Group Policy processing failure on 2008 when MIX Domain 2003 with DC 2008

Similar Messages

• Group Policy Preferences File Copy - Access is Denied on 2003 but not 2008 R2

  Hello,
  I have created a GPO which copies a file from a network share into a new folder under Program Files. This policy works just fine on a Windows 2008 box, but not on 2003. I've used "psexec -i -s cmd.exe" to verify system account permission to the
  share. I am able to successfully browse and copy files from the share as the system account on both boxes.
  However, when the GPO attempts to perform the file copy, it does not work, and generates the following error message:
  Event Type: Warning
  Event Source: Group Policy Files
  Event Category: (2)
  Event ID: 4098
  Date: 8/28/2013
  Time: 3:32:12 PM
  User: NT AUTHORITY\SYSTEM
  Computer: Server01
  Description:
  The computer 'file.txt' preference item in the 'TXT File Copy {9176122B-1A50-4AB8-91D9-6E8553727E18}' Group Policy object did not apply because it failed with error code '0x80070005 Access is denied.' This error was suppressed.
  I am trying to avoid writing a login script, so I am hoping someone will be able to help me figure out why this works fine on Windows 2008 but not Windows 2003. Please note file names and paths are modified here for security reasons, but the principle is
  the same.
  My GPO is:
  Computer Configuration\Preferences\Windows Settings\Files
  File (Target Path: c:\Program Files\path\to\file\file.txt)
  Source file: \\share\path\to\file\file.txt
  Destination File: c:\program files\path\to\file\file.txt
  Action: Update
  Suppress errors on individual file actions: Disabled
  Read-Only: Enabled
  Hidden: Disabled
  Archive: Enabled
  Stop Processing items on this extension if an error occurrs on this item: No
  Remove this item when it is no longer applied: No
  Apply once and do not reapply: No
  Item-level Targeting: None
  Thanks

  As a user, I am able to browse the share just fine using the alias. It is only when I try to access the share using the system account that I encounter a problem.
  experiencing the exact same symptoms. in the tests below, server, client1, and client2 are all are native instances of microsoft windows server.
  server: windows server 2008 R2 standard SP1
  client1: windows server 2003 standard SP2
  client2: windows server 2008 R2 standard SP1
  registry setting "DisableLoopbackCheck": unconfigured on server; unconfigured on client1; unconfigured on client2
  registry setting "DisableStrictNameChecking": configured as "1" on server; unconfigured on client1; unconfigured on client2
  domain user on client1 attempt to access server by name: success
  domain user on client1 attempt to access server by alias: success
  domain user on client2 attempt to access server by name: success
  domain user on client2 attempt to access server by alias: success
  local system on client1 attempt to access server by name: success
  local system on client1 attempt to access server by alias: failed (system error 5 has occurred. access is denied.)
  local system on client2 attempt to access server by name: success
  local system on client2 attempt to access server by alias: success
  all tests done using "net view \\target", but similar results were seen when using "dir \\target\share" which the domain user and local system account have access to.
  the differing behavior between client1 and client 2 suggests that server 2003 requires additional configuration to allow its local system account to access an SMB share by alias.
  this problem prevents group policy features (such as software installation) from an aliased file server.

• Please Help| group policy site failure

  hey all, i have some big problem in my network.
  i have 3 site named by city. 
  tel aviv-server 2012
  beer sheva-server 2008r2
  netanya-server 2008 r2
  i crete gpo(computer management)  that deny access to mmc.exe
  computer management--->windows settings--->securtiy--->file system
  and add---> %systemroot%/system32/mmc.exe and deny access to user.
  now i go to check the gpo in client side with gpresult /scope computer /r and see that some computers in tel aviv site connected to netanya/beer sheva site.
  what can i do ?
  i have a situation that not matter what i do i cant release mmc.exe to users. 

  Hi eranvak,
  Before going further, would you please let me confirm something more? Would you please descript how you configure
  the group policy summarily? For example, when you create the GPO, where the GPO link to? Did you directly link GPO to the default Domain? Or in GPMC, right click the site and select
  Link an Existing GPO…? Or any other I misunderstand, please feel free to let me know.
  In addition, you descript “enable the inheritance option”, did you mean that just uncheck
  Block Inheritance option?
  Sorry for my confusion. Thanks for your understanding.
  There are two articles for Group Policy Inheritance. Please refer to.
  Group Policy Inheritance
  http://technet.microsoft.com/en-us/library/cc739343(v=ws.10).aspx
  Managing inheritance of Group Policy
  http://technet.microsoft.com/en-us/library/cc757050(v=ws.10).aspx
  Hope this helps.
  Best regards,
  Justin Gu

• Deleted Policy from sysvol location by mistake - Group Policy Infrasturure Failure - 2008 R2

  Hello, I accidentally deleted a GPO Policy from the Policies Folder in the sysvol location. I was sure that it was not being used but was somehow causing an errors when i ran an rsop on my test machine.
  Group Policy Infrastructure failed due to the error listed below.
  The system cannot find the path specified.
  Note:  Due to the GP Core failure, none of the other Group Policy components processed their policy.  Consequently, status information for the other components is not available
  Getting it from Backup would take too long.
  There are no auditing on the DC and cant work out how to recover it now. Is there anyway to get this back? I have checked the other DCs but couldnt find the exact policy ID before replication.
  Thanks
  GP 2008 R2

  > *Group Policy Infrastructure failed due to the error listed below.*
  > *The system cannot find the path specified.*
  gpotool.exe is a handy tool for this :) Download at MS.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Windows 7 Group Policy Processing - EventID 1058

  I am having an issue with Windows 7 clients refreshing group policy. When I run gpupdate the user policy refreshes and the moves on to the computer policies but fails displaying the error below.  Replication topology checks out, dcdiag returns
  no errors and sysvol permissions look ok too.  Curiously the same policies apply just fine on windows xp pro systems.  The Domain Controller is running Server 2008 Enterprise Edt R2 SP1, I see no 1030 eventid's on the domain controllers as others
  frequently report with this error.  The domain is running at Windows Server 2003 functional level but I have creaded a PolicyDefinitions folder in the sysvol for admx files etc.  Where to go from here? Does anyone have any suggestions/insight
  as to what the issue may be?
  The sysvol and the gpt.ini file is accessible from the Windows 7 client using UNC path.
  Thanks in advance for any assistance given.
  The error code listed is 0 which is not mentioned in this article
  http://social.technet.microsoft.com/wiki/contents/articles/1456.aspx
  ## Error details
  Log Name:      System
  Source:        Microsoft-Windows-GroupPolicy
  Date:          2/8/2012 2:38:09 PM
  Event ID:      1058
  Task Category: None
  Level:         Error
  Keywords:     
  User:          SYSTEM
  Computer:      win7box.abc123.net
  Description:
  The processing of Group Policy failed. Windows attempted to read the file
  \\abc123.net\SysVol\abc123.net\Policies\{EB062BE8-CAF6-47B4-9B8B-27A19268C520}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused
  by one or more of the following:
  a) Name Resolution/Network Connectivity to the current domain controller.
  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
  c) The Distributed File System (DFS) client has been disabled.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
      <EventID>1058</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>0</Task>
      <Opcode>1</Opcode>
      <Keywords>0x8000000000000000</Keywords>
      <TimeCreated SystemTime="2012-02-08T20:38:09.770740300Z" />
      <EventRecordID>3972</EventRecordID>
      <Correlation ActivityID="{24F60AA4-DC8D-4F6D-8787-9535072F03C0}" />
      <Execution ProcessID="996" ThreadID="1148" />
      <Channel>System</Channel>
      <Computer>win7box.abc123.net</Computer>
      <Security UserID="S-1-5-18" />
    </System>
    <EventData>
      <Data Name="SupportInfo1">4</Data>
      <Data Name="SupportInfo2">816</Data>
      <Data Name="ProcessingMode">0</Data>
      <Data Name="ProcessingTimeInMilliseconds">3354</Data>
      <Data Name="ErrorCode">0</Data>
      <Data Name="ErrorDescription">The operation completed successfully. </Data>
      <Data Name="DCName">DC.abc123.net</Data>
      <Data Name="GPOCNName">CN={EB062BE8-CAF6-47B4-9B8B-27A19268C520},CN=Policies,CN=System,DC=abc123,DC=net</Data>
      <Data Name="FilePath">\\abc123.net\SysVol\abc123.net\Policies\{EB062BE8-CAF6-47B4-9B8B-27A19268C520}\gpt.ini</Data>
    </EventData>
  </Event>
  ## DCDiag Results (No RODC's hence NCSecDesc error )
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     Home Server = DC
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
     Testing server: North\DC
        Starting test: Connectivity
           ......................... DC passed test Connectivity
  Doing primary tests
     Testing server: North\DC
        Starting test: Advertising
           ......................... DC passed test Advertising
        Starting test: FrsEvent
           ......................... DC passed test FrsEvent
        Starting test: DFSREvent
           ......................... DC passed test DFSREvent
        Starting test: SysVolCheck
           ......................... DC passed test SysVolCheck
        Starting test: KccEvent
           ......................... DC passed test KccEvent
        Starting test: KnowsOfRoleHolders
           ......................... DC passed test KnowsOfRoleHolders
        Starting test: MachineAccount
           ......................... DC passed test MachineAccount
        Starting test: NCSecDesc
           Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
              Replicating Directory Changes In Filtered Set
           access rights for the naming context:
           DC=ForestDnsZones,DC=abc123,DC=net
           Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
              Replicating Directory Changes In Filtered Set
           access rights for the naming context:
           DC=DomainDnsZones,DC=abc123,DC=net
           ......................... DC failed test NCSecDesc
        Starting test: NetLogons
           ......................... DC passed test NetLogons
        Starting test: ObjectsReplicated
           ......................... DC passed test ObjectsReplicated
        Starting test: Replications
           ......................... DC passed test Replications
        Starting test: RidManager
           ......................... DC passed test RidManager
        Starting test: Services
           ......................... DC passed test Services
        Starting test: SystemLog
           ......................... DC passed test SystemLog
        Starting test: VerifyReferences
           ......................... DC passed test VerifyReferences
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test
           CrossRefValidation
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test
           CrossRefValidation
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
     Running partition tests on : abc123
        Starting test: CheckSDRefDom
           ......................... abc123 passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... abc123 passed test CrossRefValidation
     Running enterprise tests on : abc123.net
        Starting test: LocatorCheck
           ......................... abc123.net passed test LocatorCheck
        Starting test: Intersite
           ......................... abc123.net passed test Intersite

  I shortened this down a good bit but here is the gist of it, my question is which context/user/account is being denied access to the .ini files?  I have never used the streams utility but I'll give it a whirl and report back what I get. Most of
  the cannot be accessed are probably just policies that are  not applicable to the machine but the gpt.ini errors are baffling me.
  New GPO - it appears that new GPOs are fine
  GPSVC(3e4.80c) 12:43:27:510 ProcessGPO:  Searching <cn={5D0EF3CD-7942-4A89-A879-4F9FDB3064BF},cn=policies,cn=system,DC=abc123,DC=net>
  GPSVC(3e4.80c) 12:43:27:510 ProcessGPO:  Machine has access to this GPO.
  GPSVC(3e4.80c) 12:43:27:510 ProcessGPO:  GPO passes the filter check.
  GPSVC(3e4.80c) 12:43:27:510 ProcessGPO:  Found functionality version of:  2
  GPSVC(3e4.80c) 12:43:27:510 ProcessGPO:  Found file system path of:  <\\abc123.net\SysVol\abc123.net\Policies\{5D0EF3CD-7942-4A89-A879-4F9FDB3064BF}>
  GPSVC(3e4.80c) 12:43:27:510 ProcessGPO:  Found common name of:  <{5D0EF3CD-7942-4A89-A879-4F9FDB3064BF}>
  GPSVC(3e4.80c) 12:43:27:510 ProcessGPO:  Found display name of:  <gpoC-Win7Test>
  GPSVC(3e4.80c) 12:43:27:510 ProcessGPO:  Found machine version of:  GPC is 0, GPT is 0
  GPSVC(3e4.80c) 12:43:27:510 ProcessGPO:  Found flags of:  0
  GPSVC(3e4.80c) 12:43:27:510 ProcessGPO:  No client-side extensions for this object.
  GPSVC(3e4.80c) 12:43:27:510 ProcessGPO:  GPO gpoC-Win7Test doesn't contain any data since the version number is 0.  It will be skipped.
  Older GPO's - not so fine
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={B34A8F23-269C-43D8-A097-2307729FBFF6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  ==============================
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  Searching <CN={55338992-95C9-4FA2-80E4-0ED4A623EE09},CN=Policies,CN=System,DC=abc123,DC=net>
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  Machine has access to this GPO.
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  GPO passes the filter check.
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  Found functionality version of:  2
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  Found file system path of:  <\\abc123.net\SysVol\abc123.net\Policies\{55338992-95C9-4FA2-80E4-0ED4A623EE09}>
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  Found common name of:  <{55338992-95C9-4FA2-80E4-0ED4A623EE09}>
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  Found display name of:  <gpoS-RealPlayerEnt6 - Security>
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  Found machine version of:  GPC is 0, GPT is 0
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  Found flags of:  0
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  No client-side extensions for this object.
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  GPO gpoS-RealPlayerEnt6 - Security doesn't contain any data since the version number is 0.  It will be skipped.
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  ==============================
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={C92FD413-E891-47E0-B554-BD7F9209D036},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={FEF33797-46D0-452A-B3D7-0BEEC2330592},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={CCBFECA5-2FF8-4512-8CE4-108C4092D009},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={767959D5-7AB6-4D55-A02E-3F54439CC7DA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={10DCAC5E-9904-41FF-B678-E8514F481E56},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={3229FD3D-868A-4406-AFAF-6449ADBB4749},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1DD39B5C-B930-4750-8EC3-42D0FB89A3B9},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={E10350D2-F632-4D5E-9668-4151596B1D77},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={86C864C5-C861-42FC-B728-BAEE81C9A091},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={FE1162BF-9FE2-4F04-A514-80A8E6D5F7CD},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={F68214D3-33F3-4F76-BE26-306D0237A048},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={CA6B06CE-C546-41F1-87FB-9013701AEF00},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={C8C9EFA2-90AA-4162-9051-23FD83B5CF62},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={DE445C4F-9A0F-488F-8769-C041CF2184AA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={7CDB465C-55AC-4CBC-9C18-F3ADACDFEB46},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={F4E0F78E-BE36-4793-A8B1-83B2D67083F1},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={53359F0A-8C9B-4831-936F-3D47C4CC2694},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={6793DBEE-47B0-458D-8F1C-D92EB7015733},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={93919120-7113-47C0-AA38-0561EAB18E42},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={5ABD1D9E-07E4-4A53-B854-A2FFC3B257CB},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={71E2B86C-A4A0-47C0-9D7F-BDD6220B9FA4},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={4401CF1C-7839-4496-BB87-304A8AB917FC},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1244CA5A-D654-4ED6-9374-148F1F3DA8ED},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={42875CF2-B9E9-4EFA-90C2-7ACA8882F1B7},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={6DD428B6-6B19-4A53-B172-57DB3E15A38E},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={983BFDAD-65F0-42B4-807A-E78DF275C352},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={AFA31A2D-07D8-4CB4-BE86-067A9624E324},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={77C9CA17-6359-4355-9FDF-F605F0441245},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={75D43291-6FA2-4B98-8422-228DDB45571B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={870C6FB3-74CD-46E8-9D4D-E6E6C0A2B52D},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={2144E4CF-01C1-4C5B-984B-E9BD4461406F},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={7D9DB917-1245-46BD-AEBF-163A2F0FCD06},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={B7431941-5DAA-4DD2-A569-35C31B92B677},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={D01BF1D1-33C8-4FC3-95C3-5948A1EE1647},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={57D4AD83-3BBF-43C2-9A3B-F71F3E52C2A6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={A8DB7DAC-42F0-43FC-99E1-F1AC15006101},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={56574927-6DC5-48A7-82F9-A00E820335F6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={2FB6858E-8B1C-4C89-83B2-0EEE97D9A72B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={93C56E3F-5334-4325-A328-0CCAFED0828B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1B64E00F-D3B6-49B6-B6C8-7AD0A8C9AEFA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={81B4E46C-8249-4547-BC75-9A1FB395E282},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={43D5184A-73C8-4BFD-9B09-33C70B8BC3C2},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  ==============================
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  Searching <CN={0ABE0BCF-0BC5-481E-AC86-5768D00901D5},CN=Policies,CN=System,DC=abc123,DC=net>
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  Machine has access to this GPO.
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  GPO passes the filter check.
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  Found functionality version of:  2
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  Found file system path of:  <\\abc123.net\SysVol\abc123.net\Policies\{0ABE0BCF-0BC5-481E-AC86-5768D00901D5}>
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  Couldn't find the group policy template file <\\abc123.net\SysVol\abc123.net\Policies\{0ABE0BCF-0BC5-481E-AC86-5768D00901D5}\gpt.ini>,
  error = 0x0. DC: DC2.abc123.net
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPO:  ==============================
  GPSVC(3e4.80c) 12:43:27:541 EvalList:  ProcessGPO failed
  GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo:  EvaluateDeferredGPOs failed. Exiting
  GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo:  Leaving with 0
  GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo:  ********************************
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: GetGPOInfo failed.
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: No WMI logging done in this policy cycle.
  GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: Processing failed with error 87.
  GPSVC(3e4.80c) 12:43:27:557 Application complete with bConnectivityFailure = 0.
  GPSVC(3e4.80c) 12:43:27:557 Signalling 1 Refresh Policy callers
  GPSVC(f84.df4) 12:43:27:557 Exiting RefreshPolicyForPrincipal with status = 0
  GPSVC(3e4.80c) 12:43:27:557 GPLockPolicySection: Sid = (null), dwTimeout = 600000, dwFlags = 0
  GPSVC(3e4.80c) 12:43:27:557 LockPolicySection called for user <Machine>
  GPSVC(3e4.80c) 12:43:27:557 Sync Lock Called
  GPSVC(3e4.80c) 12:43:27:557 Writer Lock got immediately.
  GPSVC(3e4.80c) 12:43:27:557 Lock taken successfully
  GPSVC(3e4.80c) 12:43:27:557 UnLockPolicySection called for user <Machine>
  GPSVC(3e4.80c) 12:43:27:557 UnLocked successfully

• Group Policy Administrative Templates not applying on Windows XP SP3 - Windows Server 2008 R2

  I have a Windows 2008 R2 domain with windows 7, and Windows XP SP3 client workstations.
  I have a group policy to deny all access to removable storage in policies/administrative templates/system in user configuration (actually its in the computer configuration as well)
  The problem is the policy is having no effect on the Windows XP machines. It works perfectly on Windows 7 machines.
  Group policy in general is working on the Windows XP machines, as I can successfully map drives, push out scheduled tasks, and push out printers. (All preferences I know and I have GP Preferences client side extensions installed).
  Its almost like the windows XP machines can't "understand" the admin templates from Windows Server 2008 R2.
  Do I need to install something on the windows XP machines? What could be the problem?

  > Its almost like the windows XP machines can't "understand" the admin
  > templates from Windows Server 2008 R2.
  Simply read the "supported on" of these settings... Vista and above
  required.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Group Policy changes cause Access Denied error for Domain Admin account

  Hi All,
  I am battling to get WSUS to work, and I think the route cause is problems editing the domain and domain controller group policy objects.
  We have 1 DC, approx 20 clients. 1 GPO for DC, 1 GPO for clients. Ther e is a link to the default domain GPO in our staff (users) OU, I don't know if it should be there or not.
  I log in as domain administrator, right-click the domain GPO in GPMC, click Edit.
  Find the setting I want to edit (specify intranet microsoft update service location), double click.
  Change something, click OK.
  I get error:
  Unhandled exception has occurred in a component in your application. If you click Continue, the application will ignore this error and attempt to continute.
  Access is denied. (Exception from HRESULT: 0x80070005
  (E_ACCESSDENIED)).
  I have followed the steps in the links posted by Brent in another post called: "restricting-domain-admin-account-to-edit-group-policies" (no links allowed for my account yet sorry) and the user does have edit settings, delete, modify security delecation.
  PLEASE NOTE: the solution may very well be something very simple/basic. I am reasonably computer savvy, but have just upgraded the whole network for an NGO on a voluntary basis. Never seen a sever before I came here, but I'm the best they have. Please bare
  that in mind when offering advice :)
  Any help appreciated!
  James

  More diagnostic info:
  Inside GPMC, there's Group Policy Results.
  If I right-click, Result Wizard, choose this computer, it works fine showing default domain controllers policy with alert that it's enforced.
  If I browse for another PC (it comes up as Domain\PC name), click Next, I get error:
  Failed to connect to DOMAIN\PCNAME due to the error listed below. Ensure that the Windows Management Instrumentation (WMI) service is enabled on the target computer, and consult the event log of the target computer for further details.
  Details: the RPC server is unavailable.
  If you need the recent related events, I will post them. I also checked that service on the client - it's automatic and started.
  PPS Clients are all Win 7, PCs are 32bit, laptops are 64. Server is Windows Server 2012 Datacenter. WSUS when clicking Help -> About from the snap-in/GUI: 6.2.9200.16384.
  PPPS Directory browsing for the whole WSUS object in IIS is enabled, thanks to SorinAlbu over at Spiceworks post WSUS and IIS.
  PPPPS Launching IE and loading http://servername:8530/iuident.cab fails 404 error from both clients and server. That file in C:\Program Files\Update Services\WebServices\Root\iuident.cab doesn't exist. Maybe because we recently removed the WSUS role and reinstalled
  it, to check if something went wrong the first time? It's all been configured using the snapin/GUI, but the new installation of the role hasn't yet connected to the Microsoft Update servers.
  PPPPPS Added the Application Server role with default settings as recommended by the step by step guide to WSUS at Technet. Still no dice.

• Windows CAL server 2003 and Domain Server with a 2008 server as domain member

  We have a Windows Server 2003 as domain controller with 70 user CALs, and we have added a Windows 2008 R2 OEM with 5 users licences.
  I have no plans to migrate my domain controller 2003 to 2008 but the 2008 is a member of the domain and I need to know if we are fine with the licences.
  Thanks for your help,
  Alejandro Sueldo

  Hi
  You need CAL for anything that would access the 2008. If a server that is accessed by only 5 user you are ok, but if like a Exchange for your 70 users, then you have to buy more CAL. (that link explain it good;
  http://blogs.msdn.com/b/mssmallbiz/archive/2007/11/06/5942350.aspx)
  Contact the VLSC to be sure at 100% before buying; (866) 230-0560
  Regards, Philippe
  Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
  Answer an interesting question ? Create a
  wiki article about it!

• Work Folders - Specific Group Policy's that are needed to satisfy domain client security level

  Hi All,
  We have Work Folders successfully set up on our domain. A non domain joined client can connect and gain access to their work folder share without issue.
  I am now in the process of setting up domain connected laptops that will be used by staff. These laptop will have restrictions on them and the users that logon will not have admin privileges.
  The work folder server has the device policies of:
  Encrypt Work Folders
  Automatically lock screen, and require a password
  We are using Windows 8.1 enterprise clients, with the latest patches. If I turn off the "Automatically lock screen...." policy, a domain user can successfully sync their work. If I turn it back on they get the below error:
  "Make sure that your account is an administrator on the PC and that all administrator accounts on this PC have a password."
  I have set the group polices that I believe might effect this message, but have yet to get a successful sync. Could someone give me the exact group policies I would need to set for client to meet the security requirements.
  Minimum password length of 6
  Autolock screen set to be 15 minutes or less
  Maximum password retry of 10 or less

  Hi,
  Work Folders provides the two device policies that administrators can control. The policies are enforced on the Windows 8.1 clients before data sync is allowed.
  The policy settings are not configurable, and they are enforced on the devices running with Windows 8.1 through the EAS Engine.
  Please refer to the article below to troubleshoot the issue:
  Work Folders for Windows 7
  http://blogs.technet.com/b/filecab/archive/2014/04/24/work-folders-for-windows-7.aspx
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Server 2008 R2 standard guest license with Server 2008 R2 datacenter Host

  Hello Experts,
  I have Windows Server 2008 R2 Datacenter edition based server. Now I want to know that do I have to buy license to activate the guest OS in the VMs like for Server 2008 R2 standard edition, or I can use it for free like in the case of AVMA in server 2012 R2 as it has keys for essentials standard and datacenter edition of server 2012 that can be used with AVMA in order to activate the guest OS license for Free..
  Thanks
  This topic first appeared in the Spiceworks Community

  Hello Experts,
  I have Windows Server 2008 R2 Datacenter edition based server. Now I want to know that do I have to buy license to activate the guest OS in the VMs like for Server 2008 R2 standard edition, or I can use it for free like in the case of AVMA in server 2012 R2 as it has keys for essentials standard and datacenter edition of server 2012 that can be used with AVMA in order to activate the guest OS license for Free..
  Thanks
  This topic first appeared in the Spiceworks Community

• Error browsing SSAS 2008 cube on Windows 7 with SSMS 2008 R2 Client

  I recently have upgraded to Windows 7 and SSMS 2008R2 and I'm trying to browse a cube through SSMS and I'm getting the following error below after connecting and trying to browse. I have verified that I have .Net 3.5 with SP1 installed. I also
  was able to connect to the cube using Excel verifying that I'm able to authenticate and connect to the cube. One side note, I do have Office 2010 and I'm not sure how this plays into the equation.
  TITLE: Microsoft SQL Server Management Studio
  Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG))
  BUTTONS:
  OK
  Big Ern

  Hi,
  Cube browser in 2008R2 still use OWC 11, so please check if you have installed the OWC11.
  You can download via below link:
  http://www.microsoft.com/downloads/details.aspx?FamilyID=7287252c-402e-4f72-97a5-e0fd290d4b76&displaylang=en
  Another similar thread:
  http://social.msdn.microsoft.com/Forums/en/sqlanalysisservices/thread/57bbbf6c-6a24-40d4-b0d1-a617f4dfae2d
  Hope this helps,
  Raymond

• Software Installation Processing Alerts - Group Policy Failures?

  Hello,
  I am getting several errors reported by SCOM Software Installation Processing alert
  In the local event log I have:
  Warning 9/15/2014 11:09:37 AM GroupPolicy 1112 None
  Warning 9/15/2014 11:09:37 AM Application Management Group Policy 108 None
  Error 9/15/2014 11:09:37 AM Application Management Group Policy 103 None
  Warning 9/15/2014 11:09:37 AM Application Management Group Policy 101 None
  with the details:
  101 - The assignment of application SMS Client Setup Bootstrap from policy MITS Servers Software failed. The error was : %%1274
  103 - The removal of the assignment of application SMS Client Setup Bootstrap from policy MITS Servers Software failed. The error was : %%2
  108 - Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %%1274
  1112 - The Group Policy Client Side Extension Software Installation was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
  - Computer Configuration > Policies > Administrative Templates > System > Group Policy > Policy > Startup policy processing is enabled 
  what does exactly this means?
  Thanks,
  Dom
  System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

  Hi,
  Yes the packaged is installed.
  Troubleshooting the issue deeper with http://support.microsoft.com/kb/249621/en-us is showing
  Software installation extension has been called for background policy refresh
  09-16 06:34:09:346
  Software installation extension has been called for background policy refresh
  The following policies are to be applied, flags are 11.
  MITS Servers Software (unique identifier {E76FB561-E177-421D-AE43-109EADEAD751})
  System volume path = \\ad.medctr.ucla.edu\sysvol\ad.medctr.ucla.edu\Policies\{E76FB561-E177-421D-AE43-109EADEAD751}\Machine
  Active Directory path = LDAP://CN=Machine,cn={E76FB561-E177-421D-AE43-109EADEAD751},cn=policies,cn=system,DC=ad,DC=medctr,DC=ucla,DC=edu
  Set the Active Directory path to LDAP://CN=Class Store,CN=Machine,cn={E76FB561-E177-421D-AE43-109EADEAD751},cn=policies,cn=system,DC=ad,DC=medctr,DC=ucla,DC=edu;.
  Enumerating applications in the Active Directory for computer MSVROFAS2 with flags 5.
  The following applications were found in policy MITS Servers Software.
  Assigned application SMS Client Setup Bootstrap (flags a0044c70).
  Found 1 applications in policy MITS Servers Software.
  Enumerating the managed applications which are currently applied to this user.
  No managed applications are currently applied to this user.
  Found 0 applications locally that are not included in the set of applications from the Active Directory.
  Application SMS Client Setup Bootstrap from policy MITS Servers Software is set for installation because it is assigned to this computer policy.
  Software installation extension cannot perform removal or install operations during asynchronous policy refresh and will force a synchronous foreground refresh.
  The assignment of application SMS Client Setup Bootstrap from policy MITS Servers Software failed. The error was : %1274
  Removing application SMS Client Setup Bootstrap from the software installation database.
  Calling Windows Installer to remove application advertisement for application SMS Client Setup Bootstrap from script C:\Windows\system32\appmgmt\MACHINE\{ecbf218d-0d04-4b00-a43e-91ba5c41d119}.aas.
  Windows Installer cannot remove application advertisement for application SMS Client Setup Bootstrap from script C:\Windows\system32\appmgmt\MACHINE\{ecbf218d-0d04-4b00-a43e-91ba5c41d119}.aas, error 2.
  The removal of the assignment of application SMS Client Setup Bootstrap from policy MITS Servers Software failed. The error was : %2
  Policy Logging for Software Management is attempting to log application SMS Client Setup Bootstrap from policy MITS Servers Software.
  Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %1274
  Software installation extension has detected changes that require a synchronous foreground policy refresh.
  Software installation extension returning with final error code 1274.
  And this is happening hourly !!!
  This is the current status...
  Thanks,
  Dom
  System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

• Server 2008 R2 does not show Internet Explorer 10/11 Group Policy options

  Hello,
  I have a Windows Server 2008 R2 server that has IE11 installed. I am attempting to create a GPO to control Proxy settings for IE10/11 clients, however, when I go to User Config>Preferences> Control Panel Settings> Internet Settings and Right click,
  I do not see an option for IE10, only IE5 and 6, IE7, and IE8. 
  I have downloaded and installed the Administrative Templates for Internet Explorer from
  here, and followed the installation instructions, but still, the option does not show up. I have ensured that all the latest Windows Updates are installed on the server, and rebooted
  the server a couple times. 
  What am I missing here? 
  Thanks in advance.

  <meta content="text/html; charset=UTF-16" http-equiv="Content-Type" /><title>SFDN\testuser</title> <style type="text/css">body { background-color:#FFFFFF; border:1px solid #666666; color:#000000; font-size:68%;
  font-family:MS Shell Dlg; margin:0,0,10px,0; word-break:normal; word-wrap:break-word; } table { font-size:100%; table-layout:fixed; width:100%; } td,th { overflow:visible; text-align:left; vertical-align:top; white-space:normal; } .title { background:#FFFFFF;
  border:none; color:#333333; display:block; height:24px; margin:0px,0px,-1px,0px; padding-top:4px; ; table-layout:fixed; width:100%; z-index:5; } .he0_expanded { background-color:#FEF7D6; border:1px solid #BBBBBB; color:#3333CC; cursor:hand; display:block;
  font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:0px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; ; width:100%; } .he1_expanded { background-color:#A0BACB; border:1px solid
  #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:20px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; ; width:100%; } .he1h_expanded
  { background-color: #7197B3; border: 1px solid #BBBBBB; color: #000000; cursor: hand; display: block; font-family: MS Shell Dlg; font-size: 100%; font-weight: bold; height: 2.25em; margin-bottom: -1px; margin-left: 10px; margin-right: 0px; padding-left: 8px;
  padding-right: 5em; padding-top: 4px; ; width: 100%; } .he1 { background-color:#A0BACB; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:20px;
  margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; ; width:100%; } .he2 { background-color:#C0D2DE; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em;
  margin-bottom:-1px; margin-left:30px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; ; width:100%; } .he3 { background-color:#D9E3EA; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%;
  font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:40px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; ; width:100%; } .he4 { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block;
  font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:50px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; ; width:100%; } .he4h { background-color:#E8E8E8; border:1px solid #BBBBBB;
  color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:55px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; ; width:100%; } .he4i { background-color:#F9F9F9;
  border:1px solid #BBBBBB; color:#000000; display:block; font-family:MS Shell Dlg; font-size:100%; margin-bottom:-1px; margin-left:55px; margin-right:0px; padding-bottom:5px; padding-left:21px; padding-top:4px; ; width:100%; } .he5 { background-color:#E8E8E8;
  border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:60px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; ;
  width:100%; } .he5h { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; padding-right:5em; padding-top:4px; margin-bottom:-1px; margin-left:65px; margin-right:0px;
  ; width:100%; } .he5i { background-color:#F9F9F9; border:1px solid #BBBBBB; color:#000000; display:block; font-family:MS Shell Dlg; font-size:100%; margin-bottom:-1px; margin-left:65px; margin-right:0px; padding-left:21px; padding-bottom:5px; padding-top:
  4px; ; width:100%; } DIV .expando { color:#000000; text-decoration:none; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:normal; ; right:10px; text-decoration:underline; z-index: 0; } .he0 .expando { font-size:100%; } .info, .info3, .info4,
  .disalign { line-height:1.6em; padding:0px,0px,0px,0px; margin:0px,0px,0px,0px; } .disalign TD { padding-bottom:5px; padding-right:10px; } .info TD { padding-right:10px; width:50%; } .info3 TD { padding-right:10px; width:33%; } .info4 TD, .info4 TH { padding-right:10px;
  width:25%; } .info TH, .info3 TH, .info4 TH, .disalign TH { border-bottom:1px solid #CCCCCC; padding-right:10px; } .subtable, .subtable3 { border:1px solid #CCCCCC; margin-left:0px; background:#FFFFFF; margin-bottom:10px; } .subtable TD, .subtable3 TD { padding-left:10px;
  padding-right:5px; padding-top:3px; padding-bottom:3px; line-height:1.1em; width:10%; } .subtable TH, .subtable3 TH { border-bottom:1px solid #CCCCCC; font-weight:normal; padding-left:10px; line-height:1.6em; } .subtable .footnote { border-top:1px solid #CCCCCC;
  } .subtable3 .footnote, .subtable .footnote { border-top:1px solid #CCCCCC; } .subtable_frame { background:#D9E3EA; border:1px solid #CCCCCC; margin-bottom:10px; margin-left:15px; } .subtable_frame TD { line-height:1.1em; padding-bottom:3px; padding-left:10px;
  padding-right:15px; padding-top:3px; } .subtable_frame TH { border-bottom:1px solid #CCCCCC; font-weight:normal; padding-left:10px; line-height:1.6em; } .subtableInnerHead { border-bottom:1px solid #CCCCCC; border-top:1px solid #CCCCCC; } .explainlink { color:#000000;
  text-decoration:none; cursor:hand; } .explainlink:hover { color:#0000FF; text-decoration:underline; } .spacer { background:transparent; border:1px solid #BBBBBB; color:#FFFFFF; display:block; font-family:MS Shell Dlg; font-size:100%; height:10px; margin-bottom:-1px;
  margin-left:43px; margin-right:0px; padding-top: 4px; ; } .filler { background:transparent; border:none; color:#FFFFFF; display:block; font:100% MS Shell Dlg; line-height:8px; margin-bottom:-1px; margin-left:53px; margin-right:0px; padding-top:4px; ; } .container
  { display:block; ; } .rsopheader { background-color:#A0BACB; border-bottom:1px solid black; color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-bottom:5px; text-align:center; } .rsopname { color:#333333; font-family:MS Shell
  Dlg; font-size:130%; font-weight:bold; padding-left:11px; } .gponame{ color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-left:11px; } .gpotype{ color:#333333; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; padding-left:11px;
  } #uri { color:#333333; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; } #dtstamp{ color:#333333; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; text-align:left; width:30%; } #objshowhide { color:#000000; cursor:hand; font-family:MS
  Shell Dlg; font-size:100%; font-weight:bold; margin-right:0px; padding-right:10px; text-align:right; text-decoration:underline; z-index:2; word-wrap:normal; } #gposummary { display:block; } #gpoinformation { display:block; } @media print { #objshowhide{ display:none;
  } body { color:#000000; border:1px solid #000000; } .title { color:#000000; border:1px solid #000000; } .he0_expanded { color:#000000; border:1px solid #000000; } .he1h_expanded { color:#000000; border:1px solid #000000; } .he1_expanded { color:#000000; border:1px
  solid #000000; } .he1 { color:#000000; border:1px solid #000000; } .he2 { color:#000000; background:#EEEEEE; border:1px solid #000000; } .he3 { color:#000000; border:1px solid #000000; } .he4 { color:#000000; border:1px solid #000000; } .he4h { color:#000000;
  border:1px solid #000000; } .he4i { color:#000000; border:1px solid #000000; } .he5 { color:#000000; border:1px solid #000000; } .he5h { color:#000000; border:1px solid #000000; } .he5i { color:#000000; border:1px solid #000000; } } v\:* {behavior:url(#default#VML);}
  </style> <script language="vbscript"> <!-- '================================================================================ ' String "strShowHide(0/1)" ' 0 = Hide all mode. ' 1 = Show all mode. strShowHide = 1 'Localized
  strings strShow = "show" strHide = "hide" strShowAll = "show all" strHideAll = "hide all" strShown = "shown" strHidden = "hidden" strExpandoNumPixelsFromEdge = "10px" Function IsSectionHeader(obj)
  IsSectionHeader = (obj.className = "he0_expanded") Or (obj.className = "he1h_expanded") Or (obj.className = "he1_expanded") Or (obj.className = "he1") Or (obj.className = "he2") Or (obj.className = "he3")
  Or (obj.className = "he4") Or (obj.className = "he4h") Or (obj.className = "he5") Or (obj.className = "he5h") End Function Function IsSectionExpandedByDefault(objHeader) IsSectionExpandedByDefault = (Right(objHeader.className,
  Len("_expanded")) = "_expanded") End Function ' strState must be show | hide | toggle Sub SetSectionState(objHeader, strState) ' Get the container object for the section. It's the first one after the header obj. i = objHeader.sourceIndex
  Set all = objHeader.parentElement.document.all While (all(i).className <> "container") i = i + 1 Wend Set objContainer = all(i) If strState = "toggle" Then If objContainer.style.display = "none" Then SetSectionState
  objHeader, "show" Else SetSectionState objHeader, "hide" End If Else Set objExpando = objHeader.children.item(1) If strState = "show" Then objContainer.style.display = "block" objExpando.innerText = strHide ElseIf strState
  = "hide" Then objContainer.style.display = "none" objExpando.innerText = strShow End If End If End Sub Sub ShowSection(objHeader) SetSectionState objHeader, "show" End Sub Sub HideSection(objHeader) SetSectionState objHeader,
  "hide" End Sub Sub ToggleSection(objHeader) SetSectionState objHeader, "toggle" End Sub '================================================================================ ' When user clicks anywhere in the document body, determine if user
  is clicking ' on a header element. '================================================================================ Function document_onclick() Set strsrc = window.event.srcElement While (strsrc.className = "sectionTitle" Or strsrc.className = "expando"
  Or strsrc.className = "vmlimage") Set strsrc = strsrc.parentElement Wend ' Only handle clicks on headers. If Not IsSectionHeader(strsrc) Then Exit Function ToggleSection strsrc window.event.returnValue = False End Function '================================================================================
  ' link at the top of the page to collapse/expand all collapsable elements '================================================================================ Function objshowhide_onClick() Set objBody = document.body.all Select Case strShowHide Case 0 strShowHide
  = 1 objshowhide.innerText = strShowAll For Each obji In objBody If IsSectionHeader(obji) Then HideSection obji End If Next Case 1 strShowHide = 0 objshowhide.innerText = strHideAll For Each obji In objBody If IsSectionHeader(obji) Then ShowSection obji End
  If Next End Select End Function '================================================================================ ' onload collapse all except the first two levels of headers (he0, he1) '================================================================================
  Function window_onload() ' Only initialize once. The UI may reinsert a report into the webbrowser control, ' firing onLoad multiple times. If UCase(document.documentElement.getAttribute("gpmc_reportInitialized")) <> "TRUE" Then '
  Set text direction Call fDetDir(UCase(document.dir)) ' Initialize sections to default expanded/collapsed state. Set objBody = document.body.all For Each obji in objBody If IsSectionHeader(obji) Then If IsSectionExpandedByDefault(obji) Then ShowSection obji
  Else HideSection obji End If End If Next objshowhide.innerText = strShowAll document.documentElement.setAttribute "gpmc_reportInitialized", "true" End If End Function '================================================================================
  ' When direction (LTR/RTL) changes, change adjust for readability '================================================================================ Function document_onPropertyChange() If window.event.propertyName = "dir" Then Call fDetDir(UCase(document.dir))
  End If End Function Function fDetDir(strDir) strDir = UCase(strDir) Select Case strDir Case "LTR" Set colRules = document.styleSheets(0).rules For i = 0 To colRules.length -1 Set nug = colRules.item(i) strClass = nug.selectorText If nug.style.textAlign
  = "right" Then nug.style.textAlign = "left" End If Select Case strClass Case "DIV .expando" nug.style.Left = "" nug.style.right = strExpandoNumPixelsFromEdge Case "#objshowhide" nug.style.textAlign = "right"
  End Select Next Case "RTL" Set colRules = document.styleSheets(0).rules For i = 0 To colRules.length -1 Set nug = colRules.item(i) strClass = nug.selectorText If nug.style.textAlign = "left" Then nug.style.textAlign = "right"
  End If Select Case strClass Case "DIV .expando" nug.style.Left = strExpandoNumPixelsFromEdge nug.style.right = "" Case "#objshowhide" nug.style.textAlign = "left" End Select Next End Select End Function '================================================================================
  'When printing reports, if a given section is expanded, let's says "shown" (instead of "hide" in the UI). '================================================================================ Function window_onbeforeprint() For Each obji In
  document.all If obji.className = "expando" Then If obji.innerText = strHide Then obji.innerText = strShown If obji.innerText = strShow Then obji.innerText = strHidden End If Next End Function '================================================================================
  'If a section is collapsed, change to "hidden" in the printout (instead of "show"). '================================================================================ Function window_onafterprint() For Each obji In document.all If obji.className
  = "expando" Then If obji.innerText = strShown Then obji.innerText = strHide If obji.innerText = strHidden Then obji.innerText = strShow End If Next End Function '================================================================================ ' Adding
  keypress support for accessibility '================================================================================ Function document_onKeyPress() If window.event.keyCode = "32" Or window.event.keyCode = "13" Or window.event.keyCode =
  "10" Then 'space bar (32) or carriage return (13) or line feed (10) If window.event.srcElement.className = "expando" Then Call document_onclick() : window.event.returnValue = false If window.event.srcElement.className = "sectionTitle"
  Then Call document_onclick() : window.event.returnValue = false If window.event.srcElement.id = "objshowhide" Then Call objshowhide_onClick() : window.event.returnValue = false End If End Function --> </script> <script language="javascript">
  <!-- function getExplainWindowTitle() { return document.getElementById("explainText_windowTitle").innerHTML; } function getExplainWindowStyles() { return document.getElementById("explainText_windowStyles").innerHTML; } function getExplainWindowSettingPathLabel()
  { return document.getElementById("explainText_settingPathLabel").innerHTML; } function getExplainWindowExplainTextLabel() { return document.getElementById("explainText_explainTextLabel").innerHTML; } function getExplainWindowPrintButton()
  { return document.getElementById("explainText_printButton").innerHTML; } function getExplainWindowCloseButton() { return document.getElementById("explainText_closeButton").innerHTML; } function getNoExplainTextAvailable() { return document.getElementById("explainText_noExplainTextAvailable").innerHTML;
  } function getExplainWindowSupportedLabel() { return document.getElementById("explainText_supportedLabel").innerHTML; } function getNoSupportedTextAvailable() { return document.getElementById("explainText_noSupportedTextAvailable").innerHTML;
  } function showExplainText(srcElement) { var strSettingName = srcElement.getAttribute("gpmc_settingName"); var strSettingPath = srcElement.getAttribute("gpmc_settingPath"); var strSettingDescription = srcElement.getAttribute("gpmc_settingDescription");
  if (strSettingDescription == "") { strSettingDescription = getNoExplainTextAvailable(); } var strSupported = srcElement.getAttribute("gpmc_supported"); if (strSupported == "") { strSupported = getNoSupportedTextAvailable(); }
  var strHtml = "<html>\n"; strHtml += "<head>\n"; strHtml += "<title>" + getExplainWindowTitle() + "</title>\n"; strHtml += "<style type='text/css'>\n" +
  getExplainWindowStyles() + "</style>\n"; strHtml += "</head>\n"; strHtml += "<body>\n"; strHtml += "<div class='head'>" + strSettingName +"</div>\n"; strHtml
  += "<div class='path'><b>" + getExplainWindowSettingPathLabel() + "</b><br/>" + strSettingPath +"</div>\n"; strHtml += "<div class='path'><b>" + getExplainWindowSupportedLabel()
  + "</b><br/>" + strSupported +"</div>\n"; strHtml += "<div class='info'>\n"; strHtml += "<div class='hdr'>" + getExplainWindowExplainTextLabel() + "</div>\n";
  strHtml += "<div class='bdy'>" + strSettingDescription + "</div>\n"; strHtml += "<div class='btn'>"; strHtml += getExplainWindowPrintButton(); strHtml += getExplainWindowCloseButton();
  strHtml += "</div></body></html>"; var strDiagArgs = "height=360px, width=630px, status=no, toolbar=no, scrollbars=yes, resizable=yes "; var expWin = window.open("", "expWin", strDiagArgs); expWin.document.write("");
  expWin.document.close(); expWin.document.write(strHtml); expWin.document.close(); expWin.focus(); //cancels navigation for IE. if(navigator.userAgent.indexOf("MSIE") > 0) { window.event.returnValue = false; } return false; } --> </script>
  Group Policy Management
  body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS
  Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding- height:24px; } .path { margin- margin- margin-bottom:5px;width:100%; } .info { padding-width:100%; } table { font-size:100%; width:100%; border:1px solid #999999;
  } th { border-bottom:1px solid #999999; text-align:left; padding- height:24px; } td { background:#FFFFFF; padding- padding-bottom:10px; padding- } .btn { width:100%; text-align:right; margin- } .hdr { font-weight:bold; border:1px solid #999999; text-align:left;
  padding- padding- height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; background:#FFFFFF; padding- padding-bottom:10px; padding- border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS
  Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
  Setting Path:
  Explanation
  <button accesskey="P" name="Print" onclick="window.print()">Print</button>
  <button accesskey="C" name="Close" onclick="window.close()">Close</button>
  No explanation is available for this setting.
  Supported On:
  Not available
  Group Policy Results
  SFDN\testuser
  Data collected on: 12/14/2014 1:00:12 PM
  Summary
  Computer Configuration Summary
  No data available.
  User Configuration Summary
  General
  User name
  SFDN\testuser
  Domain
  SFD.local
  Last time Group Policy was processed
  12/14/2014 12:59:22 PM
  Group Policy Objects
  Applied GPOs
  Name
  Link Location
  Revision
  Local Group Policy
  Local
  AD (1), Sysvol (1)
  Default Domain Policy
  SFD.local
  AD (6), Sysvol (6)
  Test
  SFD.local/SFD-Restricted-Users
  AD (10), Sysvol (10)
  Limit Downloads
  SFD.local/SFD-Restricted-Users
  AD (2), Sysvol (2)
  SFD Restricted Users
  SFD.local/SFD-Restricted-Users
  AD (59), Sysvol (59)
  Denied GPOs
  Name
  Link Location
  Reason Denied
  None
  Security Group Membership when Group Policy was applied
  SFDN\Domain Users
  Everyone
  BUILTIN\Users
  NT AUTHORITY\INTERACTIVE
  CONSOLE LOGON
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\This Organization
  LOCAL
  Mandatory Label\Medium Mandatory Level
  WMI Filters
  Name
  Value
  Reference GPO(s)
  None
  Component Status <v:group alt="Warning" class="vmlimage" coordsize="100,100" style="width:15px;height:15px;vertical-align:middle;"><v:shape class="vmlimage" fillcolor="yellow"
  strokecolor="yellow" style="width:100;height:100;"><v:path v="m 50,0 l 0,99 99,99 x e"></v:path></v:shape> <v:rect class="vmlimage" fillcolor="black" strokecolor="black" style="width:10;height:35;"></v:rect>
  <v:rect class="vmlimage" fillcolor="black" strokecolor="black" style="width:10;height:5;"></v:rect> </v:group>
  Component Name
  Status
  Last Process Time
  Group Policy Infrastructure
  Success
  12/14/2014 12:59:46 PM
  Folder Redirection
  Failed
  12/14/2014 12:59:46 PM
  Folder Redirection failed due to the error listed below.
  Cannot complete this function.
  Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 12/14/2014 12:59:23 PM and 12/14/2014 12:59:46 PM.
  Group Policy Internet Settings
  Success
  12/14/2014 12:59:46 PM
  Registry
  Success
  12/12/2014 10:28:23 AM
  Computer Configuration
  No data available.
  User Configuration
  Policies
  Windows Settings
  Security Settings
  Software Restriction Policies
  Winning GPO
  SFD Restricted Users
  Enforcement
  Policy
  Setting
  Apply software restriction policies to the following
  All software files except libraries (such as DLLs)
  Apply software restriction policies to the following users
  All users
  When applying software restriction policies
  Ignore certificate rules
  Designated File Types
  File Extension
  File Type
  ADE
  Microsoft Access Project Extension
  ADP
  Microsoft Access Project
  BAS
  BAS File
  BAT
  Windows Batch File
  CHM
  Compiled HTML Help file
  CMD
  Windows Command Script
  COM
  MS-DOS Application
  CPL
  Control panel item
  CRT
  Security Certificate
  EXE
  Application
  HLP
  Help file
  HTA
  HTML Application
  INF
  Setup Information
  INS
  INS File
  ISP
  ISP File
  LNK
  Shortcut
  MDB
  Microsoft Access Database
  MDE
  Microsoft Access MDE Database
  MSC
  Microsoft Common Console Document
  MSI
  Windows Installer Package
  MSP
  Windows Installer Patch
  MST
  MST File
  OCX
  ActiveX control
  PCD
  PCD File
  PIF
  Shortcut to MS-DOS Program
  REG
  Registration Entries
  SCR
  Screen saver
  SHS
  SHS File
  URL
  Internet Shortcut
  VB
  VB File
  WSC
  Windows Script Component
  Trusted Publishers
  Trusted publisher management
  Allow all administrators and users to manage user's own Trusted Publishers
  Certificate verification
  None
  Software Restriction Policies/Security Levels
  Policy
  Setting
  Winning GPO
  Default Security Level
  Unrestricted
  SFD Restricted Users
  Software Restriction Policies/Additional Rules
  Path Rules
  %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
  Security Level
  Unrestricted
  Description
  Date last modified
  9/30/2011 12:34:27 PM
  Winning GPO
  SFD Restricted Users
  %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
  Security Level
  Unrestricted
  Description
  Date last modified
  9/30/2011 12:34:27 PM
  Winning GPO
  SFD Restricted Users
  Administrative Templates
  Policy definitions (ADMX files) retrieved from the local machine.
  Control Panel
  Policy
  Setting
  Winning GPO
  Network/Network Connections
  Policy
  Setting
  Winning GPO
  This setting determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to users.
  If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled for all users, and users cannot open the Local Area Connection Properties dialog box.
  Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
  If you disable this setting or do not configure it, a Properties menu item appears when users right-click the icon representing a LAN connection. Also, when users select the connection, Properties is enabled on the File menu.
  Note: This setting takes precedence over settings that manipulate the availability of features inside the Local Area Connection Properties dialog box. If this setting is enabled, nothing within the properties dialog box for a LAN connection is available to
  users.
  Note: Nonadministrators have the right to view the properties dialog box for a connection but not to make changes, regardless of this setting." gpmc_settingname="Prohibit access to properties of a LAN connection" gpmc_settingpath="User Configuration/Administrative
  Templates/Network/Network Connections" gpmc_supported="At least Windows 2000 Service Pack 1" href="javascript:void();" onclick="javascript:showExplainText(this); return false;">Prohibit access to properties of a LAN connection
  Enabled
  SFD Restricted Users
  If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the check boxes for enabling and disabling components are disabled. As a result, administrators cannot enable or disable the components that
  a connection uses.
  Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
  If you disable this setting or do not configure it, the Properties dialog box for a connection includes a check box beside the name of each component that the connection uses. Selecting the check box enables the component, and clearing the check box disables
  the component.
  Note: When the "Prohibit access to properties of a LAN connection" setting is enabled, users are blocked from accessing the check boxes for enabling and disabling the components of a LAN connection.
  Note: Nonadministrators are already prohibited from enabling or disabling components for a LAN connection, regardless of this setting." gpmc_settingname="Prohibit Enabling/Disabling components of a LAN connection" gpmc_settingpath="User
  Configuration/Administrative Templates/Network/Network Connections" gpmc_supported="Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only" href="javascript:void();" onclick="javascript:showExplainText(this);
  return false;">Prohibit Enabling/Disabling components of a LAN connection
  Enabled
  SFD Restricted Users
  Windows Components/Internet Explorer
  Policy
  Setting
  Winning GPO
  If you enable this policy setting, the user will not be able to configure proxy settings.
  If you disable or do not configure this policy setting, the user can configure proxy settings." gpmc_settingname="Prevent changing proxy settings" gpmc_settingpath="User Configuration/Administrative Templates/Windows Components/Internet
  Explorer" gpmc_supported="At least Internet Explorer 5.0" href="javascript:void();" onclick="javascript:showExplainText(this); return false;">Prevent changing proxy settings
  Enabled
  SFD Restricted Users
  Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone
  Policy
  Setting
  Winning GPO
  Allow file downloads
  Disable
  Extra Registry Settings
  Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.
  Setting
  State
  Winning GPO
  Software\Policies\Microsoft\office\14.0\outlook\ForceOSTPath
  P:\My Documents\Outlook Files
  SFD Restricted Users
  Software\Policies\Microsoft\office\14.0\outlook\ForcePSTPath
  P:\My Documents\Outlook Files
  SFD Restricted Users

• I get a Group Policy Disk Quota failure at every system start

  This is very long, my apologies
  I asked this question about a month ago and then had some medical problems so I'm starting over again.
  Whenever I start my system I get a message on the screen that the system is trying to run Group Policy for Disk Quotas.  To my knowledge I've never set a disk quota policy and I can't find any indication that one is currently set.  I freely admit
  that I could be responsible for this.  I might have done something in the early days of the system because it wasn't happening for the first month or two.
  This time I did more reading and found a procedure on TechNet at:
  "http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx" which led me step by step through the procedure, although I still can't make sense of the results.
  So far I've verified that there are no policies set and that all the hard drives (3) have the Disk Quota bit 'disabled'.  I did this as 'Administrator'.
  The results from the TechNet procedure turned out to be quite long but I'm listing it here in hope that someone in the community will be familiar with this problem and be able to use the information to figure out the problem. 
  Here are the results:
  From: TechNet Group Policy Testing
  ( "http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx" )
  1 - Troubleshooting using the Group Policy operational log
        a - Determine the instance of Group Policy processing
             (Before you view the Group Policy operational log, you must first determine 
             the instance of Group Policy processing that failed.)
  My ActivityID from the Group Policy operational log = C87E5BC2-FD21-4794-B678-787AB587D8D5
  2 - Create a custom view, via a query, of the Group Policy instance
  My resultant query:
  <QueryList><Query Id="0" Path="Application"><Select Path="Microsoft-Windows-GroupPolicy/Operational">*[System/Correlation/@ActivityID='{C87E5BC2-FD21-4794-B678-787AB587D8D5}']</Select></Query></QueryList>
  3 - Results of running the query from step 2 are listed below, in chronological order, including the complete 'detail' sections from each event.
  event 4000
  Event Description(s) = Computer startup
  BEGIN DETAIL SECTION-----------------------------------------------------------------------------
  - System 
    - Provider 
     [ Name]  Microsoft-Windows-GroupPolicy 
     [ Guid]  {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9} 
      EventID 4000 
      Version 1 
      Level 4 
      Task 0 
      Opcode 1 
      Keywords 0x4000000000000000 
     - TimeCreated 
     [ SystemTime]  2010-05-15T13:29:33.598400000Z 
      EventRecordID 22707 
     - Correlation 
     [ ActivityID]  {C87E5BC2-FD21-4794-B678-787AB587D8D5} 
     - Execution 
     [ ProcessID]  1280 
     [ ThreadID]  1784 
      Channel Microsoft-Windows-GroupPolicy/Operational 
      Computer GROK 
     - Security 
     [ UserID]  S-1-5-18 
   - EventData 
    PolicyActivityId {C87E5BC2-FD21-4794-B678-787AB587D8D5} 
    PrincipalSamName WORKGROUP\GROK$ 
    IsMachine 1 
    IsDomainJoined false 
    IsBackgroundProcessing false 
    IsAsyncProcessing false 
    IsServiceRestart false 
    ReasonForSyncProcessing 2 
  END DETAIL SECTION-------------------------------------------------------------------------------
  event 5320
  Event Description(s) = Checking for Group Policy client extensions that are not part of the system.
  Event Description(s) = Service configuration update to standalone is not required and will be skipped.
  BEGIN DETAIL SECTION------------------------------------------------------------------------------
  - System 
    - Provider 
     [ Name]  Microsoft-Windows-GroupPolicy 
     [ Guid]  {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9} 
      EventID 5320 
      Version 0 
      Level 4 
      Task 0 
      Opcode 0 
      Keywords 0x4000000000000000 
     - TimeCreated 
     [ SystemTime]  2010-05-15T13:29:33.614000000Z 
      EventRecordID 22711 
     - Correlation 
     [ ActivityID]  {C87E5BC2-FD21-4794-B678-787AB587D8D5} 
     - Execution 
     [ ProcessID]  1280 
     [ ThreadID]  1784 
      Channel Microsoft-Windows-GroupPolicy/Operational 
      Computer GROK 
     - Security 
     [ UserID]  S-1-5-18 
   - EventData 
    InfoDescription %%4161 
  END DETAIL SECTION-------------------------------------------------------------------------------
  event 5313
  Event Description(s) = The following Group Policy objects were not applicable because they were filtered out : 
  BEGIN DETAIL SECTION------------------------------------------------------------------------------
  - System 
    - Provider 
     [ Name]  Microsoft-Windows-GroupPolicy 
     [ Guid]  {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9} 
      EventID 5313 
      Version 0 
      Level 4 
      Task 0 
      Opcode 0 
      Keywords 0x4000000000000000 
     - TimeCreated 
     [ SystemTime]  2010-05-15T13:29:33.614000000Z 
      EventRecordID 22710 
     - Correlation 
     [ ActivityID]  {C87E5BC2-FD21-4794-B678-787AB587D8D5} 
     - Execution 
     [ ProcessID]  1280 
     [ ThreadID]  1784 
      Channel Microsoft-Windows-GroupPolicy/Operational 
      Computer GROK 
     - Security 
     [ UserID]  S-1-5-18 
   - EventData 
    DescriptionString None 
    GPOInfoList  
  END DETAIL SECTION-------------------------------------------------------------------------------
  event 5311
  Event Description(s) = The loopback policy processing mode is "No loopback mode".
  BEGIN DETAIL SECTION------------------------------------------------------------------------------
  - System 
    - Provider 
     [ Name]  Microsoft-Windows-GroupPolicy 
     [ Guid]  {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9} 
      EventID 5311 
      Version 0 
      Level 4 
      Task 0 
      Opcode 0 
      Keywords 0x4000000000000000 
     - TimeCreated 
     [ SystemTime]  2010-05-15T13:29:33.614000000Z 
      EventRecordID 22708 
     - Correlation 
     [ ActivityID]  {C87E5BC2-FD21-4794-B678-787AB587D8D5} 
     - Execution 
     [ ProcessID]  1280 
     [ ThreadID]  1784 
      Channel Microsoft-Windows-GroupPolicy/Operational 
      Computer GROK 
     - Security 
     [ UserID]  S-1-5-18 
   - EventData 
    PolicyProcessingMode 0 
  END DETAIL SECTION-------------------------------------------------------------------------------
  event 5312
  Event Description(s) = List of applicable Group Policy objects: 
  Event Description(s) = Local Group Policy
  BEGIN DETAIL SECTION------------------------------------------------------------------------------
  - System 
    - Provider 
     [ Name]  Microsoft-Windows-GroupPolicy 
     [ Guid]  {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9} 
      EventID 5312 
      Version 0 
      Level 4 
      Task 0 
      Opcode 0 
      Keywords 0x4000000000000000 
     - TimeCreated 
     [ SystemTime]  2010-05-15T13:29:33.614000000Z 
      EventRecordID 22709 
     - Correlation 
     [ ActivityID]  {C87E5BC2-FD21-4794-B678-787AB587D8D5} 
     - Execution 
     [ ProcessID]  1280 
     [ ThreadID]  1784 
      Channel Microsoft-Windows-GroupPolicy/Operational 
      Computer GROK 
     - Security 
     [ UserID]  S-1-5-18 
   - EventData 
    DescriptionString Local Group Policy  
    GPOInfoList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name><Version>524296</Version><SOM>Local</SOM><FSPath>C:\Windows\System32\GroupPolicy\Machine</FSPath><Extensions>[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{3610EDA5-77EF-11D2-8DC5-00C04FA31A66}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{F3CCC681-B74C-4060-9F26-CD84525DCA2A}{0F3F3735-573D-9804-99E4-AB2A69BA5FD4}]</Extensions></GPO> 
  END DETAIL SECTION-------------------------------------------------------------------------------
  event 4016
  Event Description(s) = Starting Microsoft Disk Quota Extension Processing. 
  Event Description(s) = List of applicable Group Policy objects: (Changes were detected.)
  Event Description(s) = Local Group Policy
  BEGIN DETAIL SECTION------------------------------------------------------------------------------
  - System 
    - Provider 
     [ Name]  Microsoft-Windows-GroupPolicy 
     [ Guid]  {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9} 
      EventID 4016 
      Version 0 
      Level 4 
      Task 0 
      Opcode 1 
      Keywords 0x4000000000000000 
     - TimeCreated 
     [ SystemTime]  2010-05-15T13:29:33.614000000Z 
      EventRecordID 22714 
     - Correlation 
     [ ActivityID]  {C87E5BC2-FD21-4794-B678-787AB587D8D5} 
     - Execution 
     [ ProcessID]  1280 
     [ ThreadID]  1784 
      Channel Microsoft-Windows-GroupPolicy/Operational 
      Computer GROK 
     - Security 
     [ UserID]  S-1-5-18 
   - EventData 
    CSEExtensionId {3610EDA5-77EF-11D2-8DC5-00C04FA31A66} 
    CSEExtensionName Microsoft Disk Quota 
    IsExtensionAsyncProcessing false 
    IsGPOListChanged true 
    GPOListStatusString %%4102 
    DescriptionString Local Group Policy  
    ApplicableGPOList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name></GPO> 
  END DETAIL SECTION-------------------------------------------------------------------------------
  event 5320
  Event Description(s) = Finished checking for non-system extensions.
  BEGIN DETAIL SECTION------------------------------------------------------------------------------
  - System 
    - Provider 
     [ Name]  Microsoft-Windows-GroupPolicy 
     [ Guid]  {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9} 
      EventID 5320 
      Version 0 
      Level 4 
      Task 0 
      Opcode 0 
      Keywords 0x4000000000000000 
     - TimeCreated 
     [ SystemTime]  2010-05-15T13:29:33.614000000Z 
      EventRecordID 22713 
     - Correlation 
     [ ActivityID]  {C87E5BC2-FD21-4794-B678-787AB587D8D5} 
     - Execution 
     [ ProcessID]  1280 
     [ ThreadID]  1784 
      Channel Microsoft-Windows-GroupPolicy/Operational 
      Computer GROK 
    - Security 
     [ UserID]  S-1-5-18 
  - EventData 
    InfoDescription %%4165 
  END DETAIL SECTION-------------------------------------------------------------------------------
  event 4016
  Event Description(s) = Starting Audit Policy Configuration Extension Processing. 
  Event Description(s) = List of applicable Group Policy objects: (No changes were detected.)
  Event Description(s) = Local Group Policy
  BEGIN DETAIL SECTION------------------------------------------------------------------------------
  - System 
    - Provider 
     [ Name]  Microsoft-Windows-GroupPolicy 
     [ Guid]  {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9} 
      EventID 4016 
      Version 0 
      Level 4 
      Task 0 
      Opcode 1 
      Keywords 0x4000000000000000 
     - TimeCreated 
     [ SystemTime]  2010-05-15T13:31:21.987200000Z 
      EventRecordID 22718 
     - Correlation 
     [ ActivityID]  {C87E5BC2-FD21-4794-B678-787AB587D8D5} 
     - Execution 
     [ ProcessID]  1280 
     [ ThreadID]  1784 
      Channel Microsoft-Windows-GroupPolicy/Operational 
      Computer GROK 
     - Security 
     [ UserID]  S-1-5-18 
   - EventData 
    CSEExtensionId {F3CCC681-B74C-4060-9F26-CD84525DCA2A} 
    CSEExtensionName Audit Policy Configuration 
    IsExtensionAsyncProcessing true 
    IsGPOListChanged false 
    GPOListStatusString %%4101 
    DescriptionString Local Group Policy  
    ApplicableGPOList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name></GPO> 
  END DETAIL SECTION-------------------------------------------------------------------------------
  event 7016
  Event Description(s) = Completed Microsoft Disk Quota Extension Processing in 108374 milliseconds.
  BEGIN DETAIL SECTION-------------------------------------------------------------------------------------
  - System 
    - Provider 
     [ Name]  Microsoft-Windows-GroupPolicy 
     [ Guid]  {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9} 
      EventID 7016 
      Version 0 
      Level 2 
      Task 0 
      Opcode 2 
      Keywords 0x4000000000000000 
     - TimeCreated 
     [ SystemTime]  2010-05-15T13:31:21.987200000Z 
      EventRecordID 22717 
     - Correlation 
     [ ActivityID]  {C87E5BC2-FD21-4794-B678-787AB587D8D5} 
     - Execution 
     [ ProcessID]  1280 
     [ ThreadID]  1784 
      Channel Microsoft-Windows-GroupPolicy/Operational 
      Computer GROK 
     - Security 
     [ UserID]  S-1-5-18 
   - EventData 
    CSEElaspedTimeInMilliSeconds 108374 
    ErrorCode 2147942402 
    CSEExtensionName Microsoft Disk Quota 
    CSEExtensionId {3610EDA5-77EF-11D2-8DC5-00C04FA31A66} 
  END DETAIL SECTION-----------------------------------------------------------------------------------------
  event 5016
  Event Description(s) = Completed Microsoft Disk Quota Extension Processing in 108374 milliseconds.
  BEGIN DETAIL SECTION----------------------------------------------------------------------------------------
  - System 
    - Provider 
     [ Name]  Microsoft-Windows-GroupPolicy 
     [ Guid]  {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9} 
      EventID 5016 
      Version 0 
      Level 4 
      Task 0 
      Opcode 2 
      Keywords 0x4000000000000000 
     - TimeCreated 
     [ SystemTime]  2010-05-15T13:31:22.314800000Z 
      EventRecordID 22720 
     - Correlation 
     [ ActivityID]  {C87E5BC2-FD21-4794-B678-787AB587D8D5} 
     - Execution 
     [ ProcessID]  1280 
     [ ThreadID]  1784 
      Channel Microsoft-Windows-GroupPolicy/Operational 
      Computer GROK 
     - Security 
     [ UserID]  S-1-5-18 
   - EventData 
    CSEElaspedTimeInMilliSeconds 312 
    ErrorCode 2147483658 
    CSEExtensionName Audit Policy Configuration 
    CSEExtensionId {F3CCC681-B74C-4060-9F26-CD84525DCA2A} 
  END DETAIL SECTION-----------------------------------------------------------------------------------------
  Event 8000
  Event Description(s) = Completed computer boot policy processing for WORKGROUP\GROK$ in 108 seconds.
  BEGIN DETAIL SECTION----------------------------------------------------------------------------------------
  - System 
    - Provider 
     [ Name]  Microsoft-Windows-GroupPolicy 
     [ Guid]  {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9} 
      EventID 8000 
      Version 1 
      Level 4 
      Task 0 
      Opcode 2 
      Keywords 0x4000000000000000 
     - TimeCreated 
     [ SystemTime]  2010-05-15T13:31:22.330400000Z 
      EventRecordID 22721 
     - Correlation 
     [ ActivityID]  {C87E5BC2-FD21-4794-B678-787AB587D8D5} 
     - Execution 
     [ ProcessID]  1280 
     [ ThreadID]  1784 
      Channel Microsoft-Windows-GroupPolicy/Operational 
      Computer GROK 
     - Security 
     [ UserID]  S-1-5-18 
   - EventData 
    PolicyElaspedTimeInSeconds 108 
    ErrorCode 0 
    PrincipalSamName WORKGROUP\GROK$ 
    IsMachine 1 
    IsConnectivityFailure false 
  END DETAIL SECTION-----------------------------------------------------------------------------------------
  End of results.
  Thanks to all,
  wegrok
  Win7 Ultimate x64, 8 GB ram, AMD Phenom 9950 Quad-proc @2.6Ghz, HD = 1TB ASUS M4N72-E mobo, Video = NVIDIA GeForce 8800 GT w/ Dell 2407 Digital Monitor -------------------------------------------------------------------------------------------------------

  Did you ever have luck tracking this down?  Im getting this error and have no clue where it is coming from.  I have not enabled gp disk quotas, but I do have a network share on a domain member server that has quotas attached to each users folder. 
  I removed the quotas and still get this error when I manually perform a gpupdate. 

• Request for Sticky #2 - Advanced Group Policy Troubleshooting Help

  GPOMG!
  Group Policy driving you crazy? Here are some advanced troubleshooting tools (beyond RSOP, GPRESULT, etc.) that may be helpful. For first level troubleshooting, check out this link:
  http://technet.microsoft.com/en-us/library/cc787386(v=WS.10).aspx
  EVENT VIEWER (NEW & IMPROVED!)
  Event viewer in Windows 7 has more detail about Group Policy. Start your event viewer (may need to run as an admin. account). Navigate to:
  Applications and Services Logs>Microsoft>Windows>GroupPolicy>Operational
  Here you will find events that are related to Group Policy processing. You can determine how long it takes to run the various pieces of your particular GP as well as diagnostic information that can be very helpful when trying to figure out what is happening
  with GP.
  http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx
  Events 4016 and 5016 show the start and end of processing of groups of policies, including how long it took to apply each one in the end event.
  Event 5312 shows policies that will be applied, and 5317 shows policies that are explicitly filtered out.
  Events 8000 and 8001 respectively show the total processing time for computer boot and user boot GP processing, and 8006 and 8007 show the same for interim/periodic GP processing.
  GPLOGVIEW TOOL
  A similar tool is called GPLOGVIEW. You must run this from the elevated command prompt. It will produce a XML, HTML, or simple text file of the GP events for export and review. You can even do a live monitor while you run GPUPDATE /force.
  http://technet.microsoft.com/en-us/magazine/dd315424.aspx
  GPSVR/GPSVC LOG FILE
  If the normal tricks above don’t provide you with enough information, this should do it! There is a service called
  GPSVR that gives you everything you ever wanted to know about Group Policy running on your workstation. Here is how to get more information from the GPSVR service in Windows 2008/Visa/Win 7. 
  Step 1: Enable logging in the Gpsvc.log file. To enable logging in the Gpsvc.log file, follow these steps:
  Click Start, click Run, type regedit, and then click OK (might want to backup your registry first).
   Make sure that you have the folder %windir%\debug\usermode, if the usermode folder is not there, then manually create it.
  Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
   On the Edit menu, point to New, and then click Key.
   Type Diagnostics, and then press ENTER.
   Right-click the Diagnostics subkey, point to New, and then click DWORD Value.
   Type GPSvcDebugLevel, and then press ENTER.
   Right-click GPSvcDebugLevel, and then click Modify.
   In the Value data box, type 30002 (as hex), and then click OK.
   Exit Registry Editor.
  Reboot machine.
   At a command prompt, type the following command, and then press ENTER: gpupdate /force
   You will find the Gpsvc.log file in the following folder: %windir%\debug\usermode
  Step 2: I use Notepad ++ to analyze this log file. It can help you troubleshoot, step, by step what GP is doing as your workstation/user is getting logged in. Timing, access/permission issues, SID information and more are all included
  in this log file.
  Step 3: When you are done, change the value of HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics|GPSvcDebugLevel to 0x00000000 to disable the debug log or else it will continue to grow.
  Charlie Newman

  Hi,
  I have posted an MST file which fixes this and other issues to the following thread here:
  http://forums.adobe.com/message/2697135#2697135
  Please post any feedback to that thread!
  Kind regards,
  Chris Hill