Group Policy processing failure on 2008 when MIX Domain 2003 with DC 2008
Dear I try to add additional Windows 2008 Domain to My Domain controller 2003 and I ma Receiving Group policy error in DC 2008 With Event ID 1055
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1055</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-03-06T14:36:44.411955300Z" />
<EventRecordID>3859</EventRecordID>
<Correlation ActivityID="{28DAD258-26D0-4C1E-A4B7-F37DEE04C8F1}" />
<Execution ProcessID="952" ThreadID="3276" />
<Channel>System</Channel>
<Computer>PRIMARYDC.Qtit.com</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">1632</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">1578</Data>
<Data Name="ErrorCode">5</Data>
<Data Name="ErrorDescription">Access is denied.</Data>
</EventData>
</Event>
I install See KB939820 for a hotfix applicable to Microsoft DC 2003 regrading to he KRBTGT account
Refer Url : http://support.microsoft.com/kb/939820
I run dcdiag /v on and repadmin /showrepl at DC 2008
the dcdiag /v result
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine PRIMARYDC, is a Directory Server.
Home Server = PRIMARYDC
* Connecting to directory service on server PRIMARYDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... PRIMARYDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Advertising
The DC PRIMARYDC is advertising itself as a DC and having a DS.
The DC PRIMARYDC is advertising as an LDAP server
The DC PRIMARYDC is advertising as having a writeable directory
The DC PRIMARYDC is advertising as a Key Distribution Center
The DC PRIMARYDC is advertising as a time server
The DS PRIMARYDC is advertising as a GC.
......................... PRIMARYDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:18:56
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:53:21
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
......................... PRIMARYDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... PRIMARYDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... PRIMARYDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... PRIMARYDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Domain Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role PDC Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Rid Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
......................... PRIMARYDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC PRIMARYDC on DC PRIMARYDC.
* SPN found :LDAP/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :LDAP/PRIMARYDC.Qtit.com
* SPN found :LDAP/PRIMARYDC
* SPN found :LDAP/PRIMARYDC.Qtit.com/QTIT
* SPN found :LDAP/e3d8c76c-1b59-4de6-9f7f-c438df9a2863._msdcs.Qtit.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e3d8c76c-1b59-4de6-9f7f-c438df9a2863/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com
* SPN found :HOST/PRIMARYDC
* SPN found :HOST/PRIMARYDC.Qtit.com/QTIT
* SPN found :GC/PRIMARYDC.Qtit.com/Qtit.com
......................... PRIMARYDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC PRIMARYDC.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
DC=DomainDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=Qtit,DC=com
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Qtit,DC=com
(Configuration,Version 3)
* Security Permissions Check for
DC=Qtit,DC=com
(Domain,Version 3)
......................... PRIMARYDC failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\PRIMARYDC\netlogon
Verified share \\PRIMARYDC\sysvol
......................... PRIMARYDC passed test NetLogons
Starting test: ObjectsReplicated
PRIMARYDC is in domain DC=Qtit,DC=com
Checking for CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com in domain DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com in domain CN=Configuration,DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
......................... PRIMARYDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... PRIMARYDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 14607 to 1073741823
* SecondAD.Qtit.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 14107 to 14606
* rIDPreviousAllocationPool is 14107 to 14606
* rIDNextRID: 14124
......................... PRIMARYDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... PRIMARYDC passed test Services
Starting test: SystemLog
* The System Event log test
A warning event occurred. EventID: 0x0000A001
Time Generated: 03/06/2014 16:04:05
Event String:
The Security System could not establish a secured connection with the server ldap/PRIMARYDC.Qtit.com/[email protected]. No authentication protocol was available.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:06:35
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:11:36
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:16:38
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:21:39
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:26:41
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:46
Event String:
Driver TOSHIBA e-STUDIO16/20/25 PCL 6 required for printer TOSHIBA e-STUDIO16/20/25 PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:48
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:49
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:14
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:31:42
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
......................... PRIMARYDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com and backlink on
CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on
CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (frsComputerReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com are
correct.
......................... PRIMARYDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Qtit
Starting test: CheckSDRefDom
......................... Qtit passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Qtit passed test CrossRefValidation
Running enterprise tests on : Qtit.com
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
PDC Name: \\SecondAD.Qtit.com
Locator Flags: 0xe00001bd
Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
Preferred Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
KDC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
......................... Qtit.com passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... Qtit.com passed test Intersite
repadmin /showrepl Result
******************************8
==== INBOUND NEIGHBORS ===================================
DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:04 was successful.
CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:39 was successful.
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
DC=DomainDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:27:31 was successful.
DC=ForestDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
I try to down the DC 2003 and access \\Qtit.com it success open the syslog on DC 2008
Any help or advice
Hi,
Were there other error codes logged in Event Viewer?
Regarding Event ID 1055, the following article can be referred to for troubleshooting.
Event ID 1055 — Group Policy Preprocessing (Security)
http://technet.microsoft.com/en-us/library/cc727272(v=ws.10).aspx
Based on the report you posted, this issue may be related to FRS replication service. As a result, we can use ntfrsutl tool to check whether the replication service is healthy.
Regarding this point, the following articles can be referred to for more information.
Troubleshooting File Replication Service
http://technet.microsoft.com/en-us/library/bb727056.aspx
Ntfrsutl
http://technet.microsoft.com/en-us/library/hh875636.aspx
In addition, we can also try doing a non-authoritative Sysvol restore on Windows Server 2008 DC to see whether the issue persists.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762/en-us
Hope it helps.
Best regards,
Frank Shen
Similar Messages
-
Group Policy Preferences File Copy - Access is Denied on 2003 but not 2008 R2
Hello,
I have created a GPO which copies a file from a network share into a new folder under Program Files. This policy works just fine on a Windows 2008 box, but not on 2003. I've used "psexec -i -s cmd.exe" to verify system account permission to the
share. I am able to successfully browse and copy files from the share as the system account on both boxes.
However, when the GPO attempts to perform the file copy, it does not work, and generates the following error message:
Event Type: Warning
Event Source: Group Policy Files
Event Category: (2)
Event ID: 4098
Date: 8/28/2013
Time: 3:32:12 PM
User: NT AUTHORITY\SYSTEM
Computer: Server01
Description:
The computer 'file.txt' preference item in the 'TXT File Copy {9176122B-1A50-4AB8-91D9-6E8553727E18}' Group Policy object did not apply because it failed with error code '0x80070005 Access is denied.' This error was suppressed.
I am trying to avoid writing a login script, so I am hoping someone will be able to help me figure out why this works fine on Windows 2008 but not Windows 2003. Please note file names and paths are modified here for security reasons, but the principle is
the same.
My GPO is:
Computer Configuration\Preferences\Windows Settings\Files
File (Target Path: c:\Program Files\path\to\file\file.txt)
Source file: \\share\path\to\file\file.txt
Destination File: c:\program files\path\to\file\file.txt
Action: Update
Suppress errors on individual file actions: Disabled
Read-Only: Enabled
Hidden: Disabled
Archive: Enabled
Stop Processing items on this extension if an error occurrs on this item: No
Remove this item when it is no longer applied: No
Apply once and do not reapply: No
Item-level Targeting: None
ThanksAs a user, I am able to browse the share just fine using the alias. It is only when I try to access the share using the system account that I encounter a problem.
experiencing the exact same symptoms. in the tests below, server, client1, and client2 are all are native instances of microsoft windows server.
server: windows server 2008 R2 standard SP1
client1: windows server 2003 standard SP2
client2: windows server 2008 R2 standard SP1
registry setting "DisableLoopbackCheck": unconfigured on server; unconfigured on client1; unconfigured on client2
registry setting "DisableStrictNameChecking": configured as "1" on server; unconfigured on client1; unconfigured on client2
domain user on client1 attempt to access server by name: success
domain user on client1 attempt to access server by alias: success
domain user on client2 attempt to access server by name: success
domain user on client2 attempt to access server by alias: success
local system on client1 attempt to access server by name: success
local system on client1 attempt to access server by alias: failed (system error 5 has occurred. access is denied.)
local system on client2 attempt to access server by name: success
local system on client2 attempt to access server by alias: success
all tests done using "net view \\target", but similar results were seen when using "dir \\target\share" which the domain user and local system account have access to.
the differing behavior between client1 and client 2 suggests that server 2003 requires additional configuration to allow its local system account to access an SMB share by alias.
this problem prevents group policy features (such as software installation) from an aliased file server. -
Please Help| group policy site failure
hey all, i have some big problem in my network.
i have 3 site named by city.
tel aviv-server 2012
beer sheva-server 2008r2
netanya-server 2008 r2
i crete gpo(computer management) that deny access to mmc.exe
computer management--->windows settings--->securtiy--->file system
and add---> %systemroot%/system32/mmc.exe and deny access to user.
now i go to check the gpo in client side with gpresult /scope computer /r and see that some computers in tel aviv site connected to netanya/beer sheva site.
what can i do ?
i have a situation that not matter what i do i cant release mmc.exe to users.Hi eranvak,
Before going further, would you please let me confirm something more? Would you please descript how you configure
the group policy summarily? For example, when you create the GPO, where the GPO link to? Did you directly link GPO to the default Domain? Or in GPMC, right click the site and select
Link an Existing GPO…? Or any other I misunderstand, please feel free to let me know.
In addition, you descript “enable the inheritance option”, did you mean that just uncheck
Block Inheritance option?
Sorry for my confusion. Thanks for your understanding.
There are two articles for Group Policy Inheritance. Please refer to.
Group Policy Inheritance
http://technet.microsoft.com/en-us/library/cc739343(v=ws.10).aspx
Managing inheritance of Group Policy
http://technet.microsoft.com/en-us/library/cc757050(v=ws.10).aspx
Hope this helps.
Best regards,
Justin Gu -
Deleted Policy from sysvol location by mistake - Group Policy Infrasturure Failure - 2008 R2
Hello, I accidentally deleted a GPO Policy from the Policies Folder in the sysvol location. I was sure that it was not being used but was somehow causing an errors when i ran an rsop on my test machine.
Group Policy Infrastructure failed due to the error listed below.
The system cannot find the path specified.
Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available
Getting it from Backup would take too long.
There are no auditing on the DC and cant work out how to recover it now. Is there anyway to get this back? I have checked the other DCs but couldnt find the exact policy ID before replication.
Thanks
GP 2008 R2> *Group Policy Infrastructure failed due to the error listed below.*
> *The system cannot find the path specified.*
gpotool.exe is a handy tool for this :) Download at MS.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Windows 7 Group Policy Processing - EventID 1058
I am having an issue with Windows 7 clients refreshing group policy. When I run gpupdate the user policy refreshes and the moves on to the computer policies but fails displaying the error below. Replication topology checks out, dcdiag returns
no errors and sysvol permissions look ok too. Curiously the same policies apply just fine on windows xp pro systems. The Domain Controller is running Server 2008 Enterprise Edt R2 SP1, I see no 1030 eventid's on the domain controllers as others
frequently report with this error. The domain is running at Windows Server 2003 functional level but I have creaded a PolicyDefinitions folder in the sysvol for admx files etc. Where to go from here? Does anyone have any suggestions/insight
as to what the issue may be?
The sysvol and the gpt.ini file is accessible from the Windows 7 client using UNC path.
Thanks in advance for any assistance given.
The error code listed is 0 which is not mentioned in this article
http://social.technet.microsoft.com/wiki/contents/articles/1456.aspx
## Error details
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 2/8/2012 2:38:09 PM
Event ID: 1058
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: win7box.abc123.net
Description:
The processing of Group Policy failed. Windows attempted to read the file
\\abc123.net\SysVol\abc123.net\Policies\{EB062BE8-CAF6-47B4-9B8B-27A19268C520}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused
by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1058</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-02-08T20:38:09.770740300Z" />
<EventRecordID>3972</EventRecordID>
<Correlation ActivityID="{24F60AA4-DC8D-4F6D-8787-9535072F03C0}" />
<Execution ProcessID="996" ThreadID="1148" />
<Channel>System</Channel>
<Computer>win7box.abc123.net</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SupportInfo1">4</Data>
<Data Name="SupportInfo2">816</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">3354</Data>
<Data Name="ErrorCode">0</Data>
<Data Name="ErrorDescription">The operation completed successfully. </Data>
<Data Name="DCName">DC.abc123.net</Data>
<Data Name="GPOCNName">CN={EB062BE8-CAF6-47B4-9B8B-27A19268C520},CN=Policies,CN=System,DC=abc123,DC=net</Data>
<Data Name="FilePath">\\abc123.net\SysVol\abc123.net\Policies\{EB062BE8-CAF6-47B4-9B8B-27A19268C520}\gpt.ini</Data>
</EventData>
</Event>
## DCDiag Results (No RODC's hence NCSecDesc error )
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: North\DC
Starting test: Connectivity
......................... DC passed test Connectivity
Doing primary tests
Testing server: North\DC
Starting test: Advertising
......................... DC passed test Advertising
Starting test: FrsEvent
......................... DC passed test FrsEvent
Starting test: DFSREvent
......................... DC passed test DFSREvent
Starting test: SysVolCheck
......................... DC passed test SysVolCheck
Starting test: KccEvent
......................... DC passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=abc123,DC=net
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=abc123,DC=net
......................... DC failed test NCSecDesc
Starting test: NetLogons
......................... DC passed test NetLogons
Starting test: ObjectsReplicated
......................... DC passed test ObjectsReplicated
Starting test: Replications
......................... DC passed test Replications
Starting test: RidManager
......................... DC passed test RidManager
Starting test: Services
......................... DC passed test Services
Starting test: SystemLog
......................... DC passed test SystemLog
Starting test: VerifyReferences
......................... DC passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : abc123
Starting test: CheckSDRefDom
......................... abc123 passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... abc123 passed test CrossRefValidation
Running enterprise tests on : abc123.net
Starting test: LocatorCheck
......................... abc123.net passed test LocatorCheck
Starting test: Intersite
......................... abc123.net passed test IntersiteI shortened this down a good bit but here is the gist of it, my question is which context/user/account is being denied access to the .ini files? I have never used the streams utility but I'll give it a whirl and report back what I get. Most of
the cannot be accessed are probably just policies that are not applicable to the machine but the gpt.ini errors are baffling me.
New GPO - it appears that new GPOs are fine
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Searching <cn={5D0EF3CD-7942-4A89-A879-4F9FDB3064BF},cn=policies,cn=system,DC=abc123,DC=net>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Machine has access to this GPO.
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: GPO passes the filter check.
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found functionality version of: 2
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found file system path of: <\\abc123.net\SysVol\abc123.net\Policies\{5D0EF3CD-7942-4A89-A879-4F9FDB3064BF}>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found common name of: <{5D0EF3CD-7942-4A89-A879-4F9FDB3064BF}>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found display name of: <gpoC-Win7Test>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found machine version of: GPC is 0, GPT is 0
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found flags of: 0
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: No client-side extensions for this object.
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: GPO gpoC-Win7Test doesn't contain any data since the version number is 0. It will be skipped.
Older GPO's - not so fine
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={B34A8F23-269C-43D8-A097-2307729FBFF6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Searching <CN={55338992-95C9-4FA2-80E4-0ED4A623EE09},CN=Policies,CN=System,DC=abc123,DC=net>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Machine has access to this GPO.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: GPO passes the filter check.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found functionality version of: 2
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found file system path of: <\\abc123.net\SysVol\abc123.net\Policies\{55338992-95C9-4FA2-80E4-0ED4A623EE09}>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found common name of: <{55338992-95C9-4FA2-80E4-0ED4A623EE09}>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found display name of: <gpoS-RealPlayerEnt6 - Security>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found machine version of: GPC is 0, GPT is 0
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found flags of: 0
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: No client-side extensions for this object.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: GPO gpoS-RealPlayerEnt6 - Security doesn't contain any data since the version number is 0. It will be skipped.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={C92FD413-E891-47E0-B554-BD7F9209D036},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={FEF33797-46D0-452A-B3D7-0BEEC2330592},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={CCBFECA5-2FF8-4512-8CE4-108C4092D009},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={767959D5-7AB6-4D55-A02E-3F54439CC7DA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={10DCAC5E-9904-41FF-B678-E8514F481E56},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={3229FD3D-868A-4406-AFAF-6449ADBB4749},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1DD39B5C-B930-4750-8EC3-42D0FB89A3B9},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={E10350D2-F632-4D5E-9668-4151596B1D77},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={86C864C5-C861-42FC-B728-BAEE81C9A091},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={FE1162BF-9FE2-4F04-A514-80A8E6D5F7CD},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={F68214D3-33F3-4F76-BE26-306D0237A048},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={CA6B06CE-C546-41F1-87FB-9013701AEF00},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={C8C9EFA2-90AA-4162-9051-23FD83B5CF62},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={DE445C4F-9A0F-488F-8769-C041CF2184AA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={7CDB465C-55AC-4CBC-9C18-F3ADACDFEB46},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={F4E0F78E-BE36-4793-A8B1-83B2D67083F1},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={53359F0A-8C9B-4831-936F-3D47C4CC2694},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={6793DBEE-47B0-458D-8F1C-D92EB7015733},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={93919120-7113-47C0-AA38-0561EAB18E42},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={5ABD1D9E-07E4-4A53-B854-A2FFC3B257CB},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={71E2B86C-A4A0-47C0-9D7F-BDD6220B9FA4},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={4401CF1C-7839-4496-BB87-304A8AB917FC},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1244CA5A-D654-4ED6-9374-148F1F3DA8ED},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={42875CF2-B9E9-4EFA-90C2-7ACA8882F1B7},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={6DD428B6-6B19-4A53-B172-57DB3E15A38E},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={983BFDAD-65F0-42B4-807A-E78DF275C352},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={AFA31A2D-07D8-4CB4-BE86-067A9624E324},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={77C9CA17-6359-4355-9FDF-F605F0441245},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={75D43291-6FA2-4B98-8422-228DDB45571B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={870C6FB3-74CD-46E8-9D4D-E6E6C0A2B52D},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={2144E4CF-01C1-4C5B-984B-E9BD4461406F},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={7D9DB917-1245-46BD-AEBF-163A2F0FCD06},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={B7431941-5DAA-4DD2-A569-35C31B92B677},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={D01BF1D1-33C8-4FC3-95C3-5948A1EE1647},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={57D4AD83-3BBF-43C2-9A3B-F71F3E52C2A6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={A8DB7DAC-42F0-43FC-99E1-F1AC15006101},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={56574927-6DC5-48A7-82F9-A00E820335F6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={2FB6858E-8B1C-4C89-83B2-0EEE97D9A72B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={93C56E3F-5334-4325-A328-0CCAFED0828B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1B64E00F-D3B6-49B6-B6C8-7AD0A8C9AEFA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={81B4E46C-8249-4547-BC75-9A1FB395E282},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={43D5184A-73C8-4BFD-9B09-33C70B8BC3C2},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Searching <CN={0ABE0BCF-0BC5-481E-AC86-5768D00901D5},CN=Policies,CN=System,DC=abc123,DC=net>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Machine has access to this GPO.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: GPO passes the filter check.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found functionality version of: 2
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found file system path of: <\\abc123.net\SysVol\abc123.net\Policies\{0ABE0BCF-0BC5-481E-AC86-5768D00901D5}>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Couldn't find the group policy template file <\\abc123.net\SysVol\abc123.net\Policies\{0ABE0BCF-0BC5-481E-AC86-5768D00901D5}\gpt.ini>,
error = 0x0. DC: DC2.abc123.net
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 EvalList: ProcessGPO failed
GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo: EvaluateDeferredGPOs failed. Exiting
GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo: Leaving with 0
GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo: ********************************
GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: GetGPOInfo failed.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: No WMI logging done in this policy cycle.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: Processing failed with error 87.
GPSVC(3e4.80c) 12:43:27:557 Application complete with bConnectivityFailure = 0.
GPSVC(3e4.80c) 12:43:27:557 Signalling 1 Refresh Policy callers
GPSVC(f84.df4) 12:43:27:557 Exiting RefreshPolicyForPrincipal with status = 0
GPSVC(3e4.80c) 12:43:27:557 GPLockPolicySection: Sid = (null), dwTimeout = 600000, dwFlags = 0
GPSVC(3e4.80c) 12:43:27:557 LockPolicySection called for user <Machine>
GPSVC(3e4.80c) 12:43:27:557 Sync Lock Called
GPSVC(3e4.80c) 12:43:27:557 Writer Lock got immediately.
GPSVC(3e4.80c) 12:43:27:557 Lock taken successfully
GPSVC(3e4.80c) 12:43:27:557 UnLockPolicySection called for user <Machine>
GPSVC(3e4.80c) 12:43:27:557 UnLocked successfully -
Group Policy Administrative Templates not applying on Windows XP SP3 - Windows Server 2008 R2
I have a Windows 2008 R2 domain with windows 7, and Windows XP SP3 client workstations.
I have a group policy to deny all access to removable storage in policies/administrative templates/system in user configuration (actually its in the computer configuration as well)
The problem is the policy is having no effect on the Windows XP machines. It works perfectly on Windows 7 machines.
Group policy in general is working on the Windows XP machines, as I can successfully map drives, push out scheduled tasks, and push out printers. (All preferences I know and I have GP Preferences client side extensions installed).
Its almost like the windows XP machines can't "understand" the admin templates from Windows Server 2008 R2.
Do I need to install something on the windows XP machines? What could be the problem?> Its almost like the windows XP machines can't "understand" the admin
> templates from Windows Server 2008 R2.
Simply read the "supported on" of these settings... Vista and above
required.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Group Policy changes cause Access Denied error for Domain Admin account
Hi All,
I am battling to get WSUS to work, and I think the route cause is problems editing the domain and domain controller group policy objects.
We have 1 DC, approx 20 clients. 1 GPO for DC, 1 GPO for clients. Ther e is a link to the default domain GPO in our staff (users) OU, I don't know if it should be there or not.
I log in as domain administrator, right-click the domain GPO in GPMC, click Edit.
Find the setting I want to edit (specify intranet microsoft update service location), double click.
Change something, click OK.
I get error:
Unhandled exception has occurred in a component in your application. If you click Continue, the application will ignore this error and attempt to continute.
Access is denied. (Exception from HRESULT: 0x80070005
(E_ACCESSDENIED)).
I have followed the steps in the links posted by Brent in another post called: "restricting-domain-admin-account-to-edit-group-policies" (no links allowed for my account yet sorry) and the user does have edit settings, delete, modify security delecation.
PLEASE NOTE: the solution may very well be something very simple/basic. I am reasonably computer savvy, but have just upgraded the whole network for an NGO on a voluntary basis. Never seen a sever before I came here, but I'm the best they have. Please bare
that in mind when offering advice :)
Any help appreciated!
JamesMore diagnostic info:
Inside GPMC, there's Group Policy Results.
If I right-click, Result Wizard, choose this computer, it works fine showing default domain controllers policy with alert that it's enforced.
If I browse for another PC (it comes up as Domain\PC name), click Next, I get error:
Failed to connect to DOMAIN\PCNAME due to the error listed below. Ensure that the Windows Management Instrumentation (WMI) service is enabled on the target computer, and consult the event log of the target computer for further details.
Details: the RPC server is unavailable.
If you need the recent related events, I will post them. I also checked that service on the client - it's automatic and started.
PPS Clients are all Win 7, PCs are 32bit, laptops are 64. Server is Windows Server 2012 Datacenter. WSUS when clicking Help -> About from the snap-in/GUI: 6.2.9200.16384.
PPPS Directory browsing for the whole WSUS object in IIS is enabled, thanks to SorinAlbu over at Spiceworks post WSUS and IIS.
PPPPS Launching IE and loading http://servername:8530/iuident.cab fails 404 error from both clients and server. That file in C:\Program Files\Update Services\WebServices\Root\iuident.cab doesn't exist. Maybe because we recently removed the WSUS role and reinstalled
it, to check if something went wrong the first time? It's all been configured using the snapin/GUI, but the new installation of the role hasn't yet connected to the Microsoft Update servers.
PPPPPS Added the Application Server role with default settings as recommended by the step by step guide to WSUS at Technet. Still no dice. -
Windows CAL server 2003 and Domain Server with a 2008 server as domain member
We have a Windows Server 2003 as domain controller with 70 user CALs, and we have added a Windows 2008 R2 OEM with 5 users licences.
I have no plans to migrate my domain controller 2003 to 2008 but the 2008 is a member of the domain and I need to know if we are fine with the licences.
Thanks for your help,
Alejandro SueldoHi
You need CAL for anything that would access the 2008. If a server that is accessed by only 5 user you are ok, but if like a Exchange for your 70 users, then you have to buy more CAL. (that link explain it good;
http://blogs.msdn.com/b/mssmallbiz/archive/2007/11/06/5942350.aspx)
Contact the VLSC to be sure at 100% before buying; (866) 230-0560
Regards, Philippe
Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
Answer an interesting question ? Create a
wiki article about it! -
Work Folders - Specific Group Policy's that are needed to satisfy domain client security level
Hi All,
We have Work Folders successfully set up on our domain. A non domain joined client can connect and gain access to their work folder share without issue.
I am now in the process of setting up domain connected laptops that will be used by staff. These laptop will have restrictions on them and the users that logon will not have admin privileges.
The work folder server has the device policies of:
Encrypt Work Folders
Automatically lock screen, and require a password
We are using Windows 8.1 enterprise clients, with the latest patches. If I turn off the "Automatically lock screen...." policy, a domain user can successfully sync their work. If I turn it back on they get the below error:
"Make sure that your account is an administrator on the PC and that all administrator accounts on this PC have a password."
I have set the group polices that I believe might effect this message, but have yet to get a successful sync. Could someone give me the exact group policies I would need to set for client to meet the security requirements.
Minimum password length of 6
Autolock screen set to be 15 minutes or less
Maximum password retry of 10 or lessHi,
Work Folders provides the two device policies that administrators can control. The policies are enforced on the Windows 8.1 clients before data sync is allowed.
The policy settings are not configurable, and they are enforced on the devices running with Windows 8.1 through the EAS Engine.
Please refer to the article below to troubleshoot the issue:
Work Folders for Windows 7
http://blogs.technet.com/b/filecab/archive/2014/04/24/work-folders-for-windows-7.aspx
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Server 2008 R2 standard guest license with Server 2008 R2 datacenter Host
Hello Experts,
I have Windows Server 2008 R2 Datacenter edition based server. Now I want to know that do I have to buy license to activate the guest OS in the VMs like for Server 2008 R2 standard edition, or I can use it for free like in the case of AVMA in server 2012 R2 as it has keys for essentials standard and datacenter edition of server 2012 that can be used with AVMA in order to activate the guest OS license for Free..
Thanks
This topic first appeared in the Spiceworks CommunityHello Experts,
I have Windows Server 2008 R2 Datacenter edition based server. Now I want to know that do I have to buy license to activate the guest OS in the VMs like for Server 2008 R2 standard edition, or I can use it for free like in the case of AVMA in server 2012 R2 as it has keys for essentials standard and datacenter edition of server 2012 that can be used with AVMA in order to activate the guest OS license for Free..
Thanks
This topic first appeared in the Spiceworks Community -
Error browsing SSAS 2008 cube on Windows 7 with SSMS 2008 R2 Client
I recently have upgraded to Windows 7 and SSMS 2008R2 and I'm trying to browse a cube through SSMS and I'm getting the following error below after connecting and trying to browse. I have verified that I have .Net 3.5 with SP1 installed. I also
was able to connect to the cube using Excel verifying that I'm able to authenticate and connect to the cube. One side note, I do have Office 2010 and I'm not sure how this plays into the equation.
TITLE: Microsoft SQL Server Management Studio
Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG))
BUTTONS:
OK
Big ErnHi,
Cube browser in 2008R2 still use OWC 11, so please check if you have installed the OWC11.
You can download via below link:
http://www.microsoft.com/downloads/details.aspx?FamilyID=7287252c-402e-4f72-97a5-e0fd290d4b76&displaylang=en
Another similar thread:
http://social.msdn.microsoft.com/Forums/en/sqlanalysisservices/thread/57bbbf6c-6a24-40d4-b0d1-a617f4dfae2d
Hope this helps,
Raymond -
Software Installation Processing Alerts - Group Policy Failures?
Hello,
I am getting several errors reported by SCOM Software Installation Processing alert
In the local event log I have:
Warning 9/15/2014 11:09:37 AM GroupPolicy 1112 None
Warning 9/15/2014 11:09:37 AM Application Management Group Policy 108 None
Error 9/15/2014 11:09:37 AM Application Management Group Policy 103 None
Warning 9/15/2014 11:09:37 AM Application Management Group Policy 101 None
with the details:
101 - The assignment of application SMS Client Setup Bootstrap from policy MITS Servers Software failed. The error was : %%1274
103 - The removal of the assignment of application SMS Client Setup Bootstrap from policy MITS Servers Software failed. The error was : %%2
108 - Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %%1274
1112 - The Group Policy Client Side Extension Software Installation was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
- Computer Configuration > Policies > Administrative Templates > System > Group Policy > Policy > Startup policy processing is enabled
what does exactly this means?
Thanks,
Dom
System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity ManagerHi,
Yes the packaged is installed.
Troubleshooting the issue deeper with http://support.microsoft.com/kb/249621/en-us is showing
Software installation extension has been called for background policy refresh
09-16 06:34:09:346
Software installation extension has been called for background policy refresh
The following policies are to be applied, flags are 11.
MITS Servers Software (unique identifier {E76FB561-E177-421D-AE43-109EADEAD751})
System volume path = \\ad.medctr.ucla.edu\sysvol\ad.medctr.ucla.edu\Policies\{E76FB561-E177-421D-AE43-109EADEAD751}\Machine
Active Directory path = LDAP://CN=Machine,cn={E76FB561-E177-421D-AE43-109EADEAD751},cn=policies,cn=system,DC=ad,DC=medctr,DC=ucla,DC=edu
Set the Active Directory path to LDAP://CN=Class Store,CN=Machine,cn={E76FB561-E177-421D-AE43-109EADEAD751},cn=policies,cn=system,DC=ad,DC=medctr,DC=ucla,DC=edu;.
Enumerating applications in the Active Directory for computer MSVROFAS2 with flags 5.
The following applications were found in policy MITS Servers Software.
Assigned application SMS Client Setup Bootstrap (flags a0044c70).
Found 1 applications in policy MITS Servers Software.
Enumerating the managed applications which are currently applied to this user.
No managed applications are currently applied to this user.
Found 0 applications locally that are not included in the set of applications from the Active Directory.
Application SMS Client Setup Bootstrap from policy MITS Servers Software is set for installation because it is assigned to this computer policy.
Software installation extension cannot perform removal or install operations during asynchronous policy refresh and will force a synchronous foreground refresh.
The assignment of application SMS Client Setup Bootstrap from policy MITS Servers Software failed. The error was : %1274
Removing application SMS Client Setup Bootstrap from the software installation database.
Calling Windows Installer to remove application advertisement for application SMS Client Setup Bootstrap from script C:\Windows\system32\appmgmt\MACHINE\{ecbf218d-0d04-4b00-a43e-91ba5c41d119}.aas.
Windows Installer cannot remove application advertisement for application SMS Client Setup Bootstrap from script C:\Windows\system32\appmgmt\MACHINE\{ecbf218d-0d04-4b00-a43e-91ba5c41d119}.aas, error 2.
The removal of the assignment of application SMS Client Setup Bootstrap from policy MITS Servers Software failed. The error was : %2
Policy Logging for Software Management is attempting to log application SMS Client Setup Bootstrap from policy MITS Servers Software.
Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %1274
Software installation extension has detected changes that require a synchronous foreground policy refresh.
Software installation extension returning with final error code 1274.
And this is happening hourly !!!
This is the current status...
Thanks,
Dom
System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager -
Server 2008 R2 does not show Internet Explorer 10/11 Group Policy options
Hello,
I have a Windows Server 2008 R2 server that has IE11 installed. I am attempting to create a GPO to control Proxy settings for IE10/11 clients, however, when I go to User Config>Preferences> Control Panel Settings> Internet Settings and Right click,
I do not see an option for IE10, only IE5 and 6, IE7, and IE8.
I have downloaded and installed the Administrative Templates for Internet Explorer from
here, and followed the installation instructions, but still, the option does not show up. I have ensured that all the latest Windows Updates are installed on the server, and rebooted
the server a couple times.
What am I missing here?
Thanks in advance.<meta content="text/html; charset=UTF-16" http-equiv="Content-Type" /><title>SFDN\testuser</title> <style type="text/css">body { background-color:#FFFFFF; border:1px solid #666666; color:#000000; font-size:68%;
font-family:MS Shell Dlg; margin:0,0,10px,0; word-break:normal; word-wrap:break-word; } table { font-size:100%; table-layout:fixed; width:100%; } td,th { overflow:visible; text-align:left; vertical-align:top; white-space:normal; } .title { background:#FFFFFF;
border:none; color:#333333; display:block; height:24px; margin:0px,0px,-1px,0px; padding-top:4px; ; table-layout:fixed; width:100%; z-index:5; } .he0_expanded { background-color:#FEF7D6; border:1px solid #BBBBBB; color:#3333CC; cursor:hand; display:block;
font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:0px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; ; width:100%; } .he1_expanded { background-color:#A0BACB; border:1px solid
#BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:20px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; ; width:100%; } .he1h_expanded
{ background-color: #7197B3; border: 1px solid #BBBBBB; color: #000000; cursor: hand; display: block; font-family: MS Shell Dlg; font-size: 100%; font-weight: bold; height: 2.25em; margin-bottom: -1px; margin-left: 10px; margin-right: 0px; padding-left: 8px;
padding-right: 5em; padding-top: 4px; ; width: 100%; } .he1 { background-color:#A0BACB; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:20px;
margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; ; width:100%; } .he2 { background-color:#C0D2DE; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em;
margin-bottom:-1px; margin-left:30px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; ; width:100%; } .he3 { background-color:#D9E3EA; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%;
font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:40px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; ; width:100%; } .he4 { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block;
font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:50px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; ; width:100%; } .he4h { background-color:#E8E8E8; border:1px solid #BBBBBB;
color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:55px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; ; width:100%; } .he4i { background-color:#F9F9F9;
border:1px solid #BBBBBB; color:#000000; display:block; font-family:MS Shell Dlg; font-size:100%; margin-bottom:-1px; margin-left:55px; margin-right:0px; padding-bottom:5px; padding-left:21px; padding-top:4px; ; width:100%; } .he5 { background-color:#E8E8E8;
border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:60px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; ;
width:100%; } .he5h { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; padding-right:5em; padding-top:4px; margin-bottom:-1px; margin-left:65px; margin-right:0px;
; width:100%; } .he5i { background-color:#F9F9F9; border:1px solid #BBBBBB; color:#000000; display:block; font-family:MS Shell Dlg; font-size:100%; margin-bottom:-1px; margin-left:65px; margin-right:0px; padding-left:21px; padding-bottom:5px; padding-top:
4px; ; width:100%; } DIV .expando { color:#000000; text-decoration:none; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:normal; ; right:10px; text-decoration:underline; z-index: 0; } .he0 .expando { font-size:100%; } .info, .info3, .info4,
.disalign { line-height:1.6em; padding:0px,0px,0px,0px; margin:0px,0px,0px,0px; } .disalign TD { padding-bottom:5px; padding-right:10px; } .info TD { padding-right:10px; width:50%; } .info3 TD { padding-right:10px; width:33%; } .info4 TD, .info4 TH { padding-right:10px;
width:25%; } .info TH, .info3 TH, .info4 TH, .disalign TH { border-bottom:1px solid #CCCCCC; padding-right:10px; } .subtable, .subtable3 { border:1px solid #CCCCCC; margin-left:0px; background:#FFFFFF; margin-bottom:10px; } .subtable TD, .subtable3 TD { padding-left:10px;
padding-right:5px; padding-top:3px; padding-bottom:3px; line-height:1.1em; width:10%; } .subtable TH, .subtable3 TH { border-bottom:1px solid #CCCCCC; font-weight:normal; padding-left:10px; line-height:1.6em; } .subtable .footnote { border-top:1px solid #CCCCCC;
} .subtable3 .footnote, .subtable .footnote { border-top:1px solid #CCCCCC; } .subtable_frame { background:#D9E3EA; border:1px solid #CCCCCC; margin-bottom:10px; margin-left:15px; } .subtable_frame TD { line-height:1.1em; padding-bottom:3px; padding-left:10px;
padding-right:15px; padding-top:3px; } .subtable_frame TH { border-bottom:1px solid #CCCCCC; font-weight:normal; padding-left:10px; line-height:1.6em; } .subtableInnerHead { border-bottom:1px solid #CCCCCC; border-top:1px solid #CCCCCC; } .explainlink { color:#000000;
text-decoration:none; cursor:hand; } .explainlink:hover { color:#0000FF; text-decoration:underline; } .spacer { background:transparent; border:1px solid #BBBBBB; color:#FFFFFF; display:block; font-family:MS Shell Dlg; font-size:100%; height:10px; margin-bottom:-1px;
margin-left:43px; margin-right:0px; padding-top: 4px; ; } .filler { background:transparent; border:none; color:#FFFFFF; display:block; font:100% MS Shell Dlg; line-height:8px; margin-bottom:-1px; margin-left:53px; margin-right:0px; padding-top:4px; ; } .container
{ display:block; ; } .rsopheader { background-color:#A0BACB; border-bottom:1px solid black; color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-bottom:5px; text-align:center; } .rsopname { color:#333333; font-family:MS Shell
Dlg; font-size:130%; font-weight:bold; padding-left:11px; } .gponame{ color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-left:11px; } .gpotype{ color:#333333; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; padding-left:11px;
} #uri { color:#333333; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; } #dtstamp{ color:#333333; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; text-align:left; width:30%; } #objshowhide { color:#000000; cursor:hand; font-family:MS
Shell Dlg; font-size:100%; font-weight:bold; margin-right:0px; padding-right:10px; text-align:right; text-decoration:underline; z-index:2; word-wrap:normal; } #gposummary { display:block; } #gpoinformation { display:block; } @media print { #objshowhide{ display:none;
} body { color:#000000; border:1px solid #000000; } .title { color:#000000; border:1px solid #000000; } .he0_expanded { color:#000000; border:1px solid #000000; } .he1h_expanded { color:#000000; border:1px solid #000000; } .he1_expanded { color:#000000; border:1px
solid #000000; } .he1 { color:#000000; border:1px solid #000000; } .he2 { color:#000000; background:#EEEEEE; border:1px solid #000000; } .he3 { color:#000000; border:1px solid #000000; } .he4 { color:#000000; border:1px solid #000000; } .he4h { color:#000000;
border:1px solid #000000; } .he4i { color:#000000; border:1px solid #000000; } .he5 { color:#000000; border:1px solid #000000; } .he5h { color:#000000; border:1px solid #000000; } .he5i { color:#000000; border:1px solid #000000; } } v\:* {behavior:url(#default#VML);}
</style> <script language="vbscript"> <!-- '================================================================================ ' String "strShowHide(0/1)" ' 0 = Hide all mode. ' 1 = Show all mode. strShowHide = 1 'Localized
strings strShow = "show" strHide = "hide" strShowAll = "show all" strHideAll = "hide all" strShown = "shown" strHidden = "hidden" strExpandoNumPixelsFromEdge = "10px" Function IsSectionHeader(obj)
IsSectionHeader = (obj.className = "he0_expanded") Or (obj.className = "he1h_expanded") Or (obj.className = "he1_expanded") Or (obj.className = "he1") Or (obj.className = "he2") Or (obj.className = "he3")
Or (obj.className = "he4") Or (obj.className = "he4h") Or (obj.className = "he5") Or (obj.className = "he5h") End Function Function IsSectionExpandedByDefault(objHeader) IsSectionExpandedByDefault = (Right(objHeader.className,
Len("_expanded")) = "_expanded") End Function ' strState must be show | hide | toggle Sub SetSectionState(objHeader, strState) ' Get the container object for the section. It's the first one after the header obj. i = objHeader.sourceIndex
Set all = objHeader.parentElement.document.all While (all(i).className <> "container") i = i + 1 Wend Set objContainer = all(i) If strState = "toggle" Then If objContainer.style.display = "none" Then SetSectionState
objHeader, "show" Else SetSectionState objHeader, "hide" End If Else Set objExpando = objHeader.children.item(1) If strState = "show" Then objContainer.style.display = "block" objExpando.innerText = strHide ElseIf strState
= "hide" Then objContainer.style.display = "none" objExpando.innerText = strShow End If End If End Sub Sub ShowSection(objHeader) SetSectionState objHeader, "show" End Sub Sub HideSection(objHeader) SetSectionState objHeader,
"hide" End Sub Sub ToggleSection(objHeader) SetSectionState objHeader, "toggle" End Sub '================================================================================ ' When user clicks anywhere in the document body, determine if user
is clicking ' on a header element. '================================================================================ Function document_onclick() Set strsrc = window.event.srcElement While (strsrc.className = "sectionTitle" Or strsrc.className = "expando"
Or strsrc.className = "vmlimage") Set strsrc = strsrc.parentElement Wend ' Only handle clicks on headers. If Not IsSectionHeader(strsrc) Then Exit Function ToggleSection strsrc window.event.returnValue = False End Function '================================================================================
' link at the top of the page to collapse/expand all collapsable elements '================================================================================ Function objshowhide_onClick() Set objBody = document.body.all Select Case strShowHide Case 0 strShowHide
= 1 objshowhide.innerText = strShowAll For Each obji In objBody If IsSectionHeader(obji) Then HideSection obji End If Next Case 1 strShowHide = 0 objshowhide.innerText = strHideAll For Each obji In objBody If IsSectionHeader(obji) Then ShowSection obji End
If Next End Select End Function '================================================================================ ' onload collapse all except the first two levels of headers (he0, he1) '================================================================================
Function window_onload() ' Only initialize once. The UI may reinsert a report into the webbrowser control, ' firing onLoad multiple times. If UCase(document.documentElement.getAttribute("gpmc_reportInitialized")) <> "TRUE" Then '
Set text direction Call fDetDir(UCase(document.dir)) ' Initialize sections to default expanded/collapsed state. Set objBody = document.body.all For Each obji in objBody If IsSectionHeader(obji) Then If IsSectionExpandedByDefault(obji) Then ShowSection obji
Else HideSection obji End If End If Next objshowhide.innerText = strShowAll document.documentElement.setAttribute "gpmc_reportInitialized", "true" End If End Function '================================================================================
' When direction (LTR/RTL) changes, change adjust for readability '================================================================================ Function document_onPropertyChange() If window.event.propertyName = "dir" Then Call fDetDir(UCase(document.dir))
End If End Function Function fDetDir(strDir) strDir = UCase(strDir) Select Case strDir Case "LTR" Set colRules = document.styleSheets(0).rules For i = 0 To colRules.length -1 Set nug = colRules.item(i) strClass = nug.selectorText If nug.style.textAlign
= "right" Then nug.style.textAlign = "left" End If Select Case strClass Case "DIV .expando" nug.style.Left = "" nug.style.right = strExpandoNumPixelsFromEdge Case "#objshowhide" nug.style.textAlign = "right"
End Select Next Case "RTL" Set colRules = document.styleSheets(0).rules For i = 0 To colRules.length -1 Set nug = colRules.item(i) strClass = nug.selectorText If nug.style.textAlign = "left" Then nug.style.textAlign = "right"
End If Select Case strClass Case "DIV .expando" nug.style.Left = strExpandoNumPixelsFromEdge nug.style.right = "" Case "#objshowhide" nug.style.textAlign = "left" End Select Next End Select End Function '================================================================================
'When printing reports, if a given section is expanded, let's says "shown" (instead of "hide" in the UI). '================================================================================ Function window_onbeforeprint() For Each obji In
document.all If obji.className = "expando" Then If obji.innerText = strHide Then obji.innerText = strShown If obji.innerText = strShow Then obji.innerText = strHidden End If Next End Function '================================================================================
'If a section is collapsed, change to "hidden" in the printout (instead of "show"). '================================================================================ Function window_onafterprint() For Each obji In document.all If obji.className
= "expando" Then If obji.innerText = strShown Then obji.innerText = strHide If obji.innerText = strHidden Then obji.innerText = strShow End If Next End Function '================================================================================ ' Adding
keypress support for accessibility '================================================================================ Function document_onKeyPress() If window.event.keyCode = "32" Or window.event.keyCode = "13" Or window.event.keyCode =
"10" Then 'space bar (32) or carriage return (13) or line feed (10) If window.event.srcElement.className = "expando" Then Call document_onclick() : window.event.returnValue = false If window.event.srcElement.className = "sectionTitle"
Then Call document_onclick() : window.event.returnValue = false If window.event.srcElement.id = "objshowhide" Then Call objshowhide_onClick() : window.event.returnValue = false End If End Function --> </script> <script language="javascript">
<!-- function getExplainWindowTitle() { return document.getElementById("explainText_windowTitle").innerHTML; } function getExplainWindowStyles() { return document.getElementById("explainText_windowStyles").innerHTML; } function getExplainWindowSettingPathLabel()
{ return document.getElementById("explainText_settingPathLabel").innerHTML; } function getExplainWindowExplainTextLabel() { return document.getElementById("explainText_explainTextLabel").innerHTML; } function getExplainWindowPrintButton()
{ return document.getElementById("explainText_printButton").innerHTML; } function getExplainWindowCloseButton() { return document.getElementById("explainText_closeButton").innerHTML; } function getNoExplainTextAvailable() { return document.getElementById("explainText_noExplainTextAvailable").innerHTML;
} function getExplainWindowSupportedLabel() { return document.getElementById("explainText_supportedLabel").innerHTML; } function getNoSupportedTextAvailable() { return document.getElementById("explainText_noSupportedTextAvailable").innerHTML;
} function showExplainText(srcElement) { var strSettingName = srcElement.getAttribute("gpmc_settingName"); var strSettingPath = srcElement.getAttribute("gpmc_settingPath"); var strSettingDescription = srcElement.getAttribute("gpmc_settingDescription");
if (strSettingDescription == "") { strSettingDescription = getNoExplainTextAvailable(); } var strSupported = srcElement.getAttribute("gpmc_supported"); if (strSupported == "") { strSupported = getNoSupportedTextAvailable(); }
var strHtml = "<html>\n"; strHtml += "<head>\n"; strHtml += "<title>" + getExplainWindowTitle() + "</title>\n"; strHtml += "<style type='text/css'>\n" +
getExplainWindowStyles() + "</style>\n"; strHtml += "</head>\n"; strHtml += "<body>\n"; strHtml += "<div class='head'>" + strSettingName +"</div>\n"; strHtml
+= "<div class='path'><b>" + getExplainWindowSettingPathLabel() + "</b><br/>" + strSettingPath +"</div>\n"; strHtml += "<div class='path'><b>" + getExplainWindowSupportedLabel()
+ "</b><br/>" + strSupported +"</div>\n"; strHtml += "<div class='info'>\n"; strHtml += "<div class='hdr'>" + getExplainWindowExplainTextLabel() + "</div>\n";
strHtml += "<div class='bdy'>" + strSettingDescription + "</div>\n"; strHtml += "<div class='btn'>"; strHtml += getExplainWindowPrintButton(); strHtml += getExplainWindowCloseButton();
strHtml += "</div></body></html>"; var strDiagArgs = "height=360px, width=630px, status=no, toolbar=no, scrollbars=yes, resizable=yes "; var expWin = window.open("", "expWin", strDiagArgs); expWin.document.write("");
expWin.document.close(); expWin.document.write(strHtml); expWin.document.close(); expWin.focus(); //cancels navigation for IE. if(navigator.userAgent.indexOf("MSIE") > 0) { window.event.returnValue = false; } return false; } --> </script>
Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS
Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding- height:24px; } .path { margin- margin- margin-bottom:5px;width:100%; } .info { padding-width:100%; } table { font-size:100%; width:100%; border:1px solid #999999;
} th { border-bottom:1px solid #999999; text-align:left; padding- height:24px; } td { background:#FFFFFF; padding- padding-bottom:10px; padding- } .btn { width:100%; text-align:right; margin- } .hdr { font-weight:bold; border:1px solid #999999; text-align:left;
padding- padding- height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; background:#FFFFFF; padding- padding-bottom:10px; padding- border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS
Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
<button accesskey="P" name="Print" onclick="window.print()">Print</button>
<button accesskey="C" name="Close" onclick="window.close()">Close</button>
No explanation is available for this setting.
Supported On:
Not available
Group Policy Results
SFDN\testuser
Data collected on: 12/14/2014 1:00:12 PM
Summary
Computer Configuration Summary
No data available.
User Configuration Summary
General
User name
SFDN\testuser
Domain
SFD.local
Last time Group Policy was processed
12/14/2014 12:59:22 PM
Group Policy Objects
Applied GPOs
Name
Link Location
Revision
Local Group Policy
Local
AD (1), Sysvol (1)
Default Domain Policy
SFD.local
AD (6), Sysvol (6)
Test
SFD.local/SFD-Restricted-Users
AD (10), Sysvol (10)
Limit Downloads
SFD.local/SFD-Restricted-Users
AD (2), Sysvol (2)
SFD Restricted Users
SFD.local/SFD-Restricted-Users
AD (59), Sysvol (59)
Denied GPOs
Name
Link Location
Reason Denied
None
Security Group Membership when Group Policy was applied
SFDN\Domain Users
Everyone
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
NT AUTHORITY\This Organization
LOCAL
Mandatory Label\Medium Mandatory Level
WMI Filters
Name
Value
Reference GPO(s)
None
Component Status <v:group alt="Warning" class="vmlimage" coordsize="100,100" style="width:15px;height:15px;vertical-align:middle;"><v:shape class="vmlimage" fillcolor="yellow"
strokecolor="yellow" style="width:100;height:100;"><v:path v="m 50,0 l 0,99 99,99 x e"></v:path></v:shape> <v:rect class="vmlimage" fillcolor="black" strokecolor="black" style="width:10;height:35;"></v:rect>
<v:rect class="vmlimage" fillcolor="black" strokecolor="black" style="width:10;height:5;"></v:rect> </v:group>
Component Name
Status
Last Process Time
Group Policy Infrastructure
Success
12/14/2014 12:59:46 PM
Folder Redirection
Failed
12/14/2014 12:59:46 PM
Folder Redirection failed due to the error listed below.
Cannot complete this function.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 12/14/2014 12:59:23 PM and 12/14/2014 12:59:46 PM.
Group Policy Internet Settings
Success
12/14/2014 12:59:46 PM
Registry
Success
12/12/2014 10:28:23 AM
Computer Configuration
No data available.
User Configuration
Policies
Windows Settings
Security Settings
Software Restriction Policies
Winning GPO
SFD Restricted Users
Enforcement
Policy
Setting
Apply software restriction policies to the following
All software files except libraries (such as DLLs)
Apply software restriction policies to the following users
All users
When applying software restriction policies
Ignore certificate rules
Designated File Types
File Extension
File Type
ADE
Microsoft Access Project Extension
ADP
Microsoft Access Project
BAS
BAS File
BAT
Windows Batch File
CHM
Compiled HTML Help file
CMD
Windows Command Script
COM
MS-DOS Application
CPL
Control panel item
CRT
Security Certificate
EXE
Application
HLP
Help file
HTA
HTML Application
INF
Setup Information
INS
INS File
ISP
ISP File
LNK
Shortcut
MDB
Microsoft Access Database
MDE
Microsoft Access MDE Database
MSC
Microsoft Common Console Document
MSI
Windows Installer Package
MSP
Windows Installer Patch
MST
MST File
OCX
ActiveX control
PCD
PCD File
PIF
Shortcut to MS-DOS Program
REG
Registration Entries
SCR
Screen saver
SHS
SHS File
URL
Internet Shortcut
VB
VB File
WSC
Windows Script Component
Trusted Publishers
Trusted publisher management
Allow all administrators and users to manage user's own Trusted Publishers
Certificate verification
None
Software Restriction Policies/Security Levels
Policy
Setting
Winning GPO
Default Security Level
Unrestricted
SFD Restricted Users
Software Restriction Policies/Additional Rules
Path Rules
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security Level
Unrestricted
Description
Date last modified
9/30/2011 12:34:27 PM
Winning GPO
SFD Restricted Users
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security Level
Unrestricted
Description
Date last modified
9/30/2011 12:34:27 PM
Winning GPO
SFD Restricted Users
Administrative Templates
Policy definitions (ADMX files) retrieved from the local machine.
Control Panel
Policy
Setting
Winning GPO
Network/Network Connections
Policy
Setting
Winning GPO
This setting determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to users.
If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled for all users, and users cannot open the Local Area Connection Properties dialog box.
Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
If you disable this setting or do not configure it, a Properties menu item appears when users right-click the icon representing a LAN connection. Also, when users select the connection, Properties is enabled on the File menu.
Note: This setting takes precedence over settings that manipulate the availability of features inside the Local Area Connection Properties dialog box. If this setting is enabled, nothing within the properties dialog box for a LAN connection is available to
users.
Note: Nonadministrators have the right to view the properties dialog box for a connection but not to make changes, regardless of this setting." gpmc_settingname="Prohibit access to properties of a LAN connection" gpmc_settingpath="User Configuration/Administrative
Templates/Network/Network Connections" gpmc_supported="At least Windows 2000 Service Pack 1" href="javascript:void();" onclick="javascript:showExplainText(this); return false;">Prohibit access to properties of a LAN connection
Enabled
SFD Restricted Users
If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the check boxes for enabling and disabling components are disabled. As a result, administrators cannot enable or disable the components that
a connection uses.
Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
If you disable this setting or do not configure it, the Properties dialog box for a connection includes a check box beside the name of each component that the connection uses. Selecting the check box enables the component, and clearing the check box disables
the component.
Note: When the "Prohibit access to properties of a LAN connection" setting is enabled, users are blocked from accessing the check boxes for enabling and disabling the components of a LAN connection.
Note: Nonadministrators are already prohibited from enabling or disabling components for a LAN connection, regardless of this setting." gpmc_settingname="Prohibit Enabling/Disabling components of a LAN connection" gpmc_settingpath="User
Configuration/Administrative Templates/Network/Network Connections" gpmc_supported="Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only" href="javascript:void();" onclick="javascript:showExplainText(this);
return false;">Prohibit Enabling/Disabling components of a LAN connection
Enabled
SFD Restricted Users
Windows Components/Internet Explorer
Policy
Setting
Winning GPO
If you enable this policy setting, the user will not be able to configure proxy settings.
If you disable or do not configure this policy setting, the user can configure proxy settings." gpmc_settingname="Prevent changing proxy settings" gpmc_settingpath="User Configuration/Administrative Templates/Windows Components/Internet
Explorer" gpmc_supported="At least Internet Explorer 5.0" href="javascript:void();" onclick="javascript:showExplainText(this); return false;">Prevent changing proxy settings
Enabled
SFD Restricted Users
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone
Policy
Setting
Winning GPO
Allow file downloads
Disable
Extra Registry Settings
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.
Setting
State
Winning GPO
Software\Policies\Microsoft\office\14.0\outlook\ForceOSTPath
P:\My Documents\Outlook Files
SFD Restricted Users
Software\Policies\Microsoft\office\14.0\outlook\ForcePSTPath
P:\My Documents\Outlook Files
SFD Restricted Users -
I get a Group Policy Disk Quota failure at every system start
This is very long, my apologies
I asked this question about a month ago and then had some medical problems so I'm starting over again.
Whenever I start my system I get a message on the screen that the system is trying to run Group Policy for Disk Quotas. To my knowledge I've never set a disk quota policy and I can't find any indication that one is currently set. I freely admit
that I could be responsible for this. I might have done something in the early days of the system because it wasn't happening for the first month or two.
This time I did more reading and found a procedure on TechNet at:
"http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx" which led me step by step through the procedure, although I still can't make sense of the results.
So far I've verified that there are no policies set and that all the hard drives (3) have the Disk Quota bit 'disabled'. I did this as 'Administrator'.
The results from the TechNet procedure turned out to be quite long but I'm listing it here in hope that someone in the community will be familiar with this problem and be able to use the information to figure out the problem.
Here are the results:
From: TechNet Group Policy Testing
( "http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx" )
1 - Troubleshooting using the Group Policy operational log
a - Determine the instance of Group Policy processing
(Before you view the Group Policy operational log, you must first determine
the instance of Group Policy processing that failed.)
My ActivityID from the Group Policy operational log = C87E5BC2-FD21-4794-B678-787AB587D8D5
2 - Create a custom view, via a query, of the Group Policy instance
My resultant query:
<QueryList><Query Id="0" Path="Application"><Select Path="Microsoft-Windows-GroupPolicy/Operational">*[System/Correlation/@ActivityID='{C87E5BC2-FD21-4794-B678-787AB587D8D5}']</Select></Query></QueryList>
3 - Results of running the query from step 2 are listed below, in chronological order, including the complete 'detail' sections from each event.
event 4000
Event Description(s) = Computer startup
BEGIN DETAIL SECTION-----------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 4000
Version 1
Level 4
Task 0
Opcode 1
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:29:33.598400000Z
EventRecordID 22707
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
PolicyActivityId {C87E5BC2-FD21-4794-B678-787AB587D8D5}
PrincipalSamName WORKGROUP\GROK$
IsMachine 1
IsDomainJoined false
IsBackgroundProcessing false
IsAsyncProcessing false
IsServiceRestart false
ReasonForSyncProcessing 2
END DETAIL SECTION-------------------------------------------------------------------------------
event 5320
Event Description(s) = Checking for Group Policy client extensions that are not part of the system.
Event Description(s) = Service configuration update to standalone is not required and will be skipped.
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 5320
Version 0
Level 4
Task 0
Opcode 0
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:29:33.614000000Z
EventRecordID 22711
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
InfoDescription %%4161
END DETAIL SECTION-------------------------------------------------------------------------------
event 5313
Event Description(s) = The following Group Policy objects were not applicable because they were filtered out :
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 5313
Version 0
Level 4
Task 0
Opcode 0
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:29:33.614000000Z
EventRecordID 22710
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
DescriptionString None
GPOInfoList
END DETAIL SECTION-------------------------------------------------------------------------------
event 5311
Event Description(s) = The loopback policy processing mode is "No loopback mode".
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 5311
Version 0
Level 4
Task 0
Opcode 0
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:29:33.614000000Z
EventRecordID 22708
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
PolicyProcessingMode 0
END DETAIL SECTION-------------------------------------------------------------------------------
event 5312
Event Description(s) = List of applicable Group Policy objects:
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 5312
Version 0
Level 4
Task 0
Opcode 0
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:29:33.614000000Z
EventRecordID 22709
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
DescriptionString Local Group Policy
GPOInfoList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name><Version>524296</Version><SOM>Local</SOM><FSPath>C:\Windows\System32\GroupPolicy\Machine</FSPath><Extensions>[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{3610EDA5-77EF-11D2-8DC5-00C04FA31A66}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{F3CCC681-B74C-4060-9F26-CD84525DCA2A}{0F3F3735-573D-9804-99E4-AB2A69BA5FD4}]</Extensions></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 4016
Event Description(s) = Starting Microsoft Disk Quota Extension Processing.
Event Description(s) = List of applicable Group Policy objects: (Changes were detected.)
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 4016
Version 0
Level 4
Task 0
Opcode 1
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:29:33.614000000Z
EventRecordID 22714
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
CSEExtensionId {3610EDA5-77EF-11D2-8DC5-00C04FA31A66}
CSEExtensionName Microsoft Disk Quota
IsExtensionAsyncProcessing false
IsGPOListChanged true
GPOListStatusString %%4102
DescriptionString Local Group Policy
ApplicableGPOList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 5320
Event Description(s) = Finished checking for non-system extensions.
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 5320
Version 0
Level 4
Task 0
Opcode 0
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:29:33.614000000Z
EventRecordID 22713
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
InfoDescription %%4165
END DETAIL SECTION-------------------------------------------------------------------------------
event 4016
Event Description(s) = Starting Audit Policy Configuration Extension Processing.
Event Description(s) = List of applicable Group Policy objects: (No changes were detected.)
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 4016
Version 0
Level 4
Task 0
Opcode 1
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:31:21.987200000Z
EventRecordID 22718
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
CSEExtensionId {F3CCC681-B74C-4060-9F26-CD84525DCA2A}
CSEExtensionName Audit Policy Configuration
IsExtensionAsyncProcessing true
IsGPOListChanged false
GPOListStatusString %%4101
DescriptionString Local Group Policy
ApplicableGPOList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 7016
Event Description(s) = Completed Microsoft Disk Quota Extension Processing in 108374 milliseconds.
BEGIN DETAIL SECTION-------------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 7016
Version 0
Level 2
Task 0
Opcode 2
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:31:21.987200000Z
EventRecordID 22717
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
CSEElaspedTimeInMilliSeconds 108374
ErrorCode 2147942402
CSEExtensionName Microsoft Disk Quota
CSEExtensionId {3610EDA5-77EF-11D2-8DC5-00C04FA31A66}
END DETAIL SECTION-----------------------------------------------------------------------------------------
event 5016
Event Description(s) = Completed Microsoft Disk Quota Extension Processing in 108374 milliseconds.
BEGIN DETAIL SECTION----------------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 5016
Version 0
Level 4
Task 0
Opcode 2
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:31:22.314800000Z
EventRecordID 22720
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
CSEElaspedTimeInMilliSeconds 312
ErrorCode 2147483658
CSEExtensionName Audit Policy Configuration
CSEExtensionId {F3CCC681-B74C-4060-9F26-CD84525DCA2A}
END DETAIL SECTION-----------------------------------------------------------------------------------------
Event 8000
Event Description(s) = Completed computer boot policy processing for WORKGROUP\GROK$ in 108 seconds.
BEGIN DETAIL SECTION----------------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 8000
Version 1
Level 4
Task 0
Opcode 2
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:31:22.330400000Z
EventRecordID 22721
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
PolicyElaspedTimeInSeconds 108
ErrorCode 0
PrincipalSamName WORKGROUP\GROK$
IsMachine 1
IsConnectivityFailure false
END DETAIL SECTION-----------------------------------------------------------------------------------------
End of results.
Thanks to all,
wegrok
Win7 Ultimate x64, 8 GB ram, AMD Phenom 9950 Quad-proc @2.6Ghz, HD = 1TB ASUS M4N72-E mobo, Video = NVIDIA GeForce 8800 GT w/ Dell 2407 Digital Monitor -------------------------------------------------------------------------------------------------------Did you ever have luck tracking this down? Im getting this error and have no clue where it is coming from. I have not enabled gp disk quotas, but I do have a network share on a domain member server that has quotas attached to each users folder.
I removed the quotas and still get this error when I manually perform a gpupdate. -
Request for Sticky #2 - Advanced Group Policy Troubleshooting Help
GPOMG!
Group Policy driving you crazy? Here are some advanced troubleshooting tools (beyond RSOP, GPRESULT, etc.) that may be helpful. For first level troubleshooting, check out this link:
http://technet.microsoft.com/en-us/library/cc787386(v=WS.10).aspx
EVENT VIEWER (NEW & IMPROVED!)
Event viewer in Windows 7 has more detail about Group Policy. Start your event viewer (may need to run as an admin. account). Navigate to:
Applications and Services Logs>Microsoft>Windows>GroupPolicy>Operational
Here you will find events that are related to Group Policy processing. You can determine how long it takes to run the various pieces of your particular GP as well as diagnostic information that can be very helpful when trying to figure out what is happening
with GP.
http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx
Events 4016 and 5016 show the start and end of processing of groups of policies, including how long it took to apply each one in the end event.
Event 5312 shows policies that will be applied, and 5317 shows policies that are explicitly filtered out.
Events 8000 and 8001 respectively show the total processing time for computer boot and user boot GP processing, and 8006 and 8007 show the same for interim/periodic GP processing.
GPLOGVIEW TOOL
A similar tool is called GPLOGVIEW. You must run this from the elevated command prompt. It will produce a XML, HTML, or simple text file of the GP events for export and review. You can even do a live monitor while you run GPUPDATE /force.
http://technet.microsoft.com/en-us/magazine/dd315424.aspx
GPSVR/GPSVC LOG FILE
If the normal tricks above don’t provide you with enough information, this should do it! There is a service called
GPSVR that gives you everything you ever wanted to know about Group Policy running on your workstation. Here is how to get more information from the GPSVR service in Windows 2008/Visa/Win 7.
Step 1: Enable logging in the Gpsvc.log file. To enable logging in the Gpsvc.log file, follow these steps:
Click Start, click Run, type regedit, and then click OK (might want to backup your registry first).
Make sure that you have the folder %windir%\debug\usermode, if the usermode folder is not there, then manually create it.
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
On the Edit menu, point to New, and then click Key.
Type Diagnostics, and then press ENTER.
Right-click the Diagnostics subkey, point to New, and then click DWORD Value.
Type GPSvcDebugLevel, and then press ENTER.
Right-click GPSvcDebugLevel, and then click Modify.
In the Value data box, type 30002 (as hex), and then click OK.
Exit Registry Editor.
Reboot machine.
At a command prompt, type the following command, and then press ENTER: gpupdate /force
You will find the Gpsvc.log file in the following folder: %windir%\debug\usermode
Step 2: I use Notepad ++ to analyze this log file. It can help you troubleshoot, step, by step what GP is doing as your workstation/user is getting logged in. Timing, access/permission issues, SID information and more are all included
in this log file.
Step 3: When you are done, change the value of HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics|GPSvcDebugLevel to 0x00000000 to disable the debug log or else it will continue to grow.
Charlie NewmanHi,
I have posted an MST file which fixes this and other issues to the following thread here:
http://forums.adobe.com/message/2697135#2697135
Please post any feedback to that thread!
Kind regards,
Chris Hill
Maybe you are looking for
-
I am involved in a lot of works of handling thousands of photos (digital/scanned, B/W as well as color, of different ages: I have to treat images from '30s) and in my workflow (Bridge-Camera Raw-PSHP) I have a lot of repetitive actions to take. One v
-
How to suppress an Image based on a report?
Hello I have some images which are signatures( at least 5) and I would like to suppress them if some conditions are meet. For example I have some variables set like this below StringVar vName1; StringVar vName2; StringVar vName3;; StringVar v
-
Select Multiple accounts with multiple corresponding departments values
I have a table with several account numbers that have corresponding department ID, and I am trying to select multiple specific accounts who have data in multiple specific department ID's. This is where I started. select * table1 a, table1 b, table1 c
-
I am trying to access the Air Force Web sites. I used to be able to access my web mail. Now, I can't even get there. I can access no web sites, despite MAC saying that they should be accessible as native. Any ideas?
-
Vista Service Pack 2 will not install
I have tried everything that I have found on Google and nothing has worked. Called Lenovo...........told to check Documents 66956 and 72758. I did that and updated the ThinkVantage software then installing SP2 as told by tech support.............NO