Group Policy

My Computer comes up with This program is blocked by group policy. For more info contact your system administrator. What do I need to do to get rid of this and be able to download? Thanks

Bjoralemon,
It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at http://support.novell.com in both the "free product support" and "paid product support" drop down boxes.
- You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/

Similar Messages

The Group Policy Client service failed the sign-in The universal unique identifier (UUID) type is not supported

Hi guys,
we created a custom WIM Image (Windows 8 Enterprise) with MDT 2012.
Sysprept the Image, Deployed via SCCM 2012 SP1.
Computers are Domainjoined. Error with standard Domain User.
On some computers (not every computer) and not with every user on the first logon following error message arises:
The Group Policy Client service failed the sign-in The universal unique identifier (UUID) type is not supported
It works, when you log in a second time but this error isn't very nice.
Is there a solution for that?
Kind Regards
Martin

Hi,
The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. This issue can be caused by various reasons based on the computer environment.
Can you find any information in event log about this issue?
Here is the related blog in which the steps can solve most of such issues if the issue continuously happen.
http://blogs.msdn.com/b/moiqubal/archive/2012/03/04/how-to-fix-quot-the-group-policy-client-service-failed-the-logon-access-denied-quot-error.aspx
Also, you can refer to the similar thread about this issue:
http://social.technet.microsoft.com/Forums/en-US/4a644219-50ee-494d-b965-e64a8555109e/the-group-policy-client-service-failed-the-signin-the-universal-unique-identifier-uuid-type-is
Since this issue can be related to SCCM, to better help you, please submit a new thread for further help:
https://social.technet.microsoft.com/Forums/en-US/home?category=systemcenter2012configurationmanager
Hope these could be helpful.
Kate Li
TechNet Community Support

Deploying Creative Cloud for Teams via Group Policy

Good afternoon, we are trying to deploy our Creative Cloud for Teams products. Our ideal situation would be where we are able to deploy the Creative Cloud Software (e.g. including Photoshop, InDesign, Illustrator, etc) using Group Policy, then assign the respective user licenses using the Management Console. This would send out the email to the applicable user for them to create and Adobe ID, and use the software that has been installed. However, we are able to install the software using Group Policy Deployment using the msi created using the Creative Cloud Packager, but any user is able to use the software on the PC, not just the person who has been assigned the licence via the console email. Is anyone else successfully deploying in this way?
Kind regards
Mel

Team license links that may help
-team plans https://creative.adobe.com/plans?plan=team
-http://www.adobe.com/creativecloud/buy/business.html
-https://helpx.adobe.com/contact/creative-cloud-teams.html for Team help
-manage your team account http://forums.adobe.com/thread/1460939?tstart=0
-Team Installer http://forums.adobe.com/thread/1363686?tstart=0

Outlook 2013 - wrap text group policy applied, not working with or without digital signature

Hello,
I'm adding group policies to apply on our new installations of Windows 8.1 with Office 2013. One of the settings being applied is enforcing plain text emails and wrapping text at a certain number of characters. Policies are being added using the Outlook
2013 admx.
When I check the options inside Outlook 2013 the group policy did apply successfully (File, Options, Mail, scroll down to Message Format) The option to "Automatically wrap text at character:" is set to 132 and not adjustable as it should be.
In the group policy I have it set to wrap at 132 characters, but when I go to a client machine and send a digitally signed email, it wraps at the default 76 characters. This makes for very annoying short blocky emails and multi-line hyperlinks.
If I do not digitally sign the email then the text doesn't wrap at all! (until it meets the end of the window). So under no circumstances is it wrapping at 132 where it's supposed to.
Thanks,
-Nick

Hi,
What is your account type in Outlook? Exchange or others?
Please also let me know the email format that you are sending, Plain Text, HTML or Rich Text Format.
You can try sending the same emails in Outlook Safe Mode:
Press Win + R and type “outlook.exe /safe” in the blank box, then press Enter.
If there’s no problem in Safe Mode, disable the suspicious add-ins to verify which add-ins caused this issue.
Thanks,
Melon Chen
Forum Support
Come back and mark the replies as answers if they help and unmark them if they provide no help.
If you have any feedback on our support, please click
here

Issue with GPO "WSE Group Policy Password Synchronization"

When I started my migration of SBS2011 to 2012r2 with essentials service I noticed this GPO appear which I assume is for passwords to be synced to the cloud however when I implemented group policy from essentials the dashboard crashed and the typical
GPO's that it creates weren't there and only the folder-redirection was present it was also blank so I deleted it (I didnt delete the GPO "WSE Group Policy Password Synchronization" )
I then re-launched the dashboard and ran through the process again, it worked what a treat! except the GPO for "WSE Group Policy Password Synchronization"
appears to be blank, I remember it pointing to a ps file but I dont know what ps file and how to recreate it, along with to confirm what it does. Sadly I have no GPO backup to go back to.
any help on this would be much appreciated
Cheers

Hi,
à
however when I implemented group policy from essentials the dashboard crashed
Based on your description, I understand that Dashboard crashed when implemented group policies (some WSE Group
Policy).
àthe typical
GPO's that it creates weren't there and only the folder-redirection was present it was also blank so I deleted it (I didnt delete the GPO "WSE Group Policy Password Synchronization")
Did you mean that deleted the ‘WSE Group Policy Folder Redirection’? Would you please let me know whether do
any operation for the ‘WSE Group Policy Password Synchronization’? Meanwhile, please check if other WSE Group Policy also was
No Settings defined in Settings tab (as your ‘WSE Group Policy Password Synchronization’ picture showed).
àSadly I have
no GPO backup to go back to.
Please start a BPA scan and check if find relevant issue. If no GPO backup, it seems that not be able to help
us to restore group policy objects. By the way, did you have a Full server backup?
If anything I misunderstand or any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu

Issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login

issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login

issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login

How do I setup Active Directory and Group Policy on Windows Server 2012?

I work for a school district that uses a Windows 2012 server with about 400 Windows 7 PCs and 150 Mac PCs. We are set up with Roaming Profiles on the PCs and would like to be able to setup Active Directory, Group Policy, and Roaming Profiles on our macs. (We also have a mac server that they are using as a file server only) As we are a school, our funds are very low. Now for the questions...
Is there a software that allow us to accomplish this?
Is there a free solution or a very reduced price option to do this?
I heard that http://www.centrify.com/products/mac-edition.asp may accomplish this and I read something about it on here but didn't know if this is what I was really trying to do becuase it was marked as "The Golden Triangle" and did not mention Raoming Profiles. This is the link though: https://discussions.apple.com/message/17200059#17200059
Any help would be greatly appreciated.

The above reply does not take into account that I am trying to use GROUP POLICY EDITOR to make it the default browser.

Group Policy Guru? Group Policy and Windows 7 erratic and inconsistant.

(*If you don't feel like reading everything, skip to the bottom two paragraphs for my questions)
I've had a premier call open with MS since August. This week I had a Microsoft Technician in-house. Though we eliminated some possibilities, we're not really closer to a cause or solution.
Every time we work with an expert, I get a different explanation to describe the situation we are viewing.
Quick summery of the issue: We've been using Group Policy to manage most Windows XP and 7 settings for years, but starting the middle of last year, we began having clients with machines where some or all group policies would fail to apply.
These could be long assigned policies, new polices, or changes to policies. It would never affect everyone or even a majority at once, and the resolution is never the same. Sometimes a GPUDPATE /FORCE sometimes fixed automajically the next day,
sometimes (but very rarely) longer.
Troubleshooting History:
What we found in early troubleshooting, that these machines, had errors in Event Viewer for Netlogon, Time-Sync, and Group Policy. The other issue we noticed, was that our GPRESULT /H reports were missing security groups and the denied section was
nothing but SSID's. The first issue pointed me to:
Event ID 5719 and event ID 1129 may be logged when a non-Microsoft DHCP Relay Agent is used
I installed these Hot Fixes. No change to any of the errors in event viewer, or to our Group Policy problems.
Initial work with Premier Support found that Netlogon, Time-Sync, and Group Policy, were failing before loading of the network stack. The suggestion was to apply the group policy setting "Always wait for the network at computer startup and
logon". At the time, this seemed not to work. The policy was set on a test bed of laptops and desktops, and no changes in behavior were seen after 3 days.
Windows 7 Clients intermittently fail to apply group policy at startup
For some time after this, we were collecting GPSVC and NetTrace logs for Premeir Support, trying to document and troubleshoot the problem. Eventually we got fed up and asked our TAM to call in a pro to get this resolved. We were sent an engineer
for 3 days. For three days we banged away on this issue. We verified AD and replication health, we tried numerous fixes and workarounds. I learned 3 different desriptions of how Group Policy works, and in the end we thought we had a workaround
using the "Always wait for the network at computer startup and logon" because of a single success late in the day. On day 3 we tried replicating this fix, and quickly realized that the same issue we were having preventing other GPOs to apply,
were also preventing our "fix" GPO from applying. So we went the route of using a registry entry. I also had a problem that even though it was making the process more consistant, it was still taking 3 reboots for a Computer Policy, assigned
to a computer object via Security Group, to fully take affect on a computer.
I used the registry methods in the above article. It didn't work, no sign it was having the same affect the GPO had had.
Our support engineer claimed this was the proper method, but that path wasn't even close in a Windows 7 SP1 registry, and after creating all the keys that were not present, it still didn't work.
Always wait for the network at computer startup and logon - AzureWeb
We ran out of time, our engineer returned home.
I can understand how these errors indicate a problem applying Group Policy at boot. But to me it doesn't explain why it doesn't correct post boot, and after a GPUDPATE /FORCE and a reboot.
It also doesn't explain why we were working fine for years, then all of a sudden DHCP is being outrun by background services. (By the way logging showed DHCP wasn't significantly delayed, out boot process was actually excellent, health wise.)
Why all of a sudden is this not behaving optimly? No changes to network design or function. No changes to the domain since 2008 R2 was installed in 2011.
Today I'm reading through all these KB's and articles again, and took some time to read:
[Forum FAQ] Common steps to start troubleshooting Group Policy
application and it's links below.
We ran though all of that before and during the 3-day onsite. It's not getting us any closer to the cause or a solution.
I found and begin some deep reading in this link today. It has some additional information I will try to use next week:
Group Policy Basics - Part 3: How Clients Process GPOs
The one unanswered question I have is this. How is group policy supposed to apply to a computer, when that policy is applied to a AD Security Group, in which the computer object is a member?
Before we began having this problem, we would assign a computer GPO, then ask the user to reboot. If it were a user GPO, we'd ask the user to log off, or reboot. Either way, if we allowed a few minutes for AD and FRS replication, the user would
log back in with that new policy in affect. A new imaged machine would boot with all the GPO's linked to that domain and assigned to "Authenticated Users", already in affect. Admin groups would be present in administrators, proxy settings
would be set in Internet Explorer, etc.
Now I'm aked to beleive this was never the case from Premeier Support and Microsoft Engineers. That those policies require the equilent of a "GPUPDATE /FORCE" that was executed by the Local_System account. That 3 reboots may
be nessessary for a group policy to be applied. One for the AD Security Group to be applied. One for the Computer Policy to be applied. And a final one for the policy in the GPO to be applied to Windows.
Can someone confirm or correct this information please? It's imperitive to my troubleshootng.
There's no place like 127.0.0.1

That key is empty on all of my machines I have checked today. Working and problematic alike.
GPRESULT logs, when ran as me, historically would show the group polices applied, denied, and the AD group membership all by name. About 6 months ago I noticed this changed.
Now they show the applied GPO's by name, a few of the denied GPO's by name, most by SID, and only 2 to 3 AD groups, though PowerShell shows all the AD groups assigned. This happens after several AD security and distribution groups are added to the
machine (Radia software distribution uses Dist groups to assign software).
A check showed no groups with long legacy Kerberos keys.
When we make a change to AD Security Group membership, to assign or deny a Group Policy, is usually when we encounter this problem. It will usually fix itself in 24 hours of the machine being left up and running. But no amount of GPUPDATE /FORCE
and rebooting will cause the changes to take affect.
During this time, the Group Policies will show assigned to the computer in the GPRESULT log.
Yesterday I began looking into Spanning Tree configuration on our network being a possible cause for the boot up issues. I'm waiting on responses from our Network group to confirm our configuration.
There's no place like 127.0.0.1

Drive restriction group policy causes error message when accessing Open and Save As Dialog Boxes on Windows 8.1

We are running Windows 8.1 Pro x86
I am really curious as to why the drive restriction group policy causes the error message to pop up:
"This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."
It does not prevent from actual saving so functionality is not lost but it really annoys our end users and we're getting a lot of complaints. We cannot use the workaround of hiding drives instead of restricting as this still presents security issues. This
is happens when saving (or clicking on a button like "Browse" that opens the 'Open' dialogue box) in all Office 2013 applications, Internet Explorer, Paint, Notepad, and probably most others. I've looked at many forums and no suggestions for workarounds
have succeeded for us to get rid of this error message and in fact, I read a post that stated that someone contacted Microsoft and they said this was by design and there is no workaround. I find this very unfortunate that we either have the choice of compromising
security or annoying our end users. It seems to me like the new dialogue box in Windows 8.1 (and maybe 8?) attempts to access the local drive under the logged in user's account before it actually opens up the dialogue box which conflicts with the group policy
that restricts access to the drive.
Has anyone at all had any luck getting this to go away without removing the restrictions? It seems like the answer is either buried in the Windows code or somewhere in the registry.
Thank you in advance for your time!

Thank you for your time and response! Unfortunately, we have the machine locked down pretty tight (they are public use computers that require heavy restriction) and it is set to restrict all drives so access is limited to the local profile. We did try
testing your method, however, by adding the Desktop as an allowed location in the Office policy (which would not solve the issue for the other applications but was good for a test) using the path %userprofile%\desktop. When choosing that location, it does
not throw the error but unfortunately, it does not remember like it did for your with the E: drive so it still always throws the error when first loading the dialogue box no matter what I do. If you're able to confirm that this is simply by design and we're
just expected to inform our users to click through the errors, then I guess that's the accepted answer. Although, do you think that there might be a registry key value that is set after you save to the E: drive for the first time? Maybe we could set that value
to %userprofile%\desktop if it's doing the redirection after the first save through registry. Thanks again!

Win 2K8 R2 - Group Policy Management - Failed to Open Group Policy Object. You may not have appropriate rights. The network path was not found.

New to Windows Server 2008 R2 Administration.
I setup this Windows 2008 R2 Server on a Dell 2950 Poweredge server and have been migrating users off of an old NT style domain running on Samba 3.6 on CentOS.
I have the domain setup (nicholas.sacredheartsaratoga.org), added users, and have moved users / computers over to the new domain and working.
When attempting to setup Group Policy Objects, I continually get the "Failed to Open Group Policy Object" Error. This is driving me nuts and seems to be a 49 error.. which I have done a ton of research on but none of the suggested fixes seem
to be working.
I've been working at this for a couple of weeks and really need this fixed to be able to set GPO's correctly.
Here is my IPCONFIG /ALL
C:\Users\Administrator.NICHOLAS.000>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : NICHOLAS
Primary Dns Suffix . . . . . . . : sacredheartsaratoga.org
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : nicholas.sacredheartsaratoga.org
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client) #2
Physical Address. . . . . . . . . : 00-1D-09-27-F1-63
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::542:43f2:2aaf:d903%13(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.20.21(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.20.3
DHCPv6 IAID . . . . . . . . . . . : 301997321
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-7D-DC-B6-00-1D-09-27-F1-61
DNS Servers . . . . . . . . . . . : 10.10.20.21
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{41653A38-9372-4740-BB03-41950A9C9BC0}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Will post the entire contents of my gpreport as soon as my account is verified... but this is the jist of the error being reported:
Component Status<v:group alt="Error" class="vmlimage" coordsize="100,100" style="width:15px;height:15px;vertical-align:middle;"><v:oval class="vmlimage" fillcolor="red" strokecolor="red" style="width:100px;height:100px;"></v:oval><v:line
class="vmlimage" from="25,25" strokecolor="white" strokeweight="3px" style="" to="75,75"></v:line><v:line class="vmlimage" from="75,25" strokecolor="white" strokeweight="3px" style="" to="25,75"></v:line></v:group>
Component Name
Status
Last Process Time
Group Policy Infrastructure
Failed
2/17/2014 2:50:06 PM
Group Policy Infrastructure failed due to the error listed below.
Logon failure: unknown user name or bad password.
Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 2/17/2014 2:50:05 PM and 2/17/2014 2:50:06 PM.
Registry
(N/A)
1/4/2014 1:45:29 PM
Security
(N/A)
1/4/2014 1:45:35 PM
User Configuration Summary

Group Policy Management | No such interface supported

Running Windows Server 2008 R2 as a Domain Controller and when I open Group Policy Management, click on a GPO, then click on the Settings tab, it pops up an error message that says "No such interface supported". I've found several articles
that talk about registering .dll files and I've done that and nothing. I've uninstalled GPMC and reinstalled and that didn't fix anything. Can anyone help resolve this?

Hi Jason,
Before going further, do we have other domain controllers? If yes, does GPMC work correctly on these domain controller? GPMC reports the error "No Such interface supported" normally is due to a missing or corrupted Windows component.
Besides, do we update the server to the latest? If not, we can update the server to the latest and then reinstall the GPMC to see if the issue persists.
TechNet Subscriber Support
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Best regards
Frank Shen

MSI not installing via Group Policy - Insists location does not exist

Hi
I am creating a group policy object whereby I am pointing my software package installation to \\192.168.1.3\GPO\MSOCached32bit.msi
The location has permissions for the machine accounts on both the share and the ntfs permissions with read only access.
I have created an OU and moved a Windows XP machine into it, linked the GPO and made sure that the XP machine is not using optimised log on.
From the machine I can reach the share and see the file from the path above.
However each time I reboot the machine I am testing on the installation fails, the exact error being:
The install of application MSO from policy MSO Installation failed. The error was : The installation source for this product is not available. Verify that the source exists and that you can access it.
This is rather odd, since I can see it, the machine account has permissions to see it and I cannot see what the problem is.
I have then gone on to enable verbose logging of the MSI installer which has produced the following:
=== Verbose logging started: 18/08/2011 15:36:18 Build type: SHIP UNICODE 3.01.4001.5512 Calling process: \??\C:\WINDOWS\system32\winlogon.exe ===
MSI (c) (AC:B0) [15:36:18:666]: Resetting cached policy values
MSI (c) (AC:B0) [15:36:18:666]: Machine policy value 'Debug' is 7
MSI (c) (AC:B0) [15:36:18:666]: ******* RunEngine:
           ******* Product: {96b77fe2-a045-4f3f-9a73-1bf359d0eaaf}
           ******* Action:
           ******* CommandLine:
MSI (c) (AC:B0) [15:36:18:666]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (AC:B0) [15:36:18:666]: Grabbed execution mutex.
MSI (c) (AC:B0) [15:36:18:736]: Cloaking enabled.
MSI (c) (AC:B0) [15:36:18:736]: Attempting to enable all disabled priveleges before calling Install on Server
MSI (c) (AC:B0) [15:36:18:736]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (B4:CC) [15:36:18:756]: Grabbed execution mutex.
MSI (s) (B4:D0) [15:36:18:766]: Resetting cached policy values
MSI (s) (B4:D0) [15:36:18:766]: Machine policy value 'Debug' is 7
MSI (s) (B4:D0) [15:36:18:766]: ******* RunEngine:
           ******* Product: {96b77fe2-a045-4f3f-9a73-1bf359d0eaaf}
           ******* Action:
           ******* CommandLine: CURRENTDIRECTORY="C:\WINDOWS\system32" CLIENTUILEVEL=3 CLIENTPROCESSID=940
MSI (s) (B4:D0) [15:36:18:766]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (B4:D0) [15:36:18:766]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (B4:D0) [15:36:18:766]: User policy value 'DisableMedia' is 0
MSI (s) (B4:D0) [15:36:18:766]: Machine policy value 'AllowLockdownMedia' is 0
MSI (s) (B4:D0) [15:36:18:766]: SOURCEMGMT: Media enabled only if package is safe.
MSI (s) (B4:D0) [15:36:18:766]: SOURCEMGMT: Looking for sourcelist for product {96b77fe2-a045-4f3f-9a73-1bf359d0eaaf}
MSI (s) (B4:D0) [15:36:18:766]: SOURCEMGMT: Adding {96b77fe2-a045-4f3f-9a73-1bf359d0eaaf}; to potential sourcelist list (pcode;disk;relpath).
MSI (s) (B4:D0) [15:36:18:766]: SOURCEMGMT: Now checking product {96b77fe2-a045-4f3f-9a73-1bf359d0eaaf}
MSI (s) (B4:D0) [15:36:18:766]: SOURCEMGMT: Media is enabled for product.
MSI (s) (B4:D0) [15:36:18:766]: SOURCEMGMT: Attempting to use LastUsedSource from source list.
MSI (s) (B4:D0) [15:36:18:766]: SOURCEMGMT: Processing net source list.
MSI (s) (B4:D0) [15:36:18:766]: SOURCEMGMT: Trying source \\192.168.1.3\GPO\.
MSI (s) (B4:D0) [15:36:19:427]: Note: 1: 1314 2: \\192.168.1.3\GPO\
MSI (s) (B4:D0) [15:36:19:427]: ConnectToSource: CreatePath/CreateFilePath failed with: -2147483648 1314 -2147483648
MSI (s) (B4:D0) [15:36:19:427]: ConnectToSource (con't): CreatePath/CreateFilePath failed with: -2147483648 -2147483648
MSI (s) (B4:D0) [15:36:19:427]: SOURCEMGMT: net source '\\192.168.1.3\GPO\' is invalid.
MSI (s) (B4:D0) [15:36:19:427]: Note: 1: 1706 2: -2147483647 3: MSOCached32bit.msi
MSI (s) (B4:D0) [15:36:19:427]: SOURCEMGMT: Processing media source list.
MSI (s) (B4:D0) [15:36:19:437]: Note: 1: 2203 2: 3: -2147287037
MSI (s) (B4:D0) [15:36:19:437]: SOURCEMGMT: Source is invalid due to missing/inaccessible package.
MSI (s) (B4:D0) [15:36:19:437]: Note: 1: 1706 2: -2147483647 3: MSOCached32bit.msi
MSI (s) (B4:D0) [15:36:19:437]: SOURCEMGMT: Processing URL source list.
MSI (s) (B4:D0) [15:36:19:437]: Note: 1: 1402 2: UNKNOWN\URL 3: 2
MSI (s) (B4:D0) [15:36:19:437]: Note: 1: 1706 2: -2147483647 3: MSOCached32bit.msi
MSI (s) (B4:D0) [15:36:19:437]: Note: 1: 1706 2: 3: MSOCached32bit.msi
MSI (s) (B4:D0) [15:36:19:437]: SOURCEMGMT: Failed to resolve source
MSI (s) (B4:D0) [15:36:19:437]: MainEngineThread is returning 1612
MSI (c) (AC:B0) [15:36:19:437]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (AC:B0) [15:36:19:437]: MainEngineThread is returning 1612
=== Verbose logging stopped: 18/08/2011 15:36:19 ===
As you can see from the above highlighted line, it says its invalid, but I cannot for the life of me understand why?
Thanks in advance for any help!

Hi,
This is not something related to the GPO issue. The issue is with MSI and the packaging. Condition the ResolveSource action.
Try Copying the MSI to local machine using a script and execute it.
ResolveSource actually requires that the original installation source is available whenever it is called. If your installer package is authored correctly, source must only be resolve in cases where the original RTM files are missing or during some patch
uninstall scenarios.
http://blogs.msdn.com/b/heaths/archive/2007/10/25/resolvesource-requires-source.aspx
http://msdn.microsoft.com/en-us/library/aa371232%28VS.85%29.aspx
http://www.appdeploy.com/messageboards/printable.asp?m=48703
If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer". This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before
implementing!

I get a Group Policy Disk Quota failure at every system start

This is very long, my apologies
I asked this question about a month ago and then had some medical problems so I'm starting over again.
Whenever I start my system I get a message on the screen that the system is trying to run Group Policy for Disk Quotas. To my knowledge I've never set a disk quota policy and I can't find any indication that one is currently set. I freely admit
that I could be responsible for this. I might have done something in the early days of the system because it wasn't happening for the first month or two.
This time I did more reading and found a procedure on TechNet at:
"http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx" which led me step by step through the procedure, although I still can't make sense of the results.
So far I've verified that there are no policies set and that all the hard drives (3) have the Disk Quota bit 'disabled'. I did this as 'Administrator'.
The results from the TechNet procedure turned out to be quite long but I'm listing it here in hope that someone in the community will be familiar with this problem and be able to use the information to figure out the problem.
Here are the results:
From: TechNet Group Policy Testing
( "http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx" )
1 - Troubleshooting using the Group Policy operational log
   a - Determine the instance of Group Policy processing
   (Before you view the Group Policy operational log, you must first determine
   the instance of Group Policy processing that failed.)
My ActivityID from the Group Policy operational log = C87E5BC2-FD21-4794-B678-787AB587D8D5
2 - Create a custom view, via a query, of the Group Policy instance
My resultant query:
<QueryList><Query Id="0" Path="Application"><Select Path="Microsoft-Windows-GroupPolicy/Operational">*[System/Correlation/@ActivityID='{C87E5BC2-FD21-4794-B678-787AB587D8D5}']</Select></Query></QueryList>
3 - Results of running the query from step 2 are listed below, in chronological order, including the complete 'detail' sections from each event.
event 4000
Event Description(s) = Computer startup
BEGIN DETAIL SECTION-----------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 4000
   Version 1
   Level 4
   Task 0
   Opcode 1
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.598400000Z
   EventRecordID 22707
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  PolicyActivityId {C87E5BC2-FD21-4794-B678-787AB587D8D5}
  PrincipalSamName WORKGROUP\GROK$
  IsMachine 1
  IsDomainJoined false
  IsBackgroundProcessing false
  IsAsyncProcessing false
  IsServiceRestart false
  ReasonForSyncProcessing 2
END DETAIL SECTION-------------------------------------------------------------------------------
event 5320
Event Description(s) = Checking for Group Policy client extensions that are not part of the system.
Event Description(s) = Service configuration update to standalone is not required and will be skipped.
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5320
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22711
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  InfoDescription %%4161
END DETAIL SECTION-------------------------------------------------------------------------------
event 5313
Event Description(s) = The following Group Policy objects were not applicable because they were filtered out :
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5313
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22710
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  DescriptionString None
  GPOInfoList
END DETAIL SECTION-------------------------------------------------------------------------------
event 5311
Event Description(s) = The loopback policy processing mode is "No loopback mode".
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5311
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22708
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  PolicyProcessingMode 0
END DETAIL SECTION-------------------------------------------------------------------------------
event 5312
Event Description(s) = List of applicable Group Policy objects:
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5312
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22709
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  DescriptionString Local Group Policy
  GPOInfoList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name><Version>524296</Version><SOM>Local</SOM><FSPath>C:\Windows\System32\GroupPolicy\Machine</FSPath><Extensions>[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{3610EDA5-77EF-11D2-8DC5-00C04FA31A66}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{F3CCC681-B74C-4060-9F26-CD84525DCA2A}{0F3F3735-573D-9804-99E4-AB2A69BA5FD4}]</Extensions></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 4016
Event Description(s) = Starting Microsoft Disk Quota Extension Processing.
Event Description(s) = List of applicable Group Policy objects: (Changes were detected.)
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 4016
   Version 0
   Level 4
   Task 0
   Opcode 1
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22714
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  CSEExtensionId {3610EDA5-77EF-11D2-8DC5-00C04FA31A66}
  CSEExtensionName Microsoft Disk Quota
  IsExtensionAsyncProcessing false
  IsGPOListChanged true
  GPOListStatusString %%4102
  DescriptionString Local Group Policy
  ApplicableGPOList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 5320
Event Description(s) = Finished checking for non-system extensions.
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5320
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22713
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
  - Security
   [ UserID] S-1-5-18
- EventData
  InfoDescription %%4165
END DETAIL SECTION-------------------------------------------------------------------------------
event 4016
Event Description(s) = Starting Audit Policy Configuration Extension Processing.
Event Description(s) = List of applicable Group Policy objects: (No changes were detected.)
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 4016
   Version 0
   Level 4
   Task 0
   Opcode 1
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:31:21.987200000Z
   EventRecordID 22718
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  CSEExtensionId {F3CCC681-B74C-4060-9F26-CD84525DCA2A}
  CSEExtensionName Audit Policy Configuration
  IsExtensionAsyncProcessing true
  IsGPOListChanged false
  GPOListStatusString %%4101
  DescriptionString Local Group Policy
  ApplicableGPOList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 7016
Event Description(s) = Completed Microsoft Disk Quota Extension Processing in 108374 milliseconds.
BEGIN DETAIL SECTION-------------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 7016
   Version 0
   Level 2
   Task 0
   Opcode 2
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:31:21.987200000Z
   EventRecordID 22717
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  CSEElaspedTimeInMilliSeconds 108374
  ErrorCode 2147942402
  CSEExtensionName Microsoft Disk Quota
  CSEExtensionId {3610EDA5-77EF-11D2-8DC5-00C04FA31A66}
END DETAIL SECTION-----------------------------------------------------------------------------------------
event 5016
Event Description(s) = Completed Microsoft Disk Quota Extension Processing in 108374 milliseconds.
BEGIN DETAIL SECTION----------------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5016
   Version 0
   Level 4
   Task 0
   Opcode 2
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:31:22.314800000Z
   EventRecordID 22720
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  CSEElaspedTimeInMilliSeconds 312
  ErrorCode 2147483658
  CSEExtensionName Audit Policy Configuration
  CSEExtensionId {F3CCC681-B74C-4060-9F26-CD84525DCA2A}
END DETAIL SECTION-----------------------------------------------------------------------------------------
Event 8000
Event Description(s) = Completed computer boot policy processing for WORKGROUP\GROK$ in 108 seconds.
BEGIN DETAIL SECTION----------------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 8000
   Version 1
   Level 4
   Task 0
   Opcode 2
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:31:22.330400000Z
   EventRecordID 22721
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  PolicyElaspedTimeInSeconds 108
  ErrorCode 0
  PrincipalSamName WORKGROUP\GROK$
  IsMachine 1
  IsConnectivityFailure false
END DETAIL SECTION-----------------------------------------------------------------------------------------
End of results.
Thanks to all,
wegrok
Win7 Ultimate x64, 8 GB ram, AMD Phenom 9950 Quad-proc @2.6Ghz, HD = 1TB ASUS M4N72-E mobo, Video = NVIDIA GeForce 8800 GT w/ Dell 2407 Digital Monitor -------------------------------------------------------------------------------------------------------

Did you ever have luck tracking this down? Im getting this error and have no clue where it is coming from. I have not enabled gp disk quotas, but I do have a network share on a domain member server that has quotas attached to each users folder.
I removed the quotas and still get this error when I manually perform a gpupdate.

Group Policy processing failure on 2008 when MIX Domain 2003 with DC 2008

Dear I try to add additional Windows 2008 Domain to My Domain controller 2003 and I ma Receiving Group policy error in DC 2008 With Event ID 1055
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1055</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-03-06T14:36:44.411955300Z" />
<EventRecordID>3859</EventRecordID>
<Correlation ActivityID="{28DAD258-26D0-4C1E-A4B7-F37DEE04C8F1}" />
<Execution ProcessID="952" ThreadID="3276" />
<Channel>System</Channel>
<Computer>PRIMARYDC.Qtit.com</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">1632</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">1578</Data>
<Data Name="ErrorCode">5</Data>
<Data Name="ErrorDescription">Access is denied.</Data>
</EventData>
</Event>
I install See KB939820 for a hotfix applicable to Microsoft DC 2003 regrading to he KRBTGT account
Refer Url : http://support.microsoft.com/kb/939820
I run dcdiag /v on and repadmin /showrepl at DC 2008
the dcdiag /v result
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine PRIMARYDC, is a Directory Server.
Home Server = PRIMARYDC
* Connecting to directory service on server PRIMARYDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... PRIMARYDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Advertising
The DC PRIMARYDC is advertising itself as a DC and having a DS.
The DC PRIMARYDC is advertising as an LDAP server
The DC PRIMARYDC is advertising as having a writeable directory
The DC PRIMARYDC is advertising as a Key Distribution Center
The DC PRIMARYDC is advertising as a time server
The DS PRIMARYDC is advertising as a GC.
......................... PRIMARYDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:18:56
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:53:21
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
......................... PRIMARYDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... PRIMARYDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... PRIMARYDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... PRIMARYDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Domain Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role PDC Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Rid Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
......................... PRIMARYDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC PRIMARYDC on DC PRIMARYDC.
* SPN found :LDAP/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :LDAP/PRIMARYDC.Qtit.com
* SPN found :LDAP/PRIMARYDC
* SPN found :LDAP/PRIMARYDC.Qtit.com/QTIT
* SPN found :LDAP/e3d8c76c-1b59-4de6-9f7f-c438df9a2863._msdcs.Qtit.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e3d8c76c-1b59-4de6-9f7f-c438df9a2863/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com
* SPN found :HOST/PRIMARYDC
* SPN found :HOST/PRIMARYDC.Qtit.com/QTIT
* SPN found :GC/PRIMARYDC.Qtit.com/Qtit.com
......................... PRIMARYDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC PRIMARYDC.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
DC=DomainDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=Qtit,DC=com
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Qtit,DC=com
(Configuration,Version 3)
* Security Permissions Check for
DC=Qtit,DC=com
(Domain,Version 3)
......................... PRIMARYDC failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\PRIMARYDC\netlogon
Verified share \\PRIMARYDC\sysvol
......................... PRIMARYDC passed test NetLogons
Starting test: ObjectsReplicated
PRIMARYDC is in domain DC=Qtit,DC=com
Checking for CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com in domain DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com in domain CN=Configuration,DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
......................... PRIMARYDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... PRIMARYDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 14607 to 1073741823
* SecondAD.Qtit.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 14107 to 14606
* rIDPreviousAllocationPool is 14107 to 14606
* rIDNextRID: 14124
......................... PRIMARYDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... PRIMARYDC passed test Services
Starting test: SystemLog
* The System Event log test
A warning event occurred. EventID: 0x0000A001
Time Generated: 03/06/2014 16:04:05
Event String:
The Security System could not establish a secured connection with the server ldap/PRIMARYDC.Qtit.com/[email protected]. No authentication protocol was available.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:06:35
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:11:36
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:16:38
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:21:39
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:26:41
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:46
Event String:
Driver TOSHIBA e-STUDIO16/20/25 PCL 6 required for printer TOSHIBA e-STUDIO16/20/25 PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:48
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:49
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:14
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:31:42
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
......................... PRIMARYDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com and backlink on
CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on
CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (frsComputerReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com are
correct.
......................... PRIMARYDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Qtit
Starting test: CheckSDRefDom
......................... Qtit passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Qtit passed test CrossRefValidation
Running enterprise tests on : Qtit.com
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
PDC Name: \\SecondAD.Qtit.com
Locator Flags: 0xe00001bd
Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
Preferred Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
KDC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
......................... Qtit.com passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... Qtit.com passed test Intersite
repadmin /showrepl Result
******************************8
==== INBOUND NEIGHBORS ===================================
DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:04 was successful.
CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:39 was successful.
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
DC=DomainDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:27:31 was successful.
DC=ForestDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
I try to down the DC 2003 and access \\Qtit.com it success open the syslog on DC 2008
Any help or advice

Hi,
Were there other error codes logged in Event Viewer?
Regarding Event ID 1055, the following article can be referred to for troubleshooting.
Event ID 1055 — Group Policy Preprocessing (Security)
http://technet.microsoft.com/en-us/library/cc727272(v=ws.10).aspx
Based on the report you posted, this issue may be related to FRS replication service. As a result, we can use ntfrsutl tool to check whether the replication service is healthy.
Regarding this point, the following articles can be referred to for more information.
Troubleshooting File Replication Service
http://technet.microsoft.com/en-us/library/bb727056.aspx
Ntfrsutl
http://technet.microsoft.com/en-us/library/hh875636.aspx
In addition, we can also try doing a non-authoritative Sysvol restore on Windows Server 2008 DC to see whether the issue persists.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762/en-us
Hope it helps.
Best regards,
Frank Shen

How can I setup a scheduled task to run a Powershell Script delivered as a Group Policy Preference

I have a Powershell script I want to run only once when a user logs onto their system. This script would move all the PST files from the Local drive and the Home drive to a folder location within the users profile. I wanted to run this as a Windows 7 Scheduled Task using Group Policy Preferences. How can I get this to happen short of a logon script? I have updated all the machines to WMF 4.0 so could I use a Scheduled Job instead? I wanted to run the script as the logon user but elevated.#Start Outlook and Disconnect attached PST files.
$Outlook = New-Object -ComObject Outlook.Application
$namespace = $outlook.getnamespace("MAPI")
$folder = $namespace.GetDefaultFolder("olFolderInbox")
$explorer = $folder.GetExplorer()
$explorer.Display()
$myArray= @()
$outlook.Session.Stores | where{ ($_.FilePath -like'*.PST') } | foreach{[array]$myArray+= $_.FilePath}
for
($x=0;$x-le$myArray.length-1;$x++)
$PSTPath= $myArray[$x]
$PST= $namespace.Stores | ?{$_.FilePath -like$PSTPath}
$PSTRoot= $PST.GetRootFolder() #Get Root Folder name of PST
$PSTFolder= $Namespace.Folders.Item($PSTRoot.Name) #Bind to PST for disconnection
$Namespace.GetType().InvokeMember('RemoveStore',[System.Reflection.BindingFlags]::InvokeMethod,$null,$Namespace,($PSTFolder)) #Disconnect .PST
#Move All PST files to the default location while deleting the PST files from their original location.
$SourceList = ("$env:SystemDrive", "$env:HOMEDRIVE")
$Destination = ("$env:USERPROFILE\MyOutlookFiles")
(Get-ChildItem -Path $SourceList -Recurse -Filter *.PST) | Move-Item -Destination $Destination
#Attach all PST files from the default location.
Add-type -assembly "Microsoft.Office.Interop.Outlook" | out-null
$outlook = new-object -comobject outlook.application
$namespace = $outlook.GetNameSpace("MAPI")
dir “$env:USERPROFILE\MyOutlookFiles\*.pst” | % { $namespace.AddStore($_.FullName) }

Mike,
I do not understand what appears to be a regular expression above. I did add the PowerShell script to the HKCU RunOnce Key as suggested.
Windows Registry Editor Version 5.00
C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -noprofile -sta -WindowStyle Hidden -ExecutionPolicy RemoteSigned -File "C:\scripts\Windows PowerShell\Move-PST.ps1"
I'm delivering this using Group Policy Preferences. It seems to fail or time out when run because the behavior is different if I run the script from within the PowerShell IDE. I added the parameters to the script and will try it again in the morning.

RDS 2012 R2 - How do I lockdown access to Local Computer Management and Windows Backup via Group Policy

Greetings all,
I am needing assistance in how to lockdown access to Local Computer Management and Windows Backup via Group Policy for users that access RDS service. I have followed this awesome guide - h t t p://w w w.it.ltsoy.com/windows/lock-down-remote-desktop-services-server-2012/
- but it is missing two important resources that I would like to lock down.Currently, I have successfully locked down Control Panel for users via Group Policy, but I cannot find any group policy or guide on how to restrict user access
to Computer Management (different to Server Manager). When using Win-X shortcut to open the 'Administrator's shortcuts' near the windows icon, I have locked down everything except Computer Management. Computer Management gives direct access to Disk Management,
Shares etc, which are locked down for users. But Windows Server Backup is still accessible. Can someone please guide me on how to restrict access to both Computer Management and Windows Server Backup.
Thanks in advance.
Terry.

Prevent running of Windows Server Backup
Computer Configuration\Policies\Windows Settings\Security Settings\File System
Right click on File System - Add File - Drill down to \System32\wbadmin.msc
On the Database Security ACL that pops up - Remove Creator Owner, Remove Users and check Adminstrators have Full Access.
On the Object window - choose Propagate inheritable permissions to all... (Default)

Group Policy

Similar Messages

Maybe you are looking for