Ise Sponsor group policies
Hi I would like to limit a single "sponsorallaccount" user to be allowed to connect from a specific location (or computer) to print guest details
however the authentication is not radius and the parameneters for the authentication are missing and cannot be matched
is there any way to accomplish this considering that many other users will be given only single account creation permissions?
ty
You can use group permissions to restrict the user group "sponsorallaccount" to print guest details.
All other groups can be configured to create guest accounts but not to print the guest details. (password, person visiting, etc)
As long as the sponsor user from "sponsorallaccount" keeps his password secret, everything should be fine, but I don't see how you would limit him from using his account from a specific PC..
Similar Messages
-
ISE 1.2: Remove unused Sponsor Group and Identity Group
Hi
I started with ISE 1.1.2 and now upgrade to 1.2.
There are 1. Sponsor Groups and 2. Identity Groups which are no more in use, but I am not able to remove them anymore.
1. One is a special Sponsor group which sponsor group policy I already removed. The I go to Aministration>Web Portal Management>Sponsor Groups and select the appropriate Group ans click delete and ok to confirm, the following error is displayed:
com.cisco.cpm.nsf.api.exceptions.NSFEntityDeleteFailed: java.rmi.RemoteException: Failed to execute the Query : DELETE_USERONAPP ORA-02292: integrity constraint (CEPM.EDF_GST_SPGRPID_SUB) violated - child record found ; nested exception is: java.sql.SQLIntegrityConstraintViolationException: ORA-02292: integrity constraint (CEPM.EDF_GST_SPGRPID_SUB) violated - child record found
2. The same happens with one Identity Group. I do not have it active anymore. Not in authentication, and not in authorization policy. I go to Administration>Identity Management>Groups> and select te group to remove, and click "Delete selected" and confirm with ok, the following error occured:
Cannot delete selected Identity Group(s) because there are resources which are mapped to these or its child identity group(s)
Is there any reason for any of these issue?
Many thanksHi ,
Please open service request with cisco. These kind of issues may happen when the dependencies are deleted from UI but there is a chance that some of the dependencies may not be deleted completely and are not visible from UI as well. These kind of issues can be resolved under cisco guidance.
Thanks,
Naresh -
Hi!!
We are working on a mapping between a Sponsor Group in Cisco ISE and a user group in Active Directory....but the client wants the mapping to be through a RADIUS SERVER, for avoiding ISE querying directly the Active Directory.
I know it is possible to use a RADIUS SERVER as an external identity source for ISE.....but, is it possible to use this RADIUS SERVER for this sponsor group handling?
Thanks and regards!!Yes It is possible to map Sponser group to user group in AD and if you want to know how to do please open the below link and go to Mapping Active Directory Groups to Sponsor Groups heading.
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_guest_pol.html#wp1096365 -
ISE Sponsor Authentication via RADIUS
My client is requesting us to change the way the sponsor users are authenticated and authorized to access the ISE Sponsor Portal.
Their like to pass the ISE request to AD through a RADIUS server first. They said "to avoid sending AD credentials to ISE directly". Under this requirements,
My search and limited knowledge give me to assume I should define a Proxy RADIUS
I think I can Define an External RADIUS server, but I wonder if creating this, it would be available as an Identity Source for the "Sponsor Portal Sequence".
If not, how can I add this? After that, what conditions or attributes should I look for to use in the "Sponsor Group Policy" in order to filter username/password and allow access only to employees and deny access to anyone else?
I will appreciate any advice you can give me to offer the best recommendation to the customer.
Regards.
Daniel Escalante.I think I understood the customer concern. This is quoted from Microsoft http://support.microsoft.com/kb/321051
"The Lightweight Directory Access Protocol (LDAP) is used to read from and write to Active Directory. By default, LDAP traffic is transmitted unsecured. You can make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology."
So the question now is how can we be sure the ISE communication is secure? ... I understand port 636 is used to transport LDAP-Secure ...
The ISE User Gude indicates that one of the ports required to be open in the case a firewall exists between ISE and ADE is 636 (LDAPS). -(ISE User Guide Page 5-6)
In my case there is no FW between ISE and AD, so where or how can I show the customer we are using LDAPS?
Regards. -
ISE - sponsor guest portal with smartcard authentication
Team, any support for sponsor guest portal authentication with the smartcard?
If not then can someone plese create feature request to Cisco, smartcards are being rolled out more and more.
BilalWe've got it working in our agency. It's front ended by an 5540 ASA that sends the users attributes to ISE and then loops ISE to authenticate via AD. I've got a pretty sweet write up on it from our advanced services rep. The guys are legit when it comes to work around and I just finished testing this with ISE 1.3. If you guys are interested I'll attach it tomorrow.
Attached configuration guide. Note for 1.3 the Sponsor Group Policy has been removed. Just make sure the Sponsor Group is configured and add the store to locate the user. In our case its AD.
If you have questions just PM me and Ill be glad to assist.
-Ryan -
ASA 5505 VPN Group Policies (RADIUS) and tunnel group
I have a single ASA firewall protecting a small private developing network, and I need it in order to access remotely to two distinct network spaces both of wich are VLAN tagged: 1 is LAN and 3 is management. Each net has its own IP address space and DNS server.
I'd like to set up Anyconnect to land on lan 1, and SSL VPN in order to see the IPMI and management websites sitting on VLAN 3. In order to make things "safer" I have found a free OTP solution, OpenOTP, and I decided to implement it on a virtual machine, setting up a radius bridge to allow user authentication for VPN. I can pass wichever attribute I'd like to using this radius bridge (for example "Class" or "Group-Policy" or whatever is included in the radius dictionaries).
Actually all I need is quite simple. I have to segregate my remote users in 2 groups, one for Anyconnect, and one for SSL based on the radius response from authentication. (I don't need authorization nor accounting) I'm no Cisco Pro, what I've learnt is based on direct "on the field" experience.
I'm using two radius users for testing right now, one is called "kaisaron78" associated to a group policy "RemoteAC" and a second one called "manintra" associated to a group policy called "SSLPolicy". "kaisaron78" after logging in should only see the Anyconnect "deployment portal", while "manintra" should see the webvpn portal populated with the links specified in the URL list "Management_List". However, no matter what I do, I only see the default "clean" webvpn page. This is an example of "sh vpn-sessiondb webvpn" for both users..
Session Type: WebVPN
Username : kaisaron78 Index : 1
Public IP : 172.16.0.3
Protocol : Clientless
License : AnyConnect Premium
Encryption : Clientless: (1)RC4 Hashing : Clientless: (1)SHA1
Bytes Tx : 518483 Bytes Rx : 37549
Group Policy : RemoteAC Tunnel Group : DefaultWEBVPNGroup
Login Time : 10:59:33 CEDT Mon Aug 18 2014
Duration : 0h:00m:23s
Inactivity : 0h:00m:00s
VLAN Mapping : N/A VLAN : none
Audt Sess ID : c0a801fa0000100053f1c075
Security Grp : none
Asa5505# sh vpn-sessiondb webvpn
Session Type: WebVPN
Username : manintra Index : 2
Public IP : 172.16.0.3
Protocol : Clientless
License : AnyConnect Premium
Encryption : Clientless: (1)RC4 Hashing : Clientless: (1)SHA1
Bytes Tx : 238914 Bytes Rx : 10736
Group Policy : SSLPolicy Tunnel Group : DefaultWEBVPNGroup
Login Time : 11:01:02 CEDT Mon Aug 18 2014
Duration : 0h:00m:05s
Inactivity : 0h:00m:00s
VLAN Mapping : N/A VLAN : none
Audt Sess ID : c0a801fa0000200053f1c0ce
Security Grp : none
As you can see, it seems like the policies are assigned correctly by radius attribute Group-Policy. However, for example you'll notice no vlan mapping, even if I have declared them explicit in group policies themselves. This is the webvpn section of the CLI script I used to setup remote access.
! ADDRESS POOLS AND NAT
names
ip local pool AnyConnect_Pool 192.168.10.1-192.168.10.20 mask 255.255.255.0
object network NETWORK_OBJ_192.168.10.0_27
subnet 192.168.10.0 255.255.255.224
access-list Split_Tunnel_Anyconnect standard permit 192.168.1.0 255.255.255.0
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.10.0_27 NETWORK_OBJ_192.168.10.0_27 no-proxy-arp route-lookup
! RADIUS SETUP
aaa-server OpenOTP protocol radius
aaa-server OpenOTP (inside) host 192.168.1.8
key ******
authentication-port 1812
accounting-port 1814
radius-common-pw ******
acl-netmask-convert auto-detect
webvpn
port 10443
enable outside
dtls port 10443
anyconnect image disk0:/anyconnect-win-3.1.05170-k9.pkg 1
anyconnect profiles AnyConnect_Profile_client_profile disk0:/AnyConnect_Profile_client_profile.xml
anyconnect enable
! LOCAL POLICIES
group-policy SSLPolicy internal
group-policy SSLPolicy attributes
vpn-tunnel-protocol ssl-clientless
vlan 3
dns-server value 10.5.1.5
default-domain value management.local
webvpn
url-list value Management_List
group-policy RemoteAC internal
group-policy RemoteAC attributes
vpn-tunnel-protocol ikev2 ssl-client
vlan 1
address-pools value AnyConnect_Pool
dns-server value 192.168.1.4
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split_Tunnel_Anyconnect
default-domain value home.local
webvpn
anyconnect profiles value AnyConnect_Profile_client_profile type user
group-policy SSLLockdown internal
group-policy SSLLockdown attributes
vpn-simultaneous-logins 0
! DEFAULT TUNNEL
tunnel-group DefaultRAGroup general-attributes
authentication-server-group OpenOTP
tunnel-group DefaultWEBVPNGroup general-attributes
authentication-server-group OpenOTP
tunnel-group VPN_Tunnel type remote-access
tunnel-group VPN_Tunnel general-attributes
authentication-server-group OpenOTP
default-group-policy SSLLockdown
!END
I had to set up DefaultWEBVPNGroup and RAGroup that way otherwise I couldn't authenticate using radius (login failed every time). Seems like in ASDM the VPN_Tunnel isn't assigned to AnyConnect nor to Clientless VPN client profiles. Do I have to disable both default tunnel groups and set VPN_Tunnel as default on both connections in ASDM ? I know I'm doing something wrong but I can't see where the problem is. I'm struggling since may the 2nd on this, and I really need to finish setting this up ASAP!!!!
Any help will be more than appreciated.
Cesare GiulianiOk, it makes sense.
Last question then I'll try and report any success / failure. In this Cisco webpage, http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/ref_extserver.html#wp1661512 there's a list of supported radius attributes. Actually I'm using number 25 Group-Policy, in order to get the correct group policy assigned to users. I see, in that list an attribute 146 Tunnel-Group-Name. Will it work out for the purpose you explained in the previous post ? I mean, if I set up two tunnel groups instead of 1, 1 for anyconnect with its own alias and its own url, and 1 for SSL VPN again with its own alias and url, do you think that using that attribute will place my users logging in into the correct tunnel group ?
Thank you again for your precious and kind help, and for your patience as well!
Cesare Giuliani -
Our Bank's core processor has rewritten their product to run in a web browser. Their browser of choice is Firefox 3.6. The specifications from our core processor specify specific security and settings parameters that must be adhered to by all users for their product to run properly. Is there a way to globally configure these settings via the registry or group policies to insure everyone who logs in to a given workstation opens Firefox with the same settings? Thank you for any assistance you can provide - Steve Gish, First Bank Kansas.
== User Agent ==
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)You can try:
*http://kb.mozillazine.org/Locking_preferences -
Office 2013 group policies - not working
I'm using Office 2013 Pro Plus SP1 (volume license) on a Windows 7 Pro machine [both are 32 bit]. While I have Server 2003, it's configured to work with Windows 7 and Office 2013 Group Policy templates. I use RSAT on a Win 7 computer to
create/manage the Group Policies.
Since we're not using Office 365, I'm trying to block some of those features, as well as disabling the Office Start screens.
Thinking that SP1 might be the problem, I downloaded the group policy templates for SP1 and copied them to the server.
If I create a policy (Office_2013_settings), with a few settings, like "Block singing into Office". In Group Policy, I disabled the Computer Configuration, leaving the User Configuration enabled. If I force group policy on the target
computer and look at RSOP, I see the computer configuration settings disabled, but nothing for the user configuration, although it's enabled in the policy.
If I put a junk policy entry on the computer configuration and enable both policies on the backend, force group policy on the computer, and look at RSOP, under computer configuration, I see the Office_2013_settings policy, but the policy still doesn't appear
in the user configuration. If I scroll to the bottom of the file, where I can see other Administrative templates and their settings, my Office_2013_settings aren't visible.I have created a group policy with a few settings, and applied to my own computer. It seems to be very nice to me. Please first check the apply status on the client site based on the GPSVC.log
Thinking the issue might be on the way how you create/manage the Group Policies on Windows Server side. Please check the model of how you deploy your group policy, on a domain or OU level? Loopback Merge or Replace? This might affect whether the user
would receive all settings from GPO applied to User or Computer. This article might be useful to you:
http://blogs.technet.com/b/askds/archive/2013/02/08/circle-back-to-loopback.aspx
This might be an issue on Windows server side, you may need to post your question to below forum to get more suggestions:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=windowsserver -
Office 365 Group Policies question
We initially deployed Office 365 with updates turned off so about half of our users have an old version of Office 365. We want to now manage the updates using the new group policies for O365. I read this statement ...In
order for these four new policy settings to work, you will need to have at least the April 2014 build of Office 2013 Click-to-Run (Build 15.0.4605.1003) and download the latest Administrative templates files (ADMX/ADML).
Does this mean that the version on the PC has to have at least the April 2014 build to use the policies? If that's true how would I go about updating the users who have automatic updates turned off. there are a couple of thousand users.Does this mean that the version on the PC has to have at least the April 2014 build to use the policies? If that's true how would I go about updating the users who have automatic updates turned off. there are a couple of thousand users.
Yes.
Depending on how you deployed/deploy Office365ProPlus, and, the tools/techniques available to you in your environment, there are some options.
a) re-deploy Office365ProPlus to the computers. Use the latest build version.
b) check the relevant registry settings, and if correction is needed, deploy the correct registry settings.
These articles may help you to determine which of the multiple scenarios you have to deal with:
http://community.office365.com/en-us/f/156/t/220142.aspx
http://blogs.msdn.com/b/modonovan/archive/2014/04/09/office-365-pro-plus-fails-to-update-or-fails-with-error-code-30088-27.aspx
http://social.technet.microsoft.com/Forums/office/en-US/4369357e-5de9-4755-8f2c-33ae948b14fb/manually-triggering-updates-in-office-2013?forum=officeitpro
http://blogs.technet.com/b/office_resource_kit/archive/2013/06/17/automating-quick-repairs-in-office-365-proplus.aspx
http://blogs.technet.com/b/odsupport/archive/2014/03/03/the-new-update-now-feature-for-office-2013-click-to-run-for-office365-and-its-associated-command-line-and-switches.aspx
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
SSL Multiple Tunnel Groups with Multiple group policies
Hello folks.
Have a query and cant seem to find an answer on the web.
I have configured SSL Clientless VPN on a lab ASA5510, using 2 tunnel groups, one for enginneers and one for staff, mapped to 2 different group policies, each with different customisation. I have mapped the AD groups to the tunnel groups using both ACS and now LDAP (currently in use), both working successfully, using group lock and LDAP map of IETF-Radius-Class to Group name ensures engineers get assigned to the engineers tunnel group and staff get mapped to the staff tunnel group only.
The question i have is....is there a way to use a single tunnel group to map the user based on AD group which will then use the correct Group-policy (1 tunnel group to multiple group-polciies). I have seen examples of doing this with different URLs but want to know if they can all use the same URL and avoid using the drop down list using aliases.
It may be a simple "No" but it would be nice to know how to do it without using the URLs or drop down list. Users are easily confused ......Easy. Disable the drop-down list, and use the authentication-server (LDAP or Radius) in the DefaultWEBVPNGroup. By default when you browse to the ASA, it will be using the DefaultWEBVPNGroup. Let LDAP or Radius take care of the rest.
You will get the functionality you are looking for.
HTH
PS. If this post was helpful, please rate it. -
Group policies not working in one lab.
G'day
I've got a situation at my school where group policies are not having any
effect on the PCs - but only in one of the 3 computer labs.
I've run through the steps of most of the troubleshooting documents I could
find but they haven't really helped.
to summarise...
If I delete the group policy folders from the system32 folder, then log in,
new copies are brought down OK.
If I force an update by executing secedit /refreshpolicy user_policy
/enforce the changes (proxy restrictions mostly) take effect
The policy IS correctly associated with the users and shows in the
Workstation manager as having been executed.
I'm at a loss.
I was wondering if anyone could have a look at the debug log
file I generated and give me some idea what's happening.
Thanks.
Paul Pofandt
IT Manager
St James College
Brisbane
WMHelperInitialization (Sep 22 2003) called! Flags: 0x4002. Event: 0x4000.
Impersonation: 0x2
Opened Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Exiting WMHelperInitialization. Returning flags: 0x204
WMHelperSystemEntryEx called!
Computer Object : CN=00:0D:60:40:D8:B7.OU=WORKSTATIONS.O=STJ
User Object : CN=admin.O=STJ
Entry Flags : 0x4200
Event Flags : 0x4000
DN is Typed convert it to TYPELESS
No user logged in.
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Reading User Logged In from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value User Logged In: 0x0 in key Software\Novell\Workstation
Manager\Group Policies
Detected user logout. Running GPCleanup.
Cleaning up user settings.
Entering GPCleanup
Reading Group Policy Machine Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Status not found. Assuming 0
GPStatus reg key not found. Assuming 0
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
Reg key Group Policy Machine Flags not found. Assuming 0
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000060 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Flags: 0x80000060
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0xc100c0 in key Software\Novell\Workstation
Manager\Group Policies
Entered GPDel
Deleting C:\WINNT\System32\GroupPolicy\User
Deleting C:\WINNT\System32\GroupPolicy\Machine
Exiting GPDel 0
Restoring original GP as base.
Entered GPCopy(C:\WINNT\System32\GroupPolicy.WMOriginal,
C:\WINNT\System32\GroupPolicy, 0, handle, 0x70)
Copied C:\WINNT\System32\GroupPolicy.WMOriginal\GPT.ini to
C:\WINNT\System32\GroupPolicy\GPT.ini
Copied file
C:\WINNT\System32\GroupPolicy.WMOriginal\Machine\M icrosoft\Windows
NT\SecEdit\GptTmpl.inf to
C:\WINNT\System32\GroupPolicy\Machine\Microsoft\Wi ndows
NT\SecEdit\GptTmpl.inf
Copied file
C:\WINNT\System32\GroupPolicy.WMOriginal\Machine\M icrosoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINNT\System32\GroupPolicy\Machine\Microsoft\Wi ndows NT\SecEdit\IPS1.dat
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Exiting GPCopy 0x0
Entered AppendPolicy C:\WINNT\System32\GroupPolicy\Machine\Registry.pol
Error 0x2 opening file C:\WINNT\System32\GroupPolicy\Machine\Registry.pol
File does not exist. Nonfatal error.
Exiting AppendPolicy C:\WINNT\System32\GroupPolicy\Machine\Registry.pol 0x0
Entered AppendPolicy C:\WINNT\System32\GroupPolicy\User\Registry.pol
Error 0x2 opening file C:\WINNT\System32\GroupPolicy\User\Registry.pol
File does not exist. Nonfatal error.
Exiting AppendPolicy C:\WINNT\System32\GroupPolicy\User\Registry.pol 0x0
Error 3 calling
GetFileAttributes(C:\WINNT\System32\GroupPolicy.Wk sCache\Machine\Registry.po
l)
Error 3 calling
GetFileAttributes(C:\WINNT\System32\GroupPolicy.Wk sCache\User\Registry.pol)
No workstation cache. Skipping overlay of computer policies...
Entered writeData. File: C:\WINNT\System32\GroupPolicy\Machine\Registry.pol
No data.
Exiting writeData 0x0
Entered writeData. File: C:\WINNT\System32\GroupPolicy\User\Registry.pol
No data.
Exiting writeData 0x0
Entered AppendSecuritySettings
Inf path: C:\WINNT\System32\GroupPolicy\Machine\Microsoft\Wi ndows
NT\SecEdit\GptTmpl.inf
Dispatching SECEDIT.EXE /configure /DB ZENDB /CFG
"C:\WINNT\System32\GroupPolicy\Machine\Microsoft\W indows
NT\SecEdit\GptTmpl.inf" /log c:\GPSecApp.log.
LoadHive entered
LoadHive exit : 0
Exiting AppendSecuritySettings 0x0
LoadHive entered
LoadHive exit : 2
Error 2 loading ipsec settings 1.
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x3000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Signalling OS to refresh policies
RegQueryValueEx returned 2
Policies are set to apply asynchronously
Policies will be processed asynchronously
Entered SetGptVersion(0x0, TRUE).
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0xc100c0 in key Software\Novell\Workstation
Manager\Group Policies
Read file C:\WINNT\System32\GroupPolicy\GPT.ini
Found version 0xb800b7 in gpt.ini
Using version: 0xc100c0
Saving GPT version: 0xc200c1
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0xc200c1 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting SetGptVersion 0x0.
Applied Computer Policy.
Applied User Policy.
Exiting GPCleanup 0x0
Entered RemoveCleanup.
Loaded wmschapi.dll
Calling WMRemoveAction
Finished Calling WMRemoveAction(WMGRPPOL cleanup action, FALSE). Returned
0x0
Exiting RemoveCleanup 0x0
Apply computer policies releasing mutex.
Exiting WMHelperSystemEntryEx ccode: 0x0
Closing log file.
WMHelperInitialization (Sep 22 2003) called! Flags: 0x0. Event: 0x0.
Impersonation: 0x0
Opened Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Exiting WMHelperInitialization. Returning flags: 0x11
Entering WMHelperInteractiveUserEntry!
szFullDN = CN=test2006.OU=2006.OU=STUDENTS.O=STJ
DN is Typed convert it to TYPELESS
g_szUserDN = test2006.2006.STUDENTS.STJ
GinaGetUsersSIDInTextualForm ENTERED
Textual SID : S-1-5-21-1908370602-1493435055-278805897-1055
GinaGetUsersSIDInTextualForm EXIT : 0
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Entered CheckForObsoleteWksCache .
No workstation. Exiting CheckForObsoleteWksCache
Applying user policies
Reading Don't reparse from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value Don't reparse: 0x0 in key Software\Novell\Workstation
Manager\Group Policies
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Entering ApplyPolicies
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000060 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Flags: 0x80000060
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Impersonating logged on user.
Context : OU=2006.OU=STUDENTS.O=STJ
Full Object DN CN=test2006.OU=2006.OU=STUDENTS.O=STJ
Calling WMGetAllAssociatedObjects(FALSE, MANGO, 1,
CN=test2006.OU=2006.OU=STUDENTS.O=STJ, WINNT Workstation Package,
zenwmGroupPolicy, 512, pBuffer)
Reverting to system impersonation.
Found DN CN=Student User Package:Windows Group Policy.O=STJ
WMCheckIfGroupPolicyObjectsChanged entered
Impersonating logged on user.
Reverting to system impersonation.
Group Policy object has changed!
Exiting WMCheckIfGroupPolicyObjectsChanged 0x0
Entered ScheduleCleanup.
Loaded wmschapi.dll
Calling WMScheduleAction
Finished Calling WMScheduleAction. Returned 0x0
Exiting ScheduleCleanup 0x0
Entered BackupOriginalGP.
Exiting BackupOriginalGP 0x0
Entering ApplyGroupPolicy.
Entered GPDel
Deleting C:\WINNT\System32\GroupPolicy.UserCache\User
Deleting C:\WINNT\System32\GroupPolicy.UserCache\Machine
Exiting GPDel 0
Entered GPCopy(C:\WINNT\System32\GroupPolicy.WMOriginal,
C:\WINNT\System32\GroupPolicy.UserCache, 0, handle, 0x70)
Copied C:\WINNT\System32\GroupPolicy.WMOriginal\GPT.ini to
C:\WINNT\System32\GroupPolicy.UserCache\GPT.ini
Copied file
C:\WINNT\System32\GroupPolicy.WMOriginal\Machine\M icrosoft\Windows
NT\SecEdit\GptTmpl.inf to
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\GptTmpl.inf
Copied file
C:\WINNT\System32\GroupPolicy.WMOriginal\Machine\M icrosoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\IPS1.dat
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Exiting GPCopy 0x0
Entered AppendPolicy
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Re gistry.pol
Error 0x2 opening file
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Re gistry.pol
File does not exist. Nonfatal error.
Exiting AppendPolicy
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Re gistry.pol 0x0
Entered AppendPolicy
C:\WINNT\System32\GroupPolicy.UserCache\User\Regis try.pol
Error 0x2 opening file
C:\WINNT\System32\GroupPolicy.UserCache\User\Regis try.pol
File does not exist. Nonfatal error.
Exiting AppendPolicy
C:\WINNT\System32\GroupPolicy.UserCache\User\Regis try.pol 0x0
Entered MergeGptFile(C:\WINNT\System32\GroupPolicy.UserCac he, 0x30)
g_dwVersion: 0x0.
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0xc200c1 in key Software\Novell\Workstation
Manager\Group Policies
Found user extensions...
Exiting MergeGptFile 0x0
Processing CN=Student User Package:Windows Group Policy.O=STJ
Impersonating logged on user.
Flags: 0x80000060
Check for old settings: 0x60
Reverting to system.
Writing Group Policy User Flags to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x80000060 to Group Policy User Flags in key
Software\Novell\Workstation Manager\Group Policies
Entered GPCopy(\\THOR\sys\public\Policies_stu,
C:\WINNT\System32\GroupPolicy.UserCache, 1, handle, 0x80000060)
Granted temp acess to C:\WINNT\System32\GroupPolicy.UserCache\GPT.ini
Copied \\THOR\sys\public\Policies_stu\GPT.ini to
C:\WINNT\System32\GroupPolicy.UserCache\GPT.ini
Reverting to system.
Restored security on C:\WINNT\System32\GroupPolicy.UserCache\GPT.ini
Granted temp acess to C:\WINNT\System32\GroupPolicy.UserCache\User
Copied file \\THOR\sys\public\Policies_stu\User\Registry.pol to
C:\WINNT\System32\GroupPolicy.UserCache\User\Regis try.pol
Granted temp acess to C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT
Granted temp acess to
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK
Copied file \\THOR\sys\public\Policies_stu\User\MICROSOFT\IEAK \install.ins
to C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK\install.ins
Granted temp acess to
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK\BRANDING
Granted temp acess to
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK\BRANDING\favs
Restored security on
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK\BRANDING\favs
Restored security on
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK\BRANDING
Granted temp acess to
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK\LOCK
Restored security on
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK\LOCK
Restored security on
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK
Restored security on C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT
Granted temp acess to C:\WINNT\System32\GroupPolicy.UserCache\User\Scrip ts
Granted temp acess to
C:\WINNT\System32\GroupPolicy.UserCache\User\Scrip ts\Logoff
Restored security on
C:\WINNT\System32\GroupPolicy.UserCache\User\Scrip ts\Logoff
Granted temp acess to
C:\WINNT\System32\GroupPolicy.UserCache\User\Scrip ts\Logon
Restored security on
C:\WINNT\System32\GroupPolicy.UserCache\User\Scrip ts\Logon
Restored security on C:\WINNT\System32\GroupPolicy.UserCache\User\Scrip ts
Restored security on C:\WINNT\System32\GroupPolicy.UserCache\User
GP_FLAG_APPLY_COMP_SETTINGS (0x10), not set. Will not copy machine folder
Copying security file
Granted temp acess to
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows NT\SecEdit
Copied file \\THOR\sys\public\Policies_stu\Machine\Microsoft\W indows
NT\SecEdit\GptTmpl.inf to
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\GptTmpl.inf
Copied file \\THOR\sys\public\Policies_stu\Machine\Microsoft\W indows
NT\SecEdit\IPS1.dat to
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\IPS1.dat
Copied file \\THOR\sys\public\Policies_stu\Machine\Microsoft\W indows
NT\SecEdit\IPS2.dat to
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\IPS2.dat
Copied file \\THOR\sys\public\Policies_stu\Machine\Microsoft\W indows
NT\SecEdit\IPS3.dat to
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\IPS3.dat
Restored security on
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows NT\SecEdit
Exiting GPCopy 0x0
Entered MergeGptFile(C:\WINNT\System32\GroupPolicy.UserCac he, 0x80000060)
g_dwVersion: 0xc200c1.
Found user extensions...
Exiting MergeGptFile 0x0
Applying user settings.
Entered AppendPolicy
C:\WINNT\System32\GroupPolicy.UserCache\User\Regis try.pol
Entered parseRegFile
Val: 'NoChangingWallPaper'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \ActiveDesktop\NoChangingW
allPaper
Val: 'NoHardwareTab'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoHardwareTab
Val: 'NoWindowsUpdate'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoWindowsUpdate
Val: 'NoNetworkConnections'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoNetworkConnect
ions
Val: 'ForceStartMenuLogOff'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\ForceStartMenuLo
gOff
Val: 'ClearRecentDocsOnExit'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\ClearRecentDocsO
nExit
Val: 'Intellimenus'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\Intellimenus
Val: 'NoSaveSettings'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSaveSettings
Val: 'NoMovingBands'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoMovingBands
Val: 'NoRecentDocsNetHood'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoRecentDocsNetH
ood
Val: 'NoCloseDragDropBands'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoCloseDragDropB
ands
Val: 'NoActiveDesktop'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoActiveDesktop
Val: 'NoControlPanel'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoControlPanel
Val: 'NoDeletePrinter'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoDeletePrinter
Val: '**del.NoAddPrinter'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoAddPrinter
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoAddPrint
er
Val: '**del.DisablePersonalDirChange'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
DisablePersonalDirChange
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.DisablePer
sonalDirChange
Val: 'DisallowRun'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun
Val: '**delvals.'
Trying to delete values under key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\**de
lvals.
Val: '1'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\1
Val: '2'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\2
Val: '3'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\3
Val: '4'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\4
Val: '5'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\5
Val: '6'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\6
Val: '7'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\7
Val: '8'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\8
Val: 'DisableRegistryTools'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\DisableRegistryToo
ls
Val: 'DisableTaskMgr'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\DisableTaskMgr
Val: '**del.DisableLockWorkstation'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \System, val:
DisableLockWorkstation
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\**del.DisableLockW
orkstation
Val: 'NoAddRemovePrograms'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddRemoveProg
rams
Val: 'NoRemovePage'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoRemovePage
Val: 'NoAddPage'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddPage
Val: 'NoWindowsSetupPage'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoWindowsSetupP
age
Val: 'NoAddFromCDorFloppy'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddFromCDorFl
oppy
Val: 'NoAddFromInternet'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddFromIntern
et
Val: 'NoAddFromNetwork'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddFromNetwor
k
Val: 'DisableWindowsUpdateAccess'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \WindowsUpdate\DisableWind
owsUpdateAccess
Val: 'NoChat'
Added: Software\Policies\Microsoft\Conferencing\NoChat
Val: 'NoSharing'
Added: Software\Policies\Microsoft\Conferencing\NoSharing
Val: 'NoSharingDesktop'
Added: Software\Policies\Microsoft\Conferencing\NoSharing Desktop
Val: 'NoSharingDosWindows'
Added: Software\Policies\Microsoft\Conferencing\NoSharing DosWindows
Val: 'NoSharingExplorer'
Added: Software\Policies\Microsoft\Conferencing\NoSharing Explorer
Val: 'NoAllowControl'
Added: Software\Policies\Microsoft\Conferencing\NoAllowCo ntrol
Val: 'NoTrueColorSharing'
Added: Software\Policies\Microsoft\Conferencing\NoTrueCol orSharing
Val: 'NoAppSharing'
Added: Software\Policies\Microsoft\Conferencing\NoAppShar ing
Val: 'NoGeneralPage'
Added: Software\Policies\Microsoft\Conferencing\NoGeneral Page
Val: 'NoAdvancedCalling'
Added: Software\Policies\Microsoft\Conferencing\NoAdvance dCalling
Val: 'NoSecurityPage'
Added: Software\Policies\Microsoft\Conferencing\NoSecurit yPage
Val: 'NoAudioPage'
Added: Software\Policies\Microsoft\Conferencing\NoAudioPa ge
Val: 'NoVideoPage'
Added: Software\Policies\Microsoft\Conferencing\NoVideoPa ge
Val: 'Advanced'
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Advanced
Val: 'HomePage'
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage
Val: 'Cache'
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Cache
Val: 'Connwiz Admin Lock'
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Connwiz
Admin Lock
Val: 'Connection Settings'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\Connection Settings
Val: 'Proxy'
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Proxy
Val: 'Autoconfig'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\Autoconfig
Val: 'Profiles'
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Profiles
Val: 'Certificates'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\Certificates
Val: 'Ratings'
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Ratings
Val: 'FormSuggest Passwords'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\FormSuggest Passwords
Val: 'Messaging'
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Messaging
Val: 'CalendarContact'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\CalendarContact
Val: 'ContentTab'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\ContentTab
Val: 'ConnectionsTab'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\ConnectionsTab
Val: 'ProgramsTab'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\ProgramsTab
Val: 'AdvancedTab'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\AdvancedTab
Val: 'RestrictAuthorMode'
Added: Software\Policies\Microsoft\MMC\RestrictAuthorMode
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{011BE22D-E453-11D1-945A-00C04FB984F9}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{1AA7F839-C7F5-11D0-A376-00C04FC9DA04}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{3CB6973D-3E6F-11D0-95DB-00A024D77700}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{53D6AB1D-2488-11D1-A28C-00C04FB94F17}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{58221C65-EA27-11CF-ADCF-00AA00A80033}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{58221C66-EA27-11CF-ADCF-00AA00A80033}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{58221C67-EA27-11CF-ADCF-00AA00A80033}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{5ADF5BF6-E452-11D1-945A-00C04FB984F9}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{5C659257-E236-11D2-8899-00104B2AFB46}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{5D6179C8-17EC-11D1-9AA9-00C04FD8FE93}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{677A2D94-28D9-11D1-A95B-008048918FB1}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{7478EF61-8C46-11d1-8D99-00A0C913CAD4}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{753EDB4D-2E1B-11D1-9064-00A0C90AB504}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{8EAD3A12-B2C1-11d0-83AA-00A0C92C9D5D}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{8F8F8DC0-5713-11D1-9551-0060B0576642}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{90087284-d6d6-11d0-8353-00a0c90640bf}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{95AD72F0-44CE-11D0-AE29-00AA004B9986}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{A841B6C2-7577-11D0-BB1F-00A0C922E79C}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{B91B6008-32D2-11D2-9888-00A0C925F917}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{C9BC92DF-5B9A-11D1-8F00-00C04FC2C17B}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{D967F824-9968-11D0-B936-00C04FD8D5B0}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{DEA8AFA0-CC85-11d0-9CE2-0080C7221EBD}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{E26D02A0-4C1F-11D1-9AA1-00C04FC3357A}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{E355E538-1C2E-11D0-8C37-00C04FD8FE93}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{EBC53A38-A23F-11D0-B09B-00C04FD8DCA6}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{FD57D297-4FD9-11D1-854E-00C04FC31FD3}\Restr
ict_Run
Val: '{D6526FE0-E651-11CF-99CB-00C04FD64497}'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\AllowedControls\{D6526FE0-E651-11CF-99CB-00C04FD64497}
Val: 'NoConfigCache'
Added: Software\Policies\Microsoft\Windows\NetCache\NoCon figCache
Val: 'NoMakeAvailableOffline'
Added: Software\Policies\Microsoft\Windows\NetCache\NoMak eAvailableOffline
Val: 'NoCacheViewer'
Added: Software\Policies\Microsoft\Windows\NetCache\NoCac heViewer
Val: 'NC_RasConnect'
Added: Software\Policies\Microsoft\Windows\Network Connections\NC_RasConnect
Val: 'NC_LanConnect'
Added: Software\Policies\Microsoft\Windows\Network Connections\NC_LanConnect
Val: 'NC_LanProperties'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_LanProperties
Val: 'NC_RasMyProperties'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RasMyProperties
Val: 'NC_RasAllUserProperties'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RasAllUserProperties
Val: 'NC_RenameConnection'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RenameConnection
Val: 'NC_RenameMyRasConnection'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RenameMyRasConnection
Val: 'NC_AddRemoveComponents'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_AddRemoveComponents
Val: 'NC_ChangeBindState'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_ChangeBindState
Val: 'NC_LanChangeProperties'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_LanChangeProperties
Val: 'NC_RasChangeProperties'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RasChangeProperties
Val: 'NC_NewConnectionWizard'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_NewConnectionWizard
Val: 'NC_DialupPrefs'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_DialupPrefs
Val: 'NC_AdvancedSettings'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_AdvancedSettings
Val: 'NC_ShowSharedAccessUI'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_ShowSharedAccessUI
Val: 'NC_AllowAdvancedTCPIPConfig'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_AllowAdvancedTCPIPConfig
Val: 'DisableCMD'
Added: Software\Policies\Microsoft\Windows\System\Disable CMD
Exiting parseRegFile
Exiting AppendPolicy
C:\WINNT\System32\GroupPolicy.UserCache\User\Regis try.pol 0x0
Reverting to system impersonation.
Entered writeData. File:
C:\WINNT\System32\GroupPolicy.UserCache\User\Regis try.pol
Exiting writeData 0x0
Entered writeData. File:
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Re gistry.pol
No data.
Exiting writeData 0x0
Entered GenerateGptFile(C:\WINNT\System32\GroupPolicy.User Cache)
g_dwVersion: 0xc200c1.
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0xc200c1 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting GenerateGptFile 0x0
Reading workstation cache
Entered MergeGptFile(C:\WINNT\System32\GroupPolicy.WksCach e, 0x30)
g_dwVersion: 0xc200c1.
Exiting MergeGptFile 0x0
Entered AppendPolicy
C:\WINNT\System32\GroupPolicy.WksCache\User\Regist ry.pol
Error 0x3 opening file
C:\WINNT\System32\GroupPolicy.WksCache\User\Regist ry.pol
File does not exist. Nonfatal error.
Exiting AppendPolicy
C:\WINNT\System32\GroupPolicy.WksCache\User\Regist ry.pol 0x0
Entered AppendPolicy
C:\WINNT\System32\GroupPolicy.WksCache\Machine\Reg istry.pol
Error 0x3 opening file
C:\WINNT\System32\GroupPolicy.WksCache\Machine\Reg istry.pol
File does not exist. Nonfatal error.
Exiting AppendPolicy
C:\WINNT\System32\GroupPolicy.WksCache\Machine\Reg istry.pol 0x0
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
Workstation flags: 0x0
Entered MergeAndSavePolicies(0x0, C:\WINNT\System32\GroupPolicy.UserCache)
Applying workstation, then user policies
Entered MemAppendPolicy
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \ActiveDesktop\NoChangingW
allPaper
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoHardwareTab
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoWindowsUpdate
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoNetworkConnect
ions
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\ForceStartMenuLo
gOff
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\ClearRecentDocsO
nExit
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\Intellimenus
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSaveSettings
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoMovingBands
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoRecentDocsNetH
ood
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoCloseDragDropB
ands
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoActiveDesktop
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoControlPanel
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoDeletePrinter
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoAddPrinter
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoAddPrint
er
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
DisablePersonalDirChange
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.DisablePer
sonalDirChange
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun
Trying to delete values under key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\**de
lvals.
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\1
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\2
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\3
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\4
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\5
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\6
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\7
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\8
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\DisableRegistryToo
ls
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\DisableTaskMgr
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \System, val:
DisableLockWorkstation
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\**del.DisableLockW
orkstation
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddRemoveProg
rams
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoRemovePage
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddPage
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoWindowsSetupP
age
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddFromCDorFl
oppy
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddFromIntern
et
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddFromNetwor
k
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \WindowsUpdate\DisableWind
owsUpdateAccess
Added: Software\Policies\Microsoft\Conferencing\NoChat
Added: Software\Policies\Microsoft\Conferencing\NoSharing
Added: Software\Policies\Microsoft\Conferencing\NoSharing Desktop
Added: Software\Policies\Microsoft\Conferencing\NoSharing DosWindows
Added: Software\Policies\Microsoft\Conferencing\NoSharing Explorer
Added: Software\Policies\Microsoft\Conferencing\NoAllowCo ntrol
Added: Software\Policies\Microsoft\Conferencing\NoTrueCol orSharing
Added: Software\Policies\Microsoft\Conferencing\NoAppShar ing
Added: Software\Policies\Microsoft\Conferencing\NoGeneral Page
Added: Software\Policies\Microsoft\Conferencing\NoAdvance dCalling
Added: Software\Policies\Microsoft\Conferencing\NoSecurit yPage
Added: Software\Policies\Microsoft\Conferencing\NoAudioPa ge
Added: Software\Policies\Microsoft\Conferencing\NoVideoPa ge
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Advanced
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Cache
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Connwiz
Admin Lock
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\Connection Settings
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Proxy
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\Autoconfig
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Profiles
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\Certificates
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Ratings
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\FormSuggest Passwords
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Messaging
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\CalendarContact
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\ContentTab
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\ConnectionsTab
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\ProgramsTab
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\AdvancedTab
Added: Software\Policies\Microsoft\MMC\RestrictAuthorMode
Added:
Software\Policies\Microsoft\MMC\{011BE22D-E453-11D1-945A-00C04FB984F9}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{1AA7F839-C7F5-11D0-A376-00C04FC9DA04}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{3CB6973D-3E6F-11D0-95DB-00A024D77700}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{53D6AB1D-2488-11D1-A28C-00C04FB94F17}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{58221C65-EA27-11CF-ADCF-00AA00A80033}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{58221C66-EA27-11CF-ADCF-00AA00A80033}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{58221C67-EA27-11CF-ADCF-00AA00A80033}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{5ADF5BF6-E452-11D1-945A-00C04FB984F9}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{5C659257-E236-11D2-8899-00104B2AFB46}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{5D6179C8-17EC-11D1-9AA9-00C04FD8FE93}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{677A2D94-28D9-11D1-A95B-008048918FB1}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{7478EF61-8C46-11d1-8D99-00A0C913CAD4}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{753EDB4D-2E1B-11D1-9064-00A0C90AB504}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{8EAD3A12-B2C1-11d0-83AA-00A0C92C9D5D}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{8F8F8DC0-5713-11D1-9551-0060B0576642}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{90087284-d6d6-11d0-8353-00a0c90640bf}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{95AD72F0-44CE-11D0-AE29-00AA004B9986}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{A841B6C2-7577-11D0-BB1F-00A0C922E79C}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{B91B6008-32D2-11D2-9888-00A0C925F917}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{C9BC92DF-5B9A-11D1-8F00-00C04FC2C17B}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{D967F824-9968-11D0-B936-00C04FD8D5B0}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{DEA8AFA0-CC85-11d0-9CE2-0080C7221EBD}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{E26D02A0-4C1F-11D1-9AA1-00C04FC3357A}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{E355E538-1C2E-11D0-8C37-00C04FD8FE93}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{EBC53A38-A23F-11D0-B09B-00C04FD8DCA6}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{FD57D297-4FD9-11D1-854E-00C04FC31FD3}\Restr
ict_Run
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\AllowedControls\{D6526FE0-E651-11CF-99CB-00C04FD64497}
Added: Software\Policies\Microsoft\Windows\NetCache\NoCon figCache
Added: Software\Policies\Microsoft\Windows\NetCache\NoMak eAvailableOffline
Added: Software\Policies\Microsoft\Windows\NetCache\NoCac heViewer
Added: Software\Policies\Microsoft\Windows\Network Connections\NC_RasConnect
Added: Software\Policies\Microsoft\Windows\Network Connections\NC_LanConnect
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_LanProperties
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RasMyProperties
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RasAllUserProperties
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RenameConnection
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RenameMyRasConnection
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_AddRemoveComponents
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_ChangeBindState
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_LanChangeProperties
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RasChangeProperties
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_NewConnectionWizard
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_DialupPrefs
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_AdvancedSettings
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_ShowSharedAccessUI
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_AllowAdvancedTCPIPConfig
Added: Software\Policies\Microsoft\Windows\System\Disable CMD
Exiting MemAppendPolicy
Entered MemAppendPolicy
Nothing to append.
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
Entered GPCopy(C:\WINNT\System32\GroupPolicy.WksCache,
C:\WINNT\System32\GroupPolicy, 0, handle, 0x0)
Error 3 copying C:\WINNT\System32\GroupPolicy.WksCache\GPT.ini to
C:\WINNT\System32\GroupPolicy\GPT.ini
GP_FLAG_APPLY_USER_SETTINGS (0x20), not set. Will not copy user folder
GP_FLAG_APPLY_COMP_SETTINGS (0x10), not set. Will not copy machine folder
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Error: no files copied.
Exiting GPCopy 0x2
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000060 in key
Software\Novell\Workstation Manager\Group Policies
Entered GPCopy(C:\WINNT\System32\GroupPolicy.UserCache,
C:\WINNT\System32\GroupPolicy, 0, handle, 0x80000060)
Copied C:\WINNT\System32\GroupPolicy.UserCache\GPT.ini to
C:\WINNT\System32\GroupPolicy\GPT.ini
Copied file
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK\install.ins to
C:\WINNT\System32\GroupPolicy\User\MICROSOFT\IEAK\ install.ins
Copied file C:\WINNT\System32\GroupPolicy.UserCache\User\Regis try.pol to
C:\WINNT\System32\GroupPolicy\User\Registry.pol
GP_FLAG_APPLY_COMP_SETTINGS (0x10), not set. Will not copy machine folder
Copying security file
Copied file
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\GptTmpl.inf to
C:\WINNT\System32\GroupPolicy\Machine\Microsoft\Wi ndows
NT\SecEdit\GptTmpl.inf
Copied file
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINNT\System32\GroupPolicy\Machine\Microsoft\Wi ndows NT\SecEdit\IPS1.dat
Copied file
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\IPS2.dat to
C:\WINNT\System32\GroupPolicy\Machine\Microsoft\Wi ndows NT\SecEdit\IPS2.dat
Copied file
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\IPS3.dat to
C:\WINNT\System32\GroupPolicy\Machine\Microsoft\Wi ndows NT\SecEdit\IPS3.dat
Exiting GPCopy 0x0
Entered writeData. File: C:\WINNT\System32\GroupPolicy\User\Registry.pol
Exiting writeData 0x0
Entered writeData. File: C:\WINNT\System32\GroupPolicy\Machine\Registry.pol
No data.
Exiting writeData 0x0
Exiting MergeAndSavePolicies 0x0
Entered GenerateGptFile(C:\WINNT\System32\GroupPolicy)
g_dwVersion: 0xc200c1.
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0xc200c1 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting GenerateGptFile 0x0
Exiting ApplyGroupPolicy 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x2000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Writing Group Policy User Flags to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x80000060 to Group Policy User Flags in key
Software\Novell\Workstation Manager\Group Policies
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x3000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Entered AppendSecuritySettings
Inf path: C:\WINNT\System32\GroupPolicy\Machine\Microsoft\Wi ndows
NT\SecEdit\GptTmpl.inf
Dispatching SECEDIT.EXE /configure /DB ZENDB /CFG
"C:\WINNT\System32\GroupPolicy\Machine\Microsoft\W indows
NT\SecEdit\GptTmpl.inf" /log c:\GPSecApp.log.
LoadHive entered
LoadHive exit : 0
Exiting AppendSecuritySettings 0x0
Signalling OS to refresh policies
RegQueryValueEx returned 2
Policies are set to apply asynchronously
Policies will be processed asynchronously
Entered SetGptVersion(0x0, TRUE).
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0xc200c1 in key Software\Novell\Workstation
Manager\Group Policies
Read file C:\WINNT\System32\GroupPolicy\GPT.ini
Found version 0xc200c1 in gpt.ini
Using version: 0xc200c1
Saving GPT version: 0xc300c2
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0xc300c2 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting SetGptVersion 0x0.
Applied Computer Policy.
Applied User Policy.
Exiting ApplyPolicies 0x0
Writing Last Run Time High to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1c4c14a to Last Run Time High in key
Software\Novell\Workstation Manager\Group Policies
Writing Last Run Time Low to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0xdd4dad14 to Last Run Time Low in key
Software\Novell\Workstation Manager\Group Policies
Apply user policies releasing mutex.
Exiting WMHelperInteractiveUserEntry ccode: 0x0
Closing log file.
WMHelperInitialization (Sep 22 2003) called! Flags: 0x2001. Event: 0x2000.
Impersonation: 0x1
Opened Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Exiting WMHelperInitialization. Returning flags: 0x11
Entering WMHelperInteractiveUserEntry!
szFullDN = CN=test2006.OU=2006.OU=STUDENTS.O=STJ
DN is Typed convert it to TYPELESS
g_szUserDN = test2006.2006.STUDENTS.STJ
GinaGetUsersSIDInTextualForm ENTERED
Textual SID : S-1-5-21-1908370602-1493435055-278805897-1055
GinaGetUsersSIDInTextualForm EXIT : 0
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Current time high: 0x1c4c14a
Reading Last Run Time High from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Last Run Time High: 0x1c4c14a in key
Software\Novell\Workstation Manager\Group Policies
Previous time high: 0x1c4c14a
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Entered CheckForObsoleteWksCache CN=00:0D:60:40:D8:B7.OU=WORKSTATIONS.O=STJ.
Full Object DN
CN=00:0D:60:40:D8:B7.OU=WORKSTATIONS.O=STJ.OU=2006 .OU=STUDENTS.O=STJ
Calling WMGetAllAssociatedObjects(FALSE, MANGO, 1,
CN=00:0D:60:40:D8:B7.OU=WORKSTATIONS.O=STJ.OU=2006 .OU=STUDENTS.O=STJ, WINNT
Workstation Package, zenwmGroupPolicy, 512, pBuffer)
WMGetAllAssociatedObject returned 103
No associated workstation policies. Deleting
C:\WINNT\System32\GroupPolicy.WksCache.
DeleteGPRegVal: Error 0x2 deleting Group Policy Machine Flags
DeleteGPRegVal: Error 0x2 deleting Group Policy Machine Status
Exiting CheckForObsoleteWksCache 103
Applying user policies
Reading Don't reparse from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value Don't reparse: 0x1 in key Software\Novell\Workstation
Manager\Group Policies
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Policy applied at predesktop. Skipping reapplication at user login.
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing Last Run Time High to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1c4c14a to Last Run Time High in key
Software\Novell\Workstation Manager\Group Policies
Writing Last Run Time Low to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0xe0da0d06 to Last Run Time Low in key
Software\Novell\Workstation Manager\Group Policies
Apply user policies releasing mutex.
Exiting WMHelperInteractiveUserEntry ccode: 0x0
Closing log file.Paul,
It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at http://support.novell.com in both the "free product support" and "paid product support" drop down boxes.
- You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
ZCM 11 Group Policies not applying to satellite servers
Hi there
We are running 2 Windows 2012 Primary Servers and a SQL 2012 Database server at our main site, all remote sites have SLES11 SP2/OES11 SP1 as satellite servers. We upgraded all servers last weekend to 11.3.1 and now have an issue with Group Policies applying to the satellites. The satellites are all set up the same with Authentication, Collection, Content and Imaging roles.
Since we upgraded Group Policies are (99% of the time) not applying on satellite sites. I have tried manually replicating content (I assume policies will come from content replication?) to the satellites - I've done this with a zac cdp replicate and zac cvc and everything seems to replicate over however I tried highlighting a satellite server and clicking on Action, Specify Content - select the Policy that is not applying and move it into the selected Content to update column and when I click finish I get the error "The Wizard cannot continue for the following reason(s): Unable to complete your request for the following reason: Error updating content"
On a managed device at the satellite site if you look at the properties of the Zenworks agent and click on Policies it has applied 4 device assigned policies successfully - Remote Management, Power Management, Application Launcher Config and Application Control Policy, also has successfully applied 3 out of the 4 User Assigned Policies - Mandatory Profile, Dynamic Local User, Application Control - but not the Windows Group Policy.
Our PCs are on Windows 8.1 and all policies were applying fine before the weekend upgrade......
Has anyone else had any experience of Group Policies not applying that could point me where to look? I have logged an SR with Novell through our reseller but as yet I am getting no response back at all, not even asking me for more information.
Many thanks
SharonSounds like you have a content replication issue more than a GPO issue.
Especially if the GPO works for locations that point to the Primaries
for Content.
Do you have throttling configured anywhere in any fashion?
You may need to increase the Replication Timeout to make sure content is
getting over to the Sats. Often increasing from 60 to 240 helps, but
watch out for throttling preventing content replication.
It is possible things are backing up.
On 7/31/2014 8:26 AM, shazzypoos wrote:
>
> I should add that when you looked at the "Click for Details" to the
> right of the Effective "Failed" status the message is "Policy
> Enforcement Failed : The action (0) threw an exception. Message (1).
> Exception (2) (grouppolicy, "None of the source locations could be
> found"
>
> Hmmmm! Currently in closest server rules there is only the server for
> the site it's on set - we do not want it to come back to the Primary for
> policies. As I say, this was working before the weekend upgrade. Thanks!
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Technical Support Engineer
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human. -
Maximum number of connection profiles and group policies for Cisco ASA
Hi,
We have a Cisco ASA 5520 running 8.0(2) that we use only for Remote Access VPN.
Does anyone know how many connection profiles and group policies that are supported on the box? I have not been able to find this in the manual.
Thanks in advance for your help!
Best regards,
HarryThere is no limit for connection profiles or group policies that can be configured on ASA. However the numbers do depend upon the memory available in the device as the profiles are stored in memory during execution.
-
Hi everyone,
Im having an issue where group policies stop working on XP machines.
They stop working all together after a certain time. Below is a debug
log for the group policy update.
I've ran through TID
http://support.novell.com/cgi-bin/se...?/10073744.htm
and still no luck.
---------BEGIN DEBUG FILE------------------
WMHelperInitialization (Sep 22 2003) called! Flags: 0x2. Event: 0x0.
Impersonation: 0x2
Opened Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Mapped function RefreshPolicyEx
Exiting WMHelperInitialization. Returning flags: 0x204
WMHelperSystemEntryEx called!
Computer Object : CN=ALyle220_30_3_114.OU=Management.OU=MEL.O=KFA
User Object : CN=ALyle.OU=MEL.O=KFA
Entry Flags : 0x200
Event Flags : 0x0
DN is Typed convert it to TYPELESS
User logged in.
Writing User Logged In to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1 to User Logged In in key
Software\Novell\Workstation Manager\Group Policies
Reading User Logged In from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value User Logged In: 0x1 in key Software\Novell\Workstation
Manager\Group Policies
Applying computer policies.
Entering ApplyPolicies
Reading Group Policy Machine Flags from
\HKLM\Software\Novell\Workstation Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
Reg key Group Policy Machine Flags not found. Assuming 0
Reading Group Policy Machine Status from
\HKLM\Software\Novell\Workstation Manager\Group Policies
Read reg. value Group Policy Machine Status: 0x1000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy Machine Status: 0x1000
Writing Group Policy Machine Status to
\HKLM\Software\Novell\Workstation Manager\Group Policies
Wrote reg. value 0x1000 to Group Policy Machine Status in key
Software\Novell\Workstation Manager\Group Policies
Context : OU=Management.OU=MEL.O=KFA
Full Object DN
CN=ALyle220_30_3_114.OU=Management.OU=MEL.O=KFA.OU =Management.OU=MEL.O=KFA
Calling WMGetAllAssociatedObjects(FALSE, KNIGHT-FRANK, 2,
CN=ALyle220_30_3_114.OU=Management.OU=MEL.O=KFA.OU =Management.OU=MEL.O=KFA,
WINNT Workstation Package, zenwmGroupPolicy, 512, pBuffer)
Error 0x 67 calling WMGetAllAssociatedObjects.
Exiting ApplyPolicies 0x67
Apply computer policies releasing mutex.
Exiting WMHelperSystemEntryEx ccode: 0x67
Closing log file.
----------------- END DEBUG FILE ----------------
Any help would be appreciated. I'm racking my brain here.
Thanks
Russell> Any help would be appreciated. I'm racking my brain here.
The only issue I know of if this is WinXP *SP2*.
If it's not, you can stop read here, because
then I'm lost :-(
*If* it's WinXP SP2, it's not supported at
all with ZENworks 3.x:
http://support.novell.com/cgi-bin/se...?/10092958.htm
"Novell ZENworks for Desktops 3.2 is not supported on XP SP2."
Furthermore, with other versions of ZEN there is a particular
issue with Group Policies when upgrading from WinXP SP1:
http://support.novell.com/cgi-bin/se...?/10095342.htm
Regards
Rolf Lidvall
Swedish Radio (Ltd)
NSC SysOp -
On current build ZCM 11 SP3... We had some original group polices created for Windows 7 64 bit that seem to be applying properly to the workstation. I'm able to confirm workstation policy settings on the workstation by opening up gpedit.msc and confirming my settings. The problem that exist is when I login to the ZCM console and try to edit any of my policies it seems to come down from the server but when I open my policy settings they are all set at not configured. I even tried creating a test policy and making like three changes. I saved the policy and uploading seems to work without any errors but when I try to re-edit the policy it has the three that were change defaulted back to not configured. I attached a copy of the Zen_GP.log file that shows this...
ZEN GP Handler - 5/19/2014 - 10:30:41 AM - Logged on User - Could not load file or assembly 'zmd, Version=11.3.0.34986, Culture=neutral, PublicKeyToken=null'
or one of its dependencies. The system cannot find the file specified.: at
Novell.Zenworks.PolicyHandlers.WindowsGroupPolicyP lural.AbstractGPHandler.ApplyUserPolicy(String cachedirectory, Boolean copyscripts, MessageDetails&
lastErrorMessage, String PolicyGUID, String userName, String usersession, Boolean dontapplyIEsettings)
at Novell.Zenworks.PolicyHandlers.WindowsGroupPolicyP lural.AbstractGPHandler.ApplySettingsToolMode(Stri ng zipFilepath, String username)
at Novell.Zenworks.PolicyHandlers.WindowsGroupPolicyP lural.WindowsGPHandler.EditGPSettings(String zipFilePath, Boolean edit)
ts\StartuptoC:\Users\Logged on User\AppData\Local\Temp\635360922292841726\GroupPo licy\Machine\Scripts\Startup
Any thoughts on why I'm not able to edit group policies but was able to do so before the SP3 update?
ThanksI believe they are targeting ZCM 11.3.1 for the Fix, but that is still
probably about 3 months out.
I have not really delved deep into where it is trying to find this DLL,
just that it is trying to find it and failing as you noted.
Maybe Procmon will show where it is trying to load it from.
On 5/20/2014 8:36 AM, bkferrante wrote:
>
> Craig... Once again thanks for the assistance. I tried putting a copy
> of zmd.dll in C:\Windows\System32 and restarted the workstation and I'm
> still having the problem as described. I did confirm an installed agent
> will allow for the policy editing but it is frustrating that things were
> working fine until the 11 SP3 update. Is there any other solutions you
> can offer as a work around until the patch... Also, any idea when the
> patch fix will be released?
>
> Thanks again
>
>
> CRAIGDWILSON;2319752 Wrote:
>> I presume anywhere in the Windows Path would be sufficient, most folks
>> I
>> talked to just put the agent on their Clean GPO VM.
>>
>> On 5/19/2014 12:36 PM, bkferrante wrote:
>>>
>>> CRAIGDWILSON;2319686 Wrote:
>>>> The ZCM Agent will need to be installed or you will need to copy in
>> the
>>>> zmd.dll from a device with the agent.
>>>>
>>>> This was a new requirement inadvertently added in 11.3, that is
>>>> expected
>>>> to be removed in a forthcoming patch.
>>>>
>>>> On 5/19/2014 11:06 AM, bkferrante wrote:
>>>>>
>>>>> On current build ZCM 11 SP3... We had some original group polices
>>>>> created for Windows 7 64 bit that seem to be applying properly to
>> the
>>>>> workstation. I'm able to confirm workstation policy settings on
>> the
>>>>> workstation by opening up gpedit.msc and confirming my settings.
>> The
>>>>> problem that exist is when I login to the ZCM console and try to
>> edit
>>>>> any of my policies it seems to come down from the server but when I
>>>> open
>>>>> my policy settings they are all set at not configured. I even
>> tried
>>>>> creating a test policy and making like three changes. I saved the
>>>>> policy and uploading seems to work without any errors but when I
>> try
>>>> to
>>>>> re-edit the policy it has the three that were change defaulted back
>>>> to
>>>>> not configured. I attached a copy of the Zen_GP.log file that
>> shows
>>>>> this...
>>>>>
>>>>> ZEN GP HANDLER - 5/19/2014 - 10:30:41 AM - LOGGED ON USER - COULD
>> NOT
>>>>> LOAD FILE OR ASSEMBLY 'ZMD, VERSION=11.3.0.34986, CULTURE=NEUTRAL,
>>>>> PUBLICKEYTOKEN=NULL'
>>>>>
>>>>> OR ONE OF ITS DEPENDENCIES. THE SYSTEM CANNOT FIND THE FILE
>>>> SPECIFIED.:
>>>>> AT
>>>>>
>>>>>
>>>>
>> NOVELL.ZENWORKS.POLICYHANDLERS.WINDOWSGROUPPOLICYP LURAL.ABSTRACTGPHANDLER.APPLYUSERPOLICY(STRING
>>>>> CACHEDIRECTORY, BOOLEAN COPYSCRIPTS, MESSAGEDETAILS&
>>>>>
>>>>> LASTERRORMESSAGE, STRING POLICYGUID, STRING USERNAME, STRING
>>>>> USERSESSION, BOOLEAN DONTAPPLYIESETTINGS)
>>>>> AT
>>>>>
>>>>
>> NOVELL.ZENWORKS.POLICYHANDLERS.WINDOWSGROUPPOLICYP LURAL.ABSTRACTGPHANDLER.APPLYSETTINGSTOOLMODE(STRI NG
>>>>> ZIPFILEPATH, STRING USERNAME)
>>>>> AT
>>>>>
>>>>
>> NOVELL.ZENWORKS.POLICYHANDLERS.WINDOWSGROUPPOLICYP LURAL.WINDOWSGPHANDLER.EDITGPSETTINGS(STRING
>>>>> ZIPFILEPATH, BOOLEAN EDIT)
>>>>> TS\STARTUPTOC:\USERS\LOGGED ON
>>>>>
>>>>
>> USER\APPDATA\LOCAL\TEMP\635360922292841726\GROUPPO LICY\MACHINE\SCRIPTS\STARTUP
>>>>>
>>>>>
>>>>> Any thoughts on why I'm not able to edit group policies but was
>> able
>>>> to
>>>>> do so before the SP3 update?
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Craig Wilson - MCNE, MCSE, CCNA
>>>> Novell Technical Support Engineer
>>>>
>>>> Novell does not officially monitor these forums.
>>>>
>>>> Suggestions/Opinions/Statements made by me are solely my own.
>>>> These thoughts may not be shared by either Novell or any rational
>> human.
>>>
>>> Thanks for the quick reply Craig... Can you be a little more clearer
>> on
>>> the steps to copy the ZMD.dll... Location to copy the file on a
>> machine
>>> without an agent... Thanks...
>>>
>>>
>>
>>
>> --
>> Craig Wilson - MCNE, MCSE, CCNA
>> Novell Technical Support Engineer
>>
>> Novell does not officially monitor these forums.
>>
>> Suggestions/Opinions/Statements made by me are solely my own.
>> These thoughts may not be shared by either Novell or any rational human.
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Technical Support Engineer
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
Maybe you are looking for
-
Apache POI small example request & if it's possible to do...
I'm fairly new to Java, and am interested in creating a dynamic program in swing: I have a word 2007 document with a number of lines of text and commands from a user manual I have created. I would like to use the Apache POI package to open the docume
-
ORA-13193: failed to allocate space for geometry
I am having problems indexing a point layer using Locator in 8.1.6. The errors are: ERROR at line 1: ORA-29855: error occurred in the execution of ODCIINDEXCREATE routine ORA-13200: internal error [ROWID:AAAFs9AADAAAB30AAg] in spatial indexing. ORA-1
-
Audio quality vs Airport Express
Thus far I'm loving the AppleTV. My (untrained) ears feel like there is a difference in music playback quality, though, compared to my previous setup - Airport Express/Airtunes. Anyone else noticing this? Does the AppleTV process the music for ProLog
-
RMI Experts - I cannot connect to server, but connected clients STILL RUN
I am pulling my hair out, I have 4 identical RMI servers running on RH linux 7.0, JDK1.3. The client is a signed java applet that runs with the JRE1.3 under windows. It binds to each of the 4 servers, and unbinds from the 3 with the most clients conn
-
In my FM i call another FM which creates a entry in kna1 and knvp i checked tht FM in that if entry is not created in kna1 it gives a return code ot equal to 0 i want that in my fm when i run it if it doesnt creates a kna1 entry it should pass a ret