Event 4098, Group Policy Local Users and Groups

Hello,
A few of our computers on the network are not replacing the local "Administrator (built-in)"account with our administrator account we set up through Group Policy. I recieve the follow error message from the Applicaiton Logs. I'm
not sure if this error is a PC issue instead of a Group Policy issue, because Group Policy seems to be working fine on our other PCs. Any suggestions/ideas would be helpful. Thank you.
Error message: The computer "Administrators (built-in) preference item in the "Security Policies {CD8199AF-99A8-41F8-8D28-C92DD9C57A51}" Group Policy object did not apply because it failed with error code '0x80070526 The specified group policy
already exists.' This error was suppressed.

Hi,
It seems that you have configured this security policy already, you can try run GPupdate /force command and then check if all security policies are applied in your computer:
Resultant Set of Policy
http://technet.microsoft.com/en-us/library/cc772175.aspx
you can use this command to retrieve the specific group policy:
http://technet.microsoft.com/en-us/library/ee461059.aspx
If you have any feedback on our support, please click
here
Alex Zhao
TechNet Community Support

Similar Messages

  • Event ID 1085 on DC - Failed to Apply the Group Policy Local Users and Groups Settings

    I have a domain with 2 DCs.  The primary DC is running Server 2012 and is raising Event ID 1085 every 10 minutes and 20 seconds.
    Windows failed to apply the Group Policy Local Users and Groups settings. Group Policy Local Users and Groups settings might have its own log file. Please click on the "More information" link.
    System
    - Provider
    [ Name] Microsoft-Windows-GroupPolicy
    [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
    EventID 1085
    Version 0
    Level 3
    Task 0
    Opcode 1
    Keywords 0x8000000000000000
    - TimeCreated
    [ SystemTime] 2014-10-20T20:09:03.706992400Z
    EventRecordID 130087
    - Correlation
    [ ActivityID] {FDDFB8C5-9ECF-41B9-B2B4-3AD0B345A37A}
    - Execution
    [ ProcessID] 1000
    [ ThreadID] 3280
    Channel System
    Computer SERVER.DOMAIN.NAME
    - Security
    [ UserID] S-1-5-18
    - EventData
    SupportInfo1 1
    SupportInfo2 4404
    ProcessingMode 0
    ProcessingTimeInMilliseconds 10343
    ErrorCode 183
    ErrorDescription Cannot create a file when that file already exists.
    DCName \\SERVER.DOMAIN.name
    ExtensionName Group Policy Local Users and Groups
    ExtensionId {17D89FEC-5C44-4972-B12D-241CAEF74509}
    Everything I look up for Event ID 1085 seems to be about a different cause.
    Any ideas?

    I enabled tracing on a domain gpo and I still get the error when running gpupdate /force .
    I'm also still getting Event 1085.  Here's the trace file.  I've anonymized the site/domain and the GUIDs.
    2014-10-21 11:16:54.003 [pid=0x3e8,tid=0xcd0] Entering ProcessGroupPolicyExLocUsAndGroups()
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] SOFTWARE\Policies\Microsoft\Windows\Group Policy\{GUID-1}
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] BackgroundPriorityLevel ( 0 )
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] DisableRSoP ( 0 )
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] LogLevel ( 2 )
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] Command subsystem initialized. [SUCCEEDED(S_FALSE)]
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] Background priority set to 0 (Idle).
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ----- Parameters
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] CSE GUID : {GUID-1}
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] Flags : ( X ) GPO_INFO_FLAG_MACHINE - Apply machine policy rather than user policy
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( X ) GPO_INFO_FLAG_BACKGROUND - Background refresh of policy (ok to do slow stuff)
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_SLOWLINK - Policy is being applied across a slow link
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_VERBOSE - Verbose output to the eventlog
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_NOCHANGES - No changes were detected to the Group Policy Objects
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_LINKTRANSITION - A change in link speed was detected between previous policy application and current policy application
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_LOGRSOP_TRANSITION - A change in RSoP logging was detected between the application of the previous policy and the application of the current policy.
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( X ) GPO_INFO_FLAG_FORCED_REFRESH - Forced Refresh is being applied. redo policies.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_SAFEMODE_BOOT - windows safe mode boot flag
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_ASYNC_FOREGROUND - Asynchronous foreground refresh of policy
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Token (computer or user SID): S-1-5-18
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Abort Flag : Yes (0x313be090)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] HKey Root : Yes (0x80000002)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Deleted GPO List : No
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Changed GPO List : Yes
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Asynchronous Processing : Yes
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Status Callback : No (0x00000000)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] WMI namespace : Yes (0x32273740)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] RSoP Status : Yes (0x320cc7f4)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Planning Mode Site : (none)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Computer Target : No (0x00000000)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] User Target : No (0x00000000)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Calculated list relevance. [SUCCEEDED(S_FALSE)]
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ----- Changed - 0
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Options (raw) : 0x00000000
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Version : 19267878 (0x01260126)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPC : LDAP://CN=Machine,CN={GUID-2},CN=Policies,CN=System,DC=SITE,DC=DOMAIN
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPT : \\SITE.DOMAIN\sysvol\SITE.DOMAIN\Policies\{GUID-2}\Machine
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Display Name : Default Domain Policy
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Name : {GUID-2}
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Link : ( ) GPLinkUnknown - No link information is available.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkSite - The GPO is linked to a site.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( X ) GPLinkDomain - The GPO is linked to a domain.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GP Link Error
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] lParam : 0x00000000
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Prev GPO : No
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Next GPO : Yes
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Extensions : [{00000000-0000-0000-0000-000000000000}{GUID-3}][{GUID-1}{GUID-3}][{GUID-4}{GUID-5}{GUID-6}{GUID-7}{GUID-8}][{GUID-9}{GUID-10}][{GUID-11}{GUID-5}{GUID-6}]
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] lParam2 : 0x3146f978
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Link : LDAP://DC=SITE,DC=DOMAIN
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Purge GPH : C:\ProgramData\Microsoft\Group Policy\History\{GUID-2}\Machine\Preferences\Groups\Groups.xml
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Read GPE XML data file (592 bytes total).
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ----- Changed - 1
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Options (raw) : 0x00000000
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Version : 1245203 (0x00130013)
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPC : LDAP://CN=Machine,CN={GUID-12},CN=Policies,CN=System,DC=SITE,DC=DOMAIN
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPT : \\SITE.DOMAIN\sysvol\SITE.DOMAIN\Policies\{GUID-12}\Machine
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Display Name : Default Domain Controllers Policy
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Name : {GUID-12}
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Link : ( ) GPLinkUnknown - No link information is available.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkSite - The GPO is linked to a site.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkDomain - The GPO is linked to a domain.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( X ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GP Link Error
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] lParam : 0x00000000
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Prev GPO : Yes
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Next GPO : No
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Extensions : [{00000000-0000-0000-0000-000000000000}{GUID-3}][{GUID-1}{GUID-3}][{GUID-9}{GUID-10}]
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] lParam2 : 0x324e8198
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Link : LDAP://OU=Domain Controllers,DC=SITE,DC=DOMAIN
    2014-10-21 11:16:54.127 [pid=0x3e8,tid=0xcd0] Purge GPH : C:\ProgramData\Microsoft\Group Policy\History\{GUID-12}\Machine\Preferences\Groups\Groups.xml
    2014-10-21 11:16:54.127 [pid=0x3e8,tid=0xcd0] Read GPE XML data file (592 bytes total).
    2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Completed get next GPO. [SUCCEEDED(S_FALSE)]
    2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] WQL : SELECT * FROM RSOP_PolmkrSetting WHERE polmkrBaseCseGuid = "{GUID-1}"
    2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Purged 2 old RSoP entries.
    2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Logging 2 new RSoP entries.
    2014-10-21 11:16:54.159 [pid=0x3e8,tid=0xcd0] RSoP Entry 0
    2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] RSoP Entry 1
    2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] Completed get GPO list. [SUCCEEDED(S_FALSE)]
    2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] IsRsopPlanningMode() [SUCCEEDED(S_FALSE)]
    2014-10-21 11:17:04.252 [pid=0x3e8,tid=0xcd0] Completed settings update (csePostProcess). [ hr = 0x800700b7 "Cannot create a file when that file already exists." ]
    2014-10-21 11:17:04.252 [pid=0x3e8,tid=0xcd0] Completed CSE post-processing. [ hr = 0x800700b7 "Cannot create a file when that file already exists." ]
    2014-10-21 11:17:04.267 [pid=0x3e8,tid=0xcd0] Leaving ProcessGroupPolicyExLocUsAndGroups() returned 0x000000b7

  • I can no longer use all of the "Computer Management" tools against a remote computer. "Local Users and Groups", "Event Viewer", "Performance Logs and Alerts" and "Device Manager"

    Hello All,
    I can no longer use all of the "Computer Management" tools against a remote
    computer. "Local Users and Groups", "Event Viewer", "Performance Logs and
    Alerts" and "Device Manager"
    kindly see the below snapshot for assistance
    REGARDS DANISH DANIE

    This link may help....
    http://windowsxp.mvps.org/admintools.htm
    Freeman

  • Local Users and Groups

    I've searched all of the associated links on this subject and they don't solve my problem.  I do now get that, since I have 8.1 home, I do not have access to the Local Users and Groups feature and that is fine; I am essentially the only user on my new
    computer.  My problem is the following:
    I bought a new Dell Inspiron 2350 and, using Carbonite, migrated everything over to it from my previous XP computer.  There are a number of folders to which I am not granted access, such as My Pictures; the only advice the error messages give is to
    change the access permissions, but I am not allowed to do that.  I am only advised to use the Local Users feature to be able to do that.  See my problem?? How do I negate all that stuff so that I can access all the files and folders that were brought
    onto my new computer?

    Did you try taking ownership ?
    http://technet.microsoft.com/en-in/library/cc753659.aspx
    Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
    the thread.

  • WINDOWS 8.1 - System Tools no longer displaying User and Group Settings after adding a new LOCAL user.

    I jumped on my parents computer, which is on a domain.  I added a new local user(with my live.com login) and gave it admin status.  That's when the trouble began.
    The main user profile disappeared.  I used the command prompt fix (see other fixes) to add the missing user back into admin.  I logged back in, and it set up the account for the first time (WTF?).  I cannot access any files from the main account
    (that I logged into just fine before to get this debacle started.)
    When going to Local Computer Management --> System Tools, my users and groups tool is missing.
    I ran lusrmgr.msc only to find out that the most current version of Windows 8.1 and this is what it said "This snapin may not be used with this edition of Windows 8.1.  To manage user accounts for this computer, use the User Accounts tool in the
    Control Panel."   <---- Awesome!  (that was sarcasm.)
    I have spent over two hours in the User Account tool during the course of this problem only to prove that a picture of a computer is more useful that that "tool".  
    To anyone reading this ticket, the best advice I can offer you (as long as its not a crucial machine) is to back up what you can gain access to, format your hard-drive and reinstall windows and start over again.  I wouldn't recommend reinstalling 8.1,
    I would say go back to 7 and wait until 10 comes out.   Windows 8 is the new Vista.  Good luck!

    Hello AhavahOlam,
    I can understand your feelings.
    If my understanding is right, after adding a new local user in domain-joined Windows 8.1, you can’t open the local users and groups.
    Can you still add account by going to Control Panel\User Accounts and Family Safety\User Accounts\Manage Accounts?
    As this computer is domain-based, it is recommended to contact the domain administrator to see if the option is blocked.
    Best regards,
    Fangzhou CHEN
    Fangzhou CHEN
    TechNet Community Support

  • How to reset users and groups in Server.app?

    Recently after change settings in the Server.app (like turn off/on open directory, delete/add certificates), I got a strange problem:
    In the users and groups list, it display all local users and groups (looks like system users and groups, about 100 users and groups, but this is a new server)
    I tried reset the server.app by following
    howto reinstall/reinitialize os x server
    http://support.apple.com/kb/HT200271?viewlocale=en_US
    These users and groups still showing there.
    Have you seen this before and how can I completely reset the server.app to factory default so that I can start over the set up?

    In theory, that should restore the users.  You can do some surgery if you are really brave.  But the reinstall generally should be enough. 
    These accounts are in the DSLocal data store.  Basically, this is very similar to the any OS X machine.  Apple keeps a default copy of the Local Database here:
    /System/Library/DirectoryServices/DefaultLocalDB/Default
    Should you need to reset a machine to the default local database, you can remove the current database (/var/db/dslocal/nodes/Default) and then copy the default one to the same location.  I would not go this far unless the reinstall was unsuccessful. 
    To check, you can run this command:
    dscl . list /Users
    That will list all the Users in the local DB.   To get a count, pipe to wc
    dscl . list /Users | wc -l
    On a Server that I just jumped on, I see 79 users and 111 groups (dscl . list /Groups | wc -l)  But this is a system will man SACL groups so I likely have more than the default.
    Hope this continues to help.  Probably more info that you want. 
    Reid
    Apple Consultants Network
    Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store
    Author "Mavericks Server – Control and Collaboration" :: Exclusively available in Apple's iBooks Store

  • Manage users and groups on 10.5 client like 10.5 server?

    can anyone recommend software for managing local users and groups on 10.5 client? we only need filesharing and don't need the added expense of OS X Server.
    thanks

    oh, right. we can add users with the File Sharing pref pane and can add groups under the Accounts pref pane.
    i'm assisting a friend reconfigure a 'server' (os x client box) that was damaged.
    i'd like to create a new group and then add a handful of users to that group for filesharing. these users don't really need to access the mac for local login.
    they are using Windows Vista from the clients and the way it's set up now, if a user connects and modifies/creates a file, no one else can then modify the file. we have to run chmod on the file/directory for everyone to be able to change it. i'd like to configure it so the permissions work correctly without having to do this.

  • How to change default /Users and /Groups to different Volume?

    Users are created in /Volumes/<boot>/Users and groups in /Volumes/<boot>/Groups.
    We need these to be created on a different volume, eg., /Volumes/External/Users, and /Volumes/External/Groups.
    Setup Assistant correctly put user Backups into */Volumes/External/Shared Items/Backups* and also correctly put web services on /Volumes/External/ServiceData -- we want to do the same for Groups and Users.
    Groups are the most critical, as the group needs bulk storage. Users we could leave as is if it can't be done.
    How can this be configured? We've read File Server Admin, Open Directory Admin, and Advanced Server admin from http://www.apple.com/server/macosx/resources/documentation.html without finding an answer.
    Thanks in advance.

    1. Create new folders on the external volume to hold users and groups, but to prevent confusion name them something other than "Users" and "Groups". /Volumes/External/NetUsers and /Volumes/External/NetGroups would be reasonable choices.
    2. Share both of these folders (in Server Admin -> server name in sidebar -> File Sharing -> Volumes & Browse modes -> select each folder -> click Share near the top right).
    3. Enable both folders for automounting on clients (Server Admin -> server name in sidebar -> File Sharing -> Share Points-> select each folder -> Share Point tab under that -> Enable Automount option) with the default options (Directory: /LDAPv3/127.0.0.1, Protocol: AFP, Use for: User home folders and group folders). Be sure to click Save (not just OK in the dialog).
    4. To migrate users, run Workgroup Manager, and change the home location for the users you want to move (select Accounts in the toolbar -> /LDAPv3/127.0.0.1 from the hidden pop-up menu under that -> User icon tab at the left -> select the user(s) you want to change -> Home tab on the right -> select the NetUsers option from the "Where" list). Then, for each user, run this command on the server: "sudo cp -Rp /Users/username /Volumes/External/NetUsers".
    5. Similarly, move Group folders in WGM (Accounts -> /LDAP... -> Groups icon on left -> select groups to move -> Group Folder tab on right -> NetGroups in the list). Then, for each group, run "sudo cp -Rp /Groups/groupname /Volumes/External/NetGroups".
    6. Test to make sure all is working before deleting the old user and group folders from /Users and /Groups (do NOT delete /Users and /Groups themselves, just the individual folders from under them).

  • Huge list of Groups in Users and Groups

    I just upgraded SL to ML. I've been learning and setting things up.
    I use the machine as a standard user and I have a "silent" admin user, too.
    I was wondering if anyone has come across this?  I went into System Preferences and noticed that there was a HUGE list of Groups.  Some had "logical" names like admin server, etc.  The list was super long.  Some of the name were strange, like "umbg"  I have no idea how they got there.  And, searching here, and googling doesn't give me any info.
    I don't know how all these groups got there.  I did not add a single one.
    I did make a mistake, because I deleted them all and then ML made my admin user a standard user and I could not unlock System Preferences, or use my password anywhere.  ugh.
    I tried finding a way to fix it, but I ended up just using Restore from disk utility. no worries, didn't have that much going on, yet.
    Is it normal to have a list of groups that you did not create?  Does ML just create groups in your Users and Groups list??
    How do I take care of it if it happens again?  Can some be deleted?  If so, which ones?  What are they for?
    Thanks for any help with this.

    Okay, I did do the restore.
    And, the groups were not there.
    So, first off, I opened TinkerToolSystem and went through all thes options.  I found one: Show Groups in users and groups.  I made sure it was not checked.  Hopefully, it will not repopulate.
    Then I remembered something.  I did download Onyx.  I was just looking for a way to change something simple.  Mostly, I just looked around, didn't click on buttons, etc.  But, Onyx may have change this setting (or me using Onyx inadvertently).  Whichever, whatever, I've used TinkerToolSystem for years and it's always worked so well.  I think I'm sticking with it and not install Onyx - which I had to go through the Gatekeeper exception deal... so it makes me nervous.
    I'll post back if further issues with this.

  • LDAP user and group configuration in ADF application

    Hi All,
    I have to use LDAP user and groups in my ADF application. I have configured the LDAP on WLS server successfully and can see all users/groups under tab "User and Groups". I have added the Enterprise Role in jazn-data.xml matching the name of groups. Created Application role in jazn-data.xml and assigned a role of Enterprise Role.
    However not added any user in jazn-data.xml. Which i guess not required because it will picked from LDAP.
    Now how to configure the JDeveloper to use those users ? What changes need to make in jazn-data.xml ? or in jps-config.xml / web.xml/ weblogic-application.xml
    Am i missing nay configuration step. i have referred ADF Security set up - step by step tutorial - quick question but not found useful
    I am using JDeveloper 11.1.1.5.
    Thanking you all in advance.
    Mukesh.

    I have below changes in files
    1] In jps-config.xml
    -- Added identity store and selected it from drop down in Security Context tab.
    2] In weblogic-application.xml
    In Security tab --> Role assignment mapped valid-users to principle name.
    <security>
    <realm-name>myrealm</realm-name>
    <security-role-assignment>
    <role-name>valid-users</role-name>
    <principal-name>DERDev</principal-name>
    </security-role-assignment>
    </security>
    3] Same thing done in weblogic.xml . I do not know the difference between weblogic-application.xml and weblogic.xml configuartion and which will work.
    4] Added security role "DERDev" along with the default/automatically added role "valid users"
    <security-role>
    <role-name>DERDev</role-name>
    </security-role>
    Still no luck ...... i am missing again ? I referred many links but found not a single document mentioning all steps
    Mukesh

  • VBS: Add domain user and group to local administrators

    I have a piece of VBS code that I have modified that basically adds a specified domain user and group to the PCs local Administrators group. It works on Windows 7, but not on Windows 8 at all.
    Call AddUserToGroup("./Administrators", "myDomain.net/NetworkAdminis")
    Call AddUserToGroup("./Administrators", "myDomain.net/Domain Admins")
    Call addDomainUser("myDomain", "myUserGroup")
    Sub AddUserToGroup(local, domain)
    Dim objLocalGroup
    Dim objDomainGroup
    Dim server
    For Each server in servers
    Set objLocalGroup = GetObject("WinNT://" & local & ",group")
    Set objDomainGroup = GetObject("WinNT://" & domain & ",group")
    With objLocalGroup
    .Add(objDomainGroup.AdsPath)
    .SetInfo
    End With
    Next
    Set objLocalGroup = Nothing
    Set objDomainGroup = Nothing
    End Sub
    Sub addDomainUser(strDomain, strUser)
    Dim strComputer
    Dim objWshNet
    Dim objGroup
    Dim objUser
    Set objWshNet = CreateObject("WScript.Network")
    strComputer = objWshNet.ComputerName
    Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
    Set objUser = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
    If Not objGroup.IsMember(objUser.ADsPath) Then
    objGroup.Add (objUser.ADsPath)
    End If
    Set objWshNet = Nothing
    Set objGroup = Nothing
    Set objUser = Nothing
    End Sub
    I have debugged the code line by line using VBA's IDE and there seems to be no error condition firing. It executes all lines, but it is not adding the users and groups as it did with Windows 7 and below. The script is being run as local administrator.

    Hi,
    The first step is to comment out your On Error Resume Next line and try again.
    Don't retire TechNet! -
    (Don't give up yet - 13,225+ strong and growing)

  • Configuring group policy for user profiles in Windows Server 2012 R2 Domain

    Requesting some experts advise on configuring group policy for user profiles.
    We will be building new Windows Server 2012 R2 Domain Controllers (Domain of 400 users).
    The settings which I am concerned:
    1. Folder Redirection: Desktop, Documents, Favorites.
    2. Quota for Folder Redirection - 1 GB per user.
    3. Map a networked drive - 1 GB per user.
    4. Roaming profile - (Will ignore if it does not suit our requirement). 
    The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
    FYI, E-mails hosted on MS Office365 and OST file size of few users more than 25GB. So, in case the user moves from one computer to other, the entire mailbox will be downloaded via internet. This consumes high bandwidth if more than 3-4 users shift per day.
    Thanks a lot for your valuable time and efforts.

    Hi,
    >>The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
    This depends on where our outlook data files are stored. If these data files are stored under
    drive:\Users\<username>\AppData\Local, then these files can’t be redirected, for folder redirection can’t redirect appdata local or locallow.
    However, regarding your question, we can refer to the following thread to find the solution.
    Roam outlook profiles without roaming profiles
    http://social.technet.microsoft.com/Forums/office/en-US/3908b8e0-8f44-4a34-8eb5-5a024df3463e/roam-outlook-profiles-without-roaming-profiles
    In addition, regarding how to configure folder redirection, the following article can be referred to for more information.
    Configuring Folder Redirection
    http://technet.microsoft.com/library/cc786749.aspx
    Hope it helps.
    Best regards,
    Frank Shen

  • Why do I have so many Users and Groups (RDN) on my computer?

    I have had trouble viewing certain documents. I've been told I don't have permission. When I checked the Users, I find a list of Users and Groups that I'm unaware of. My computer should only be used by myself and my daughter. How do I know which Users to
    keep, and which to get rid of? How do I delete unwanted users? I do belong to a group. My computer was given to me by my former employer. Does he still have access to my files?
    These are the additional users and Groups listed on my computer...
    Account Manager 101
    Administrator
    Administrators
    ANONYMOUS LOGON
    Authenticated Users
    Backup Operators
    Batch
    CONSOLE LOGON
    CREATOR GROUP
    CREATOR OWNER
    Cryptograph Operators
    Dialup
    Distributed COM Users
    Event Log Readers 
    Everyone
    Guest
    Guests
    Homegroupusers$
    HomeUsers
    IIS_IUSRS
    INTERACTIVE
    IUSR
    Local Account
    Local Account and Member of Administrators Group
    LOCAL SERVICE
    Mackenzie Victor
    NETWORK
    Network Configuration Operators
    NETWORK SERVICE
    OWNER RIGHTS
    Performance Log Users
    Performance Monitor Users
    Power Users
    Remote Desktop Users
    REMOTE INTERACTIVE LOGON
    Replicator
    SERVICE 
    SYSTEM
    TERMINAL SERVICE USER
    This Organization Certificate 
    Users
    Some of which have access to my folders, others do not. Is this something that should concern me?

    I have had trouble viewing certain documents. I've been told I don't have permission. When I checked the Users, I find a list of Users and Groups that I'm unaware of. My computer should only be used by myself and my daughter. How do I know which Users to
    keep, and which to get rid of? How do I delete unwanted users? I do belong to a group. My computer was given to me by my former employer. Does he still have access to my files?
    These are the additional users and Groups listed on my computer...
    Account Manager 101
    Administrator
    Administrators
    ANONYMOUS LOGON
    Authenticated Users
    Backup Operators
    Batch
    CONSOLE LOGON
    CREATOR GROUP
    CREATOR OWNER
    Cryptograph Operators
    Dialup
    Distributed COM Users
    Event Log Readers 
    Everyone
    Guest
    Guests
    Homegroupusers$
    HomeUsers
    IIS_IUSRS
    INTERACTIVE
    IUSR
    Local Account
    Local Account and Member of Administrators Group
    LOCAL SERVICE
    Mackenzie Victor
    NETWORK
    Network Configuration Operators
    NETWORK SERVICE
    OWNER RIGHTS
    Performance Log Users
    Performance Monitor Users
    Power Users
    Remote Desktop Users
    REMOTE INTERACTIVE LOGON
    Replicator
    SERVICE 
    SYSTEM
    TERMINAL SERVICE USER
    This Organization Certificate 
    Users
    Some of which have access to my folders, others do not. Is this something that should concern me?
    I have something the same only mine is a new pc who can I trust

  • Best Practice: Deploying Group Policy to Users on different OUs

    Greetings, everyone! I am needing some advice on how to deploy some group policy objects to specific users stored on different OUs.
    Let me set the stage: I work for a large school district, and have recently taken over the district's career center. The idea behind the career center is that students from different high schools around the city come in to take classes based on their choice
    of career, such as radio broadcasting or auto mechanic and such. The AD structure is set up so that each school has their own OU.  When a user (staff, student, etc.) is assigned to a school OU, they automatically are added to
    their school's security group (i.e. EASTHIGH-STUDENT), and that when any user moves from one school to another, we have to move their AD account to that school's OU, which will remove the security group from the old school and apply the new school
    security group.
    For the career center, since we have students coming from different buildings every day, rather than trying to find a way to move their AD account from their high school OU to the career center OU, the previous techs created generic accounts (such as tv001,
    tv002, etc.) in AD and stored them in the career center OU.  This way, teachers can assign students that particular generic account so that they can access the drives and printers from the career center, as well as access the career center network
    drives while they are at their home high school.
    Since I have moved to the career center, and apparently I have more knowledge about group policy than most of the techs in the district, the district system engineers want me to remove all of the generic accounts from the career center OU, and have students
    use their own AD accounts.  Obviously I also want to do this since the generic accounts are very confusing to me, but I'm trying to figure out the best way to do this.
    For simplicity sake, I'm just going to start off by figuring out how to set up a group policy for mapping the career center drives.  Now, I obviously know that the best way would be to create security groups for each career area, and that we would need
    to add students to those groups so that only those particular students would get the GPO for the career center, but my question is where would I like the group policies to?  Do I need to link it at the root of the domain so that every OU is hit? 
    Just curious about this.
    Thanks!

    Don't link it to the root.... apply the drive mapping as a policy at the OU or you could apply the drive mapping using Group Policy Preferences using security group targeting... .I would also strongly recommend you check out my articles
    Best Practice: Active Directory Structure Guidelines
    – Part 1
    Best Practice: Group Policy Design Guidelines – Part 2
    Hope it helps...

  • Unable to initialize LDAP (No LDAP server is configured)show in the admin server of iWS6.0 users and group

    When I goto web server administration in users and group tab it alway show me Unable to initialize LDAP (No LDAP server is configured) Is it cause the effect to use web server because I use iWS with ias .
    If it cause some effect ,Please let me know how to configured LDAP server.

    Run this Command from the Exchange Server
    Net time \\ADServerName /Set
    and confirm the action,
    and then you need to restart the service
    Microsoft Exchange Active Directory Topology Service
    and confirm you are not getting the Error 4001 in the event Viewer.
    Thank you, it resolved my issue after being sweating looking for solution.
    How can I prevent this from happening? I cannot restart services on each server reboot nor lose 5 years of my life!!!
    Sokratis Laskaridis MCP, MCTS, MCITP, Small Business Specialist Netapp ASAP, Symantec STS

Maybe you are looking for

  • How do I update to iOS 5 from a different computer? ("Main" comp I used for pasted updates/downloads was destroyed.)

    My "main" comp, the comp I have used for sync's, backups, etc. was destroyed in Afghanistan. I have been trying to update to iOS5 for 3 months and I am using a "new" comp, with latest iTunes, but it won't update; it spends hours backing up my iPhone,

  • Crm_order_maintain - how to add a doc_flow link?

    Problem: I have searched several topic, articles, google, standard code, but have failed to add a doc_flow item (a campaign element) using the FM crm_order_maintain. Source code: Here is a paste of my function module: [http://pastebin.com/XL7c9DUr|ht

  • How to disable autocheck on import

    I have my IPod setup to manually sync and only sync the songs I check. When I import new songs into the ITunes library it automatically checks the songs which then syncs with my IPod. Does anyone know if there is a way to disable the auto check on im

  • Lag function not working in calculated measure

    I am facing a strange problem while using "Lag" function in calculated measure. I have a time dimension which consists of date, workday, financial week, Financial Month and Financial Year. The concept of workday is its a integer number which represen

  • Texts in IDOC SALESORDER_CREATEFROMDAT2.SALESORDER_CREATEFROMDAT202

    Hello, We are using the IDoc SALESORDER_CREATEFROMDAT2.SALESORDER_CREATEFROMDAT202 for creating Salesorders in our SAP R/3 system. We want to enter texts on header and on item lines in the salesorder with this IDoc. In the IDoc structure there is a s