No standard templates in Group Policy Editor on SBS 2008

Hi, we have a SBS 2008. Problem is that we don't have any standard templates in Group Policy Editor anymore, just Office templates. If I do "Add/Remove Templates" the list is empty (please see Image below).
Any ideas?
Thanks in advance for your help
Best regards, Thomas

Hi Thomas,
Would you please let me confirm whether change anything before this issue occurred? Did this issue just occurred
recently?
Would you please let me know if Administrative Templates files still store in the default location C:\Windows\PolicyDefinitions
folder? Or have created the Central Store for Group Policy Administrative Template files? Please navigate to
PolicyDefinitions folder and check if it is empty.
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu

Similar Messages

Can't see ADMX files in Group Policy Editor

I have a problem with ADMX files on my Server 2008 r2 group policy. I start by going to group policy editor. Then I browse to Computer Policy and then Administrative Templates. There is nothing in there... Which is weird... There has always been stuff there...
So, then I go in to add templates back in... I find the ADMX files in C:\Windows\Policy Definitions and also \\domain\SYSVOL\domain\Policies\PolicyDefinitions and go to Add/Remove Templates. I click add and then browse to either directory (which has ADMX files
in them!) and see nothing. ADM files I can see fine. But ADMX I can't see. So, I see these links:
2008 R2 Server GP can't see admx files
I can't see admx files
Looking at them, they both say I should be able to see ADMX files in the central store...So I manually copy the ones in C:\Windows\Policy Definitions to the SYSVOL central store. Restart group policy editor... Nothing there when I browse the settings...
Still not able to add templates.
It looks like group policy editor doesn't know about ADMX files at all... Is there a registry setting or something that "enables" the ADMX files?
Thanks,
Scott

In gpedit / gpmc, the menu item : "Action -> Add/Remove Templates", is only applicable/useful for the older/legacy ADM files - the menu item isn't relevant for ADMX/ADML files at all.
The most common reason for an "empty" list of Administrative Templates settings, is an incorrect configuration of the Central Store.
The usual guidance tells us to place ADMX files here, to setup a CS:
\\domain\SYSVOL\domain\Policies\PolicyDefinitions\
This folder/file structure has to mimic what you would see at: C:\Windows\PolicyDefinitions\
If your domain is named contoso.com, you would need this:
contoso.com\SYSVOL\contoso.com\Policies\PolicyDefinitions\
In that folder, reside your ADMX files.
You also need the relevant locale subfolder, and in there, you need the matching ADML files.
The best way to establish that, is to go to C:\Windows\PolicyDefinitions\ on your RSAT PC, or DC, and copy all the contents including subfolders and files, into the equivalent folder of your CS.
Then exit GPMC (if you had it opened), and re-launch GPMC. No need to to anything else in GPMC, it will automatically, by default, look for a CS first, and, if no CS is found, will revert to the local policydefinitions folder structure.
But, if the CS folder structure exists *AND* is incomplete or incorrect, you will get your symptom.
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

Group Policy Editor problem

Hi
I updated Windows 7 SP1 Enterprise 64 bit
with the Windows Update.
Now, when I open the Group Policy
Editor, this window is displayed with the
following error message:
How come?
Thanks
Bye
Balubeto

Hi,
Apologize for the late reply.
The error message seems to be related with some updates that didn't update the Admx related files. The error was aften caused by mis-matched ADMX and ADML files.
See this similiar thread:
Error when selecting administrative template in any GPO
https://social.technet.microsoft.com/Forums/windowsserver/en-US/bac54114-54d7-472b-969d-9b08f28dbba9/error-when-selecting-administrative-template-in-any-gpo?forum=winserverGP
For the inetres.admx, line 1495 column 249, please follow the suggestions mentioned in the above thread. Unzipping the download (THIS ONE
http://www.microsoft.com/en-us/download/details.aspx?id=40905), then copy the related language\inetres.adml file to the c:\Windows\PolicyDefinitions\language directory, overwriting
the existing one in the destination.
Best regards
Michael Shao
TechNet Community Support
When I try to execute the copy commands via the command prompt with elevated privileges, the "Access Denied" error is displayed. How come?
Thanks
Bye
Balubeto

How do I set firefox as the default browser in Windows Server 2012 Group Policy Editor?

Hello, I am unable to set firefox as the default browser despite multiple different attempts to do so using group policy.
I have:
- Set a registry command (targeted at 32/64 via a WMI query) to reset the opening command as shown below:
HKEY_CURRENT_USER\Software\Classes\http\shell\open\command
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1"
- Set a powershell logon script to run (that does run):
firefox.exe -silent -setDefaultBrowser
Despite setting the above it seems the client computers browsers are not affected by the settings above. When the script runs or if I run the command above a UAC window pops up and requests that I accept the command (for the setDefaultBrowser) but even if I click yes as an administrator it does nothing.
Since GPO in 2012 has changed perhaps there is something that I am missing? Do I need to somehow disable Windows Internet Explorer from achieving default browser status?
Please do not reply if you will suggest that I use Internet Explorer Maintenance (since this function in GPO has been disabled since IE10)
My DC is Server 2012, my client computers are Win7 32/64.

The above reply does not take into account that I am trying to use GROUP POLICY EDITOR to make it the default browser.

Error when trying to open group policy editor

When I try to open the Local Group Policy Editor I get error message:
"Found duplicate definition of element string with name 'AppxRuntimeBlockFileElavationExplanation'.
File c:\Windows\PolicyDefinitions\en-US\AppXRuntime.adml, line43, column 15"
I'm running Win 10 Pro build 10041.
Has anyone seen this?

When I try to open the Local Group Policy Editor I get error message:
"Found duplicate definition of element string with name 'AppxRuntimeBlockFileElavationExplanation'.
File c:\Windows\PolicyDefinitions\en-US\AppXRuntime.adml, line43, column 15"
Same here.
Dave

Is there a way to give a local user permission to add a local user using the local group policy editor?

I need to find a way to have the local administrator of a Windows Server 2012 system grant a local user (non-administrator) the ability to add a user for the machine using the local group policy editor. The machine is not part of any Active Directory environment,
this is strictly on the one machine. In my situation it is not an option to just make the user an administrator. The idea is to give someone the right to add a user and have no other such administrative rights. I need to accomplish this using the
Local Group Policy editor or the Group Policy Management Console if it is possible to do this outside of an active directory environment. This is not an assignment to learn how to use these tools and I am not even sure if it would even be possible though I
need to either find a way or find proof that it is not possible using these applications.

Hi,
Sorry for the delay reply.
So did you want to non-admin user have the ability to add another user?
As far as i know, we cannot add the user if we have no local admin permission, we will receive the error"Access denied".
Regards.
Vivian Wang

ZENworks 6.5 SP1b And Group Policy Editor Problems

I just installed ZENworks 6.5 SP1b on a brand new test server that I am
running. I have no users or strain on the server. After I installed the
service pack it started take about 20 to open the Group Policy Editor for
a user policy and about a minute 20 to close it. I was using it before the
upgrade and it only took like 10 seconds to close before. What's up? Can
any one help?

Yeah Sorry I clicked the wrong one
> I presume someone will help in the Desktops forum, since this is for
> server management...
>
> --
>
> Shaun Pond
>
>

I have removed some ADM templates from group policy but are still showing in RSOP

I removed some old custom ADM templates from group policy but they are still showing up when I run RSOP.MSC.
How do I get RSOP.msc not to show these old custom ADM templates? I'm not able to find what I'm looking for in my searches.

Hi,
Even you remove these custom ADM templates, the policy settings configured by these custom ADM templates still exist. We can try to import these ADM templates again then un-configure
the policy settings set by these custom ADM templates. After refreshing the policy settings, we can delete the custom ADM templates.
Best Regards,
Erin
Thanks. That almost works. When I import a new updated template with a different name but with some of the same settings, the old template shows up again.

Group Policy processing failure on 2008 when MIX Domain 2003 with DC 2008

Dear I try to add additional Windows 2008 Domain to My Domain controller 2003 and I ma Receiving Group policy error in DC 2008 With Event ID 1055
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1055</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-03-06T14:36:44.411955300Z" />
<EventRecordID>3859</EventRecordID>
<Correlation ActivityID="{28DAD258-26D0-4C1E-A4B7-F37DEE04C8F1}" />
<Execution ProcessID="952" ThreadID="3276" />
<Channel>System</Channel>
<Computer>PRIMARYDC.Qtit.com</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">1632</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">1578</Data>
<Data Name="ErrorCode">5</Data>
<Data Name="ErrorDescription">Access is denied.</Data>
</EventData>
</Event>
I install See KB939820 for a hotfix applicable to Microsoft DC 2003 regrading to he KRBTGT account
Refer Url : http://support.microsoft.com/kb/939820
I run dcdiag /v on and repadmin /showrepl at DC 2008
the dcdiag /v result
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine PRIMARYDC, is a Directory Server.
Home Server = PRIMARYDC
* Connecting to directory service on server PRIMARYDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... PRIMARYDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Advertising
The DC PRIMARYDC is advertising itself as a DC and having a DS.
The DC PRIMARYDC is advertising as an LDAP server
The DC PRIMARYDC is advertising as having a writeable directory
The DC PRIMARYDC is advertising as a Key Distribution Center
The DC PRIMARYDC is advertising as a time server
The DS PRIMARYDC is advertising as a GC.
......................... PRIMARYDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:18:56
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:53:21
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
......................... PRIMARYDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... PRIMARYDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... PRIMARYDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... PRIMARYDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Domain Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role PDC Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Rid Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
......................... PRIMARYDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC PRIMARYDC on DC PRIMARYDC.
* SPN found :LDAP/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :LDAP/PRIMARYDC.Qtit.com
* SPN found :LDAP/PRIMARYDC
* SPN found :LDAP/PRIMARYDC.Qtit.com/QTIT
* SPN found :LDAP/e3d8c76c-1b59-4de6-9f7f-c438df9a2863._msdcs.Qtit.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e3d8c76c-1b59-4de6-9f7f-c438df9a2863/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com
* SPN found :HOST/PRIMARYDC
* SPN found :HOST/PRIMARYDC.Qtit.com/QTIT
* SPN found :GC/PRIMARYDC.Qtit.com/Qtit.com
......................... PRIMARYDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC PRIMARYDC.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
DC=DomainDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=Qtit,DC=com
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Qtit,DC=com
(Configuration,Version 3)
* Security Permissions Check for
DC=Qtit,DC=com
(Domain,Version 3)
......................... PRIMARYDC failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\PRIMARYDC\netlogon
Verified share \\PRIMARYDC\sysvol
......................... PRIMARYDC passed test NetLogons
Starting test: ObjectsReplicated
PRIMARYDC is in domain DC=Qtit,DC=com
Checking for CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com in domain DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com in domain CN=Configuration,DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
......................... PRIMARYDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... PRIMARYDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 14607 to 1073741823
* SecondAD.Qtit.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 14107 to 14606
* rIDPreviousAllocationPool is 14107 to 14606
* rIDNextRID: 14124
......................... PRIMARYDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... PRIMARYDC passed test Services
Starting test: SystemLog
* The System Event log test
A warning event occurred. EventID: 0x0000A001
Time Generated: 03/06/2014 16:04:05
Event String:
The Security System could not establish a secured connection with the server ldap/PRIMARYDC.Qtit.com/[email protected]. No authentication protocol was available.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:06:35
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:11:36
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:16:38
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:21:39
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:26:41
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:46
Event String:
Driver TOSHIBA e-STUDIO16/20/25 PCL 6 required for printer TOSHIBA e-STUDIO16/20/25 PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:48
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:49
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:14
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:31:42
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
......................... PRIMARYDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com and backlink on
CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on
CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (frsComputerReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com are
correct.
......................... PRIMARYDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Qtit
Starting test: CheckSDRefDom
......................... Qtit passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Qtit passed test CrossRefValidation
Running enterprise tests on : Qtit.com
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
PDC Name: \\SecondAD.Qtit.com
Locator Flags: 0xe00001bd
Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
Preferred Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
KDC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
......................... Qtit.com passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... Qtit.com passed test Intersite
repadmin /showrepl Result
******************************8
==== INBOUND NEIGHBORS ===================================
DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:04 was successful.
CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:39 was successful.
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
DC=DomainDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:27:31 was successful.
DC=ForestDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
I try to down the DC 2003 and access \\Qtit.com it success open the syslog on DC 2008
Any help or advice

Hi,
Were there other error codes logged in Event Viewer?
Regarding Event ID 1055, the following article can be referred to for troubleshooting.
Event ID 1055 — Group Policy Preprocessing (Security)
http://technet.microsoft.com/en-us/library/cc727272(v=ws.10).aspx
Based on the report you posted, this issue may be related to FRS replication service. As a result, we can use ntfrsutl tool to check whether the replication service is healthy.
Regarding this point, the following articles can be referred to for more information.
Troubleshooting File Replication Service
http://technet.microsoft.com/en-us/library/bb727056.aspx
Ntfrsutl
http://technet.microsoft.com/en-us/library/hh875636.aspx
In addition, we can also try doing a non-authoritative Sysvol restore on Windows Server 2008 DC to see whether the issue persists.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762/en-us
Hope it helps.
Best regards,
Frank Shen

Unknown Error when starting the Group Policy Editor

On Windows 8.1 Professional, I opened the "Edit group policy" from the control panel and also tried to start gpedit.msc from an elevated CMD prompt. In both cases I get the following error message:
In English: Failed to open GPO. You may not have appropriate rights. Details: Unknown Error
There it is again - this dreaded "Unknown Error" message - telling me absolutely nothing about the cause of the problem.
In the past I have been able to launch the GPE on that machine without problems. I can absolutely not remember having messed around with the system files or registry settings. So there is no suspicious thing I could have done to break something. I had a
look at all copies of the GPEDIT.MSC in an editor but none of them looked broken in any way.
I startet C:\WINDOWS\SYSTEM32\MMC.EXE C:\WINDOWS\SYSTEM32\GPEDIT.MSC using the debugger of Visual Studio and paused execution after the error dialog had poped up. I got this call stack:
gpedit.dll!ReportError(struct HWND__ *,unsigned long,unsigned int,...)   Unknown
gpedit.dll!CComponentData::Load(struct IStream *)   Unknown
mfc42u.dll!CWinApp::ProcessShellCommand(class CCommandLineInfo &)   Unknown
I had configured the debugger to break on all exceptions but as you see yourself, MMC is an MFC 4.2 app that doesn't use exceptions.
Since I get no access to the symbols of gpedit.dll, can anybody please tell me which conditions - i.e. problems - in Load() are handled by simply returning E_FAIL? What could be wrong with my machine?

Hi,
Consider the corrupted local policy files and system files, please try these steps:
Step 1: clear local GP by running these commands:
RD /S /Q "%WinDir%\System32\GroupPolicyUsers"
RD /S /Q "%WinDir%\System32\GroupPolicy"
gpupdate /force
Step 2: To scan system files by running this command as admin:
SFC /SCANNOW
Andy error, please post back the CBS.log
Then, restart the computer to check the results.
Also, the event log (Open local event viewer) will show something related to this issue, please check event under
Windows log\Application and Applications and services log\Microsoft\Windows\Grouppolicy, post back if you find any error about this issue.
Kate Li
TechNet Community Support

Enforce template via group policy

HI,
I have deployed the Office2013 template and I could see the settings for Office2013 applications are available for users to select
Is there a way to enforce to virtualize the Office2013 applications setting? V 2.0 only includes the policies for Office2010
thanks
Andy

There is currently no Group Policy template for Office 2013 as the Office 2013 template was released after the UE-V 2.0 Template Release. The Group Policy templates will be refreshed with the upcoming
release of UE-V 2.1.
Brandon
MDOP on the Springboard Series on TechNet

New Group Policy not working on 2008 RDS in 2012 Domain - Security Filtering problem?

We have a Windows 2008 R2 RDS in a Windows 2012R2 Domain. We want to lockdown the 2008 RDS for Domain users that we have added to a new security Group--named "Data Collection Users". These users are "Domain Users" and login to the
2008 RDS using Windows XP SP3 machines to run a specific application -they do not use their local desktops for anything. WE added this group to the local RDU group on the RDS. We do not have any other users that login to the RDS through terminal,
including any Domain Admins.
So far we have done these steps:
On the DC, created new OU (called Terminal Servers) and moved the RDS into it.
Opened Group Policy on the DC, and under GP Objects, created a new policy called "TS Users Lockdown".
Linked the Policy to the OU.
Under Security Filtering we removed the Authenticated Users, added the RDS computer account (called QS2), added the "Data Collection Users" and chose Allow for "Read" and "Apply Policy"
Under Security Filtering, for Domain Admins, we chose Deny for "Apply Group Policy"
We edited the Policy (under Computer Configuration>AT>SYS>GP) to Enable Loopback processing - Replace mode.
We first tested the policy by trying to remove the "Run" from startup menu and "prohibit access to Control Panel".
We ran the Group Policy force update from within GP Management - ran successfully.
We did not reboot the RDS.
Neither of the settings we tried in Step 7 worked. Why Not?
Here are images from the Security Filtering:

Ok--Do I reboot the RDS or the DC? or both?
Does it look like my Security Filtering is correct? I have seen posts where you should not remove the "Authenticated users"?

Office 2013 ADMX files not being read by group policy editor?

Okay so I'm having a real problem with the ADMX files for Office 2013. First of all we have a mix of 2012 R2 DCs with one 2008 R2 DC. The 2008 R2 is currently the primary DC. Here's what I've done so far:
Downloaded the ADMX files both 32 and 64bit.
Copied from my machine (Win7) to 2012R2 DC.
Downloaded and copied directly to the 2012R2DC policy definitions location
According to the research I've done, the Office 2013 template is supposed to appear under User Configuration\Policies\Administrative Templates. However it doesn't show up no matter what I do.
I consider myself fairly knowledgeable with GPOs but I'm stumped on this one. Can someone tell me what I'm missing here?

Hi,
Have you copied the ADML files to the language folder in the PolicyDefinitions folder?
Checkout the below thread on similar discussion,
office 2013 admx templates
Regards,
Gopi
www.jijitechnologies.com

Missing Administrative Templates in Group Policy Tree.

    Few days ago,I found administrative plateform missing which supposed to be listed under GPO.Meanwhile, GPO reports correctly. I did attempt to registy 'gptext.dll' and success following the suggestion, but it didn't work.And it seems the
'gptext.dll' could be registy repeatly without error. What exactly happened?What real actions i need to do?
   (Based on Windows Server2012 R2 Domain Controller)

Hi,
In my point of view, we can first to check if these Administrative Templates exist. So as Zanderol24 said, did you create central store? if you have created central store, make sure these Administrative
Templates are existed in central store. If you have not created central store, make sure these Administrative Templates are located in PolicyDefinitions folder.
If these Administrative Templates are exist in your central store or PolicyDefinitions folder, we can try to import these Administrative Templates manually.
Best Regards,
Erin

Adding a Registry Key via Group Policy on Windows server 2008 R2

Hi all;
I need to add the following Registry Key and values to several PCs across the network, I tried doing so via a logon script and via Registry Preferences through GP but it didn't work!
Method 1: Logon script:
regedit.exe /S \\bbk-files\BBK Templates\slxbasic.reg
The slxbasic.reg contains the following:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\SalesLogix\ADOLogin\Connection1]
"Alias"="BBKSLX_PRODUCTION"
"Provider"="SLXOLEDB.1"
"Initial Catalog"="BBKSLX_PRODUCTION"
"Data Source"="BBK-SLX1"
"DBUser"=""
"Extended Properties"="PORT=1706;LOG=ON"
Method 2: GP Preference:
I add the above mentioned values via the GP Preference for the Registry and still didn't work, I also tried the Registry wizard and imported the required Registry info from another PC and still didn't work.
When I check the GP result for the required PCs, I see that the GP is applied, but when I check the registry, I don't find the required values their!
Please help.

Hi,
>>When I'm processing a GP results report, I'm processing it for a certain PC and a certain user, and I look at the User's applied policies and I can find the policy
there.
How is the issue going? Are we still unable to see the value in the Registry?
>>Users have permissions on the shred drive and can navigate to the location and run the .reg file manually.
After we ran the script manually, did we check the Registry to see if the value had been changed?
Best regards,
Frank Shen

No standard templates in Group Policy Editor on SBS 2008

Similar Messages

Maybe you are looking for