpersonateUser: Failed to impersonate user with 5.
USERENV(534.4b8) 15:34:01:421 GetUserNameAndDomain Failed to impersonate user
USERENV(534.4b8) 15:34:01:421 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(534.4b8) 15:34:01:421 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(534.4b8) 15:34:01:437 ImpersonateUser: Failed to impersonate user with 5.
USERENV(534.4b8) 15:34:01:437 GetUserNameAndDomain Failed to impersonate user
USERENV(534.4b8) 15:34:01:437 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(534.4b8) 15:34:01:437 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(534.4b8) 15:34:01:484 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(534.4b8) 15:34:01:640 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(534.4b8) 15:34:01:671 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(534.4b8) 15:34:01:687 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(224.7c8) 15:34:20:968 GetUserDNSDomainName: MyGetUserNameEx failed for NameDnsDomain style name with 5
USERENV(224.7c8) 15:34:20:968 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(224.7c8) 15:34:22:562 GetUserDNSDomainName: MyGetUserNameEx failed for NameDnsDomain style name with 5
USERENV(224.7c8) 15:34:22:562 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(224.7c8) 15:34:22:562 GetUserDNSDomainName: MyGetUserNameEx failed for NameDnsDomain style name with 5
USERENV(224.7c8) 15:34:22:562 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(fb4.dc4) 15:35:54:140 LibMain: Process Name: C:\Program Files\OCS Inventory Agent\ocsinventory.exe
USERENV(fb4.dc4) 15:35:54:140 ImpersonateUser: Failed to impersonate user with 5.
USERENV(fb4.dc4) 15:35:54:140 GetUserNameAndDomain Failed to impersonate user
USERENV(fb4.dc4) 15:35:54:140 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(fb4.dc4) 15:35:54:140 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(fb4.dc4) 15:35:54:140 ImpersonateUser: Failed to impersonate user with 5.
USERENV(fb4.dc4) 15:35:54:140 GetUserNameAndDomain Failed to impersonate user
USERENV(fb4.dc4) 15:35:54:156 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(fb4.dc4) 15:35:54:156 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(fb4.dc4) 15:35:54:187 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(fb4.dc4) 15:35:54:343 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(fb4.dc4) 15:35:54:375 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(fb4.dc4) 15:35:54:390 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(94c.e78) 15:37:21:812 LibMain: Process Name: C:\Program Files\OCS Inventory Agent\ocsinventory.exe
USERENV(94c.e78) 15:37:21:812 ImpersonateUser: Failed to impersonate user with 5.
USERENV(94c.e78) 15:37:21:812 GetUserNameAndDomain Failed to impersonate user
USERENV(94c.e78) 15:37:21:812 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(94c.e78) 15:37:21:828 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(94c.e78) 15:37:21:828 ImpersonateUser: Failed to impersonate user with 5.
USERENV(94c.e78) 15:37:21:828 GetUserNameAndDomain Failed to impersonate user
USERENV(94c.e78) 15:37:21:828 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(94c.e78) 15:37:21:828 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(94c.e78) 15:37:21:890 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(94c.e78) 15:37:22:031 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(94c.e78) 15:37:22:078 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(94c.e78) 15:37:22:078 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(ad4.764) 15:39:07:424 LibMain: Process Name: C:\WINDOWS\system32\verclsid.exeHi
IT is taking 5 mins after Userinit process. There might be issue with that also.
Userinit isresponsible for reconnecting network drives, running logon scripts, etc. I would guess that something of that nature is actually causing the delay. Isolate the user/computer account in an OU with block inheritance set and see if the issue continues.
Also, do you have any logon scripts or mapped drives set on the user account? If so, you may want to remove those and see if that helps the issue. If so you may have a problem with slow network connectivity.
You can also try
How to perform advanced clean-boot troubleshooting in Windows XP
http://support.microsoft.com/kb/316434
In addition to above suggestion, the following two links might be helpful for you to resolve the issue.
http://blogs.technet.com/askds/archive/2009/09/23/so-you-have-a-slow-logon-part-1.aspx
http://blogs.technet.com/askds/archive/2009/09/23/so-you-have-a-slow-logon-part-2.aspx
Maybe you are looking for
-
Ipod will not update from library after transfer from one PC to another?!?
I recently transfered my itunes library from one PC to another using the ipod hard drive and according to the directions listed on this site. All went smooth and roughly 12GB of music transferred. After all music was successfully transfered to the li
-
Hi Friends, I Have a view named - item_sales with 4 column Item code Item name Transaction_YYYYMM (Date stored in YYYYMM format ) QTY_RECEIVED QTY_SOLD Sample data is ITEM_CODE ITEM NAME TRANSACTION_YYYMM QTY_RECD QTY_SOLD AX TSHI
-
HT1600 Apple TV (3rd generation) cannot update
Recently, my Apple TV (3rd generation) showed that I can update it. But while updating, it showed, "update was not successful". I have tried restart and restore it, but it did not work as well Do you guys have any ideas about how can I fix it ?
-
Why are some pictures blurred in IMovie slideshow
I have used IMovie to make slideshows mixed with videos for years. I have even made one recently which was perfect. Suddenly, some of the photos, though crystal clear in the timeline are blurred when set in motion. Certain transitions seem to cause t
-
Need help displaying rank of records in report
Post Author: tpoland CA Forum: General I have a report that is contains summary information that needs to be ranked at the summary level based on performance.*note, this data is completely fictional Company Location Dealer Volume Walkin Volume CarQue