Please Help| group policy site failure

hey all, i have some big problem in my network.
i have 3 site named by city.
tel aviv-server 2012
beer sheva-server 2008r2
netanya-server 2008 r2
i crete gpo(computer management) that deny access to mmc.exe
computer management--->windows settings--->securtiy--->file system
and add---> %systemroot%/system32/mmc.exe and deny access to user.
now i go to check the gpo in client side with gpresult /scope computer /r and see that some computers in tel aviv site connected to netanya/beer sheva site.
what can i do ?
i have a situation that not matter what i do i cant release mmc.exe to users.

Hi eranvak,
Before going further, would you please let me confirm something more? Would you please descript how you configure
the group policy summarily? For example, when you create the GPO, where the GPO link to? Did you directly link GPO to the default Domain? Or in GPMC, right click the site and select
Link an Existing GPO…? Or any other I misunderstand, please feel free to let me know.
In addition, you descript “enable the inheritance option”, did you mean that just uncheck
Block Inheritance option?
Sorry for my confusion. Thanks for your understanding.
There are two articles for Group Policy Inheritance. Please refer to.
Group Policy Inheritance
http://technet.microsoft.com/en-us/library/cc739343(v=ws.10).aspx
Managing inheritance of Group Policy
http://technet.microsoft.com/en-us/library/cc757050(v=ws.10).aspx
Hope this helps.
Best regards,
Justin Gu

Similar Messages

Group Policy processing failure on 2008 when MIX Domain 2003 with DC 2008

Dear I try to add additional Windows 2008 Domain to My Domain controller 2003 and I ma Receiving Group policy error in DC 2008 With Event ID 1055
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1055</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-03-06T14:36:44.411955300Z" />
<EventRecordID>3859</EventRecordID>
<Correlation ActivityID="{28DAD258-26D0-4C1E-A4B7-F37DEE04C8F1}" />
<Execution ProcessID="952" ThreadID="3276" />
<Channel>System</Channel>
<Computer>PRIMARYDC.Qtit.com</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">1632</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">1578</Data>
<Data Name="ErrorCode">5</Data>
<Data Name="ErrorDescription">Access is denied.</Data>
</EventData>
</Event>
I install See KB939820 for a hotfix applicable to Microsoft DC 2003 regrading to he KRBTGT account
Refer Url : http://support.microsoft.com/kb/939820
I run dcdiag /v on and repadmin /showrepl at DC 2008
the dcdiag /v result
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine PRIMARYDC, is a Directory Server.
Home Server = PRIMARYDC
* Connecting to directory service on server PRIMARYDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... PRIMARYDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Advertising
The DC PRIMARYDC is advertising itself as a DC and having a DS.
The DC PRIMARYDC is advertising as an LDAP server
The DC PRIMARYDC is advertising as having a writeable directory
The DC PRIMARYDC is advertising as a Key Distribution Center
The DC PRIMARYDC is advertising as a time server
The DS PRIMARYDC is advertising as a GC.
......................... PRIMARYDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:18:56
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:53:21
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
......................... PRIMARYDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... PRIMARYDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... PRIMARYDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... PRIMARYDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Domain Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role PDC Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Rid Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
......................... PRIMARYDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC PRIMARYDC on DC PRIMARYDC.
* SPN found :LDAP/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :LDAP/PRIMARYDC.Qtit.com
* SPN found :LDAP/PRIMARYDC
* SPN found :LDAP/PRIMARYDC.Qtit.com/QTIT
* SPN found :LDAP/e3d8c76c-1b59-4de6-9f7f-c438df9a2863._msdcs.Qtit.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e3d8c76c-1b59-4de6-9f7f-c438df9a2863/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com
* SPN found :HOST/PRIMARYDC
* SPN found :HOST/PRIMARYDC.Qtit.com/QTIT
* SPN found :GC/PRIMARYDC.Qtit.com/Qtit.com
......................... PRIMARYDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC PRIMARYDC.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
DC=DomainDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=Qtit,DC=com
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Qtit,DC=com
(Configuration,Version 3)
* Security Permissions Check for
DC=Qtit,DC=com
(Domain,Version 3)
......................... PRIMARYDC failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\PRIMARYDC\netlogon
Verified share \\PRIMARYDC\sysvol
......................... PRIMARYDC passed test NetLogons
Starting test: ObjectsReplicated
PRIMARYDC is in domain DC=Qtit,DC=com
Checking for CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com in domain DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com in domain CN=Configuration,DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
......................... PRIMARYDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... PRIMARYDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 14607 to 1073741823
* SecondAD.Qtit.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 14107 to 14606
* rIDPreviousAllocationPool is 14107 to 14606
* rIDNextRID: 14124
......................... PRIMARYDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... PRIMARYDC passed test Services
Starting test: SystemLog
* The System Event log test
A warning event occurred. EventID: 0x0000A001
Time Generated: 03/06/2014 16:04:05
Event String:
The Security System could not establish a secured connection with the server ldap/PRIMARYDC.Qtit.com/[email protected]. No authentication protocol was available.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:06:35
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:11:36
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:16:38
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:21:39
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:26:41
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:46
Event String:
Driver TOSHIBA e-STUDIO16/20/25 PCL 6 required for printer TOSHIBA e-STUDIO16/20/25 PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:48
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:49
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:14
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:31:42
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
......................... PRIMARYDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com and backlink on
CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on
CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (frsComputerReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com are
correct.
......................... PRIMARYDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Qtit
Starting test: CheckSDRefDom
......................... Qtit passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Qtit passed test CrossRefValidation
Running enterprise tests on : Qtit.com
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
PDC Name: \\SecondAD.Qtit.com
Locator Flags: 0xe00001bd
Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
Preferred Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
KDC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
......................... Qtit.com passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... Qtit.com passed test Intersite
repadmin /showrepl Result
******************************8
==== INBOUND NEIGHBORS ===================================
DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:04 was successful.
CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:39 was successful.
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
DC=DomainDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:27:31 was successful.
DC=ForestDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
I try to down the DC 2003 and access \\Qtit.com it success open the syslog on DC 2008
Any help or advice

Hi,
Were there other error codes logged in Event Viewer?
Regarding Event ID 1055, the following article can be referred to for troubleshooting.
Event ID 1055 — Group Policy Preprocessing (Security)
http://technet.microsoft.com/en-us/library/cc727272(v=ws.10).aspx
Based on the report you posted, this issue may be related to FRS replication service. As a result, we can use ntfrsutl tool to check whether the replication service is healthy.
Regarding this point, the following articles can be referred to for more information.
Troubleshooting File Replication Service
http://technet.microsoft.com/en-us/library/bb727056.aspx
Ntfrsutl
http://technet.microsoft.com/en-us/library/hh875636.aspx
In addition, we can also try doing a non-authoritative Sysvol restore on Windows Server 2008 DC to see whether the issue persists.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762/en-us
Hope it helps.
Best regards,
Frank Shen

Please help uploading new site

How do i overwrite an old site? My old website got wiped out when i installed the new iweb..now i made a new one but it would not overwrite the old one..Please help!!

Hello Tamara
Same problem here.
Regards,
Marco

Deleted Policy from sysvol location by mistake - Group Policy Infrasturure Failure - 2008 R2

Hello, I accidentally deleted a GPO Policy from the Policies Folder in the sysvol location. I was sure that it was not being used but was somehow causing an errors when i ran an rsop on my test machine.
Group Policy Infrastructure failed due to the error listed below.
The system cannot find the path specified.
Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available
Getting it from Backup would take too long.
There are no auditing on the DC and cant work out how to recover it now. Is there anyway to get this back? I have checked the other DCs but couldnt find the exact policy ID before replication.
Thanks
GP 2008 R2

> *Group Policy Infrastructure failed due to the error listed below.*
> *The system cannot find the path specified.*
gpotool.exe is a handy tool for this :) Download at MS.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :))

Please Help java.policy signedBy can't access file local

i create keystore and signjar in web applet
run tomcat access file in local but not acess file denied
i goto edit file java.policy
grant {
     permission java.security.AllPermission;
can access file
but put SignedBy cannot access file
grant SignedBy fuangchai{
     permission java.security.AllPermission;
Please help me example file keystore,applet.jar,java.policy
to signedby access file local in webapplet
env JDE 1.5 ,javascript yui 2.8 ,prototype js,tomcat6
File html
<object classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
codebase="http://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab#Version=5,0,0,5"
width="1" height="1" >
<param name=code value="com.arg.aes.test.FileDirectoryBS.class" >
<param name=archive value="app.jar">
<param name=codebase value="." >
<param name="type" value="application/x-java-applet;version=1.5">
<param name="scriptable" value="true">
<param name="mayscript" value="true">
<param name="debug" value="false">
<comment>
<embed name="myApplet" id="myApplet"
type="application/x-java-applet;version=1.5"
code="com.arg.aes.test.FileDirectoryBS.class"
archive="app.jar"
java_codebase="."
width="1"
height="1"
scriptable="true"
mayscript="true"
pluginspage="http://java.sun.com/products/plugin/index.html#download">
<noembed>
</noembed>
</embed>
</comment>
</object>
<applet
code="com.arg.aes.test.FileDirectoryBS"
width="1"
height="1"
archive="app.jar"
name="myApplet"
codebase="."
MAYSCRIPT="true"
>
</applet>
javascript
initlistfile : function() {
          try
               var list = $("myApplet").initlistfileInDir();
               var jsondata = list.evalJSON();
               /*alert(jsondata.dirname);
               alert(jsondata.dirpath);
               alert(jsondata.listfile.length);*/
               initTableLeft(jsondata.listfile);
          catch(e)
               alert("Exception : access denied.");
               return;
import java.applet.Applet;
import java.io.File;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.text.DecimalFormat;
import java.text.NumberFormat;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
* @author fuangchai
public class FileDirectoryBS extends Applet{
public static File[] ROOTS = File.listRoots();
public static String HOME = System.getProperty("user.home");
public String listDir()
return JsonObj.makeTopDir((ROOTS.length > 0)?ROOTS : new Object[]{HOME});
public String initlistfileInDir()
return listfileInDir(null);
public String listfileInDir(String dirName)
if(null == dirName || dirName.equals(""))
System.out.println("root = " + ROOTS.length);
try {
dirName = (ROOTS.length > 0)?ROOTS[0].getPath():HOME;
catch (Exception e) {
e.printStackTrace();
return "";
System.out.println("#########################");
DirectoryDescImp obj = makeObjDir(dirName);
return (null == obj)?null:JsonObj.makeDir(obj);
public String listlinkInDir(String dirName)
if(null == dirName || dirName.equals(""))
System.out.println("root = " + ROOTS.length);
try {
dirName = (ROOTS.length > 0)?ROOTS[0].getPath():HOME;
catch (Exception e) {
e.printStackTrace();
return "";
System.out.println("#listlinkInDir#");
try {
File obj = new File(dirName);
return (null == obj)?null:JsonObj.makelinkDir(obj.getName(),obj.getPath());
} catch (Exception e) {
System.out.println("I can't access a file here! Access Denied!");
e.printStackTrace();
return null;
public boolean isEnc(File f)
//TODO
return false;
public DirectoryDescImp makeObjDir(String dirName)
System.out.println("dirName = " + dirName);
try{
File dir = new File(dirName);
String[] entries = dir.list();
if(null == dir || null == entries || entries.length <= 0)
System.out.println("Data is null or not obj." );
return null;
System.out.println("Dir List = " + dir.list().length);
System.out.println("Dir Name = " + dir.getName());
System.out.println("Dir Path = " + dir.getPath());
DirectoryDescImp dirDesc = new DirectoryDescImp();
dirDesc.setDirName(dir.getName());
dirDesc.setDirPath(dir.getPath());
List<FileDescImp> list = new ArrayList<FileDescImp>();
for(int i=0; i < entries.length; i++) {
File f = new File(dir, entries);
FileDescImp fDesc = new FileDescImp();
fDesc.setFile(f);
fDesc.setFileEncrept(isEnc(f));
list.add(fDesc);
dirDesc.setListfile(list);
return dirDesc;
catch(Exception e){
System.out.println("I can't access a file here! Access Denied!");
e.printStackTrace();
return null;
Thank you
Fuangchai Jum
Mail [email protected]
Edited by: prositron on Jan 13, 2010 7:35 AM

OK,
Let's say I have to intialize Environment, and call method initEnvironment() in Applet's init(). Environment class:
class Environment
     private KeyStore keyStore;
     private Enumeration<String> aliases;
     public void initEnvironment() {
          Security.addProvider(new sun.security.mscapi.SunMSCAPI());
          keyStore = KeyStore.getInstance("Windows-MY");
          keyStore.load(null);
          aliases = keyStore.aliases();
}Applet is signed, I trust signer.
Since Applet is signed I'm able to overwrite existing .java.policy under user.home.
This doesn't work if I don't have .java.policy:
grant {
permission java.security.SecurityPermission "insertProvider.SunMSCAPI";
permission java.security.SecurityPermission "authProvider.SunMSCAPI";
permission java.util.PropertyPermission "jsr105Provider", "read";
permission java.util.PropertyPermission "com.sun.xml.internal.ws.api.pipe.Fiber.serialize", "read";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.util.PropertyPermission "com.sun.xml.internal.ws.api.streaming.XMLStreamWriterFactory.noPool", "read";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.ws.fault";
permission java.util.PropertyPermission "com.sun.xml.internal.ws.api.streaming.XMLStreamWriterFactory.woodstox", "read";
};P.S.
Does it make sense to be able to make changes to file system and not be able to make actions from above policy?!?!

Please help. Disk Utility Failure.

I just ran my disk utility function and received this error:
Disk Utility stopped verifying “Untitled 1” because the following error was encountered:
Filesystem verify or repair failed.
Does this mean that my hard drive is compromised? I've tried to run the first aid function several times and keep getting a failure message. Any and all help and input would be appreciated! Thanks!

If you get the Disk Utility message "Failure on exit", or the one's you received, it means there is an issue that Disk Utility can't fix. In many cases, either Disk Warrior or TechTools Pro can be used to fix it, with Disk Warrior being the more popular program. However, if Disk Warrior/TechTool Pro can't fix it, then you may be looking at a new hard drive (although you can erase the hard drive and try with a restore to keep using it). Curiously, a new drive may be less expensive than the repair software.
Smart Utility can give you a view of the SMART sensors to gain more information on the hardware health of your drive. Download with a trial license from http://www.volitans-software.com/smart_utility.php

PLEASE HELP FOR POLICY FILE !

Hello All,
i write that code
try {
System.setSecurityManager(new RMISecurityManager());
     java.util.Properties prop = System.getProperties();
     prop.setProperty("java.security.policy","D:\\Borland\\AppServer\\var\\servers\\sas2\\wars\\tomcat3\\webcontainer_examples\\WEB-INF\\classes\\pol.policy");
AddServerImpl addServerImpl = new AddServerImpl();
     Registry registry = LocateRegistry.createRegistry(1099);
     LocateRegistry.getRegistry().rebind("AddServer",addServerImpl);
catch(Exception e) {
out.println("Exception: " + e);
After that i got that exception
Exception: java.security.AccessControlException: access denied (java.util.PropertyPermission java.security.policy write)
please any body tell me how i solve it ?
i m thanksfull.
Arif.

I tried adding these lines to my code to set the policy inside the program:
System.setSecurityManager(new RMISecurityManager());
java.util.Properties prop = System.getProperties();
prop.setProperty
("java.security.policy","C:\\Pawel\\School\\year4\\rmi\\policy.txt");
This is the error that i get..
Exception in thread "main" java.security.AccessControlException: access
denied (
java.util.PropertyPermission * read,write)
at java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:270)
at java.security.AccessController.checkPermission(AccessController.java:
401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:
1259)
at java.lang.System.getProperties(System.java:500)
at FileServer.main(FileServer.java:10)
My problem is that i have a GUI running thus i don't know how to start my FileSever classs with the java -Djava.security.policy=policy.txt FileServer
ive tested the gui client part .. i can start the file server using the previous command line then connect to it thru the gui but as soon as i activate the fileserver thru the gui it does not work..
should i have my gui just run a .bat file isntead of making a seporate thread for the fileserver?
is there a way of doing that..
or is there a way of setting the policy from the code?
thanks
pawel

Please Help: Solaris 8 Installation Failure

Hi Everyone.
I have a brand new Dell PowerEdge 500SC, Ram= 1G, and there is no operating system on it. I tried to install from both the Installation CD or the Software CD 1, 2, but I get the same warnings and the installation fails and the system reboots itself and so on and so forth.
I have not done any partitioning.
These are the warnings I recieve:
Warning /pci @0,0/pci-ide@f,1/ide@1 (ata1):
Time out: abort Request, target=0, Lun=0
Warning /pci @0,0/pci-ide@f,1/ide@1 (ata1):
Time out: abort Device, target=0, Lun=0
Warning /pci @0,0/pci-ide@f,1/ide@1 (ata1):
Time out: Reset Target, target=0, Lun=0
Warning /pci @0,0/pci-ide@f,1/ide@1 (ata1):
Time out: Reset Bus, target=0, Lun=0
At this point the system reboots itself.
Also in the beginning I get the Warning that APCI Tables no in Reclaim Memory.
Thank you

Well,
I am not familiar with your machine, and not sure
if this will help,
but start with the following:
- from your BIOS, disable the Plug and Play option,
- from your BIOS, set APIC to PIC for the interrupt
handling
- Take the NIC (ethernet card) off the computer,
- Then when you are starting the DCA program,
did the system ever finished scanning and probing
the the devices ?
If it did, before you hit continue (F2),
do Device Tasks (F4), and then take a look at
the IDE devices.
Sometimes, the problem appears when both IDE controller are detected as one controller with
2 interrupts. Check if this is the case.
Some times you might need to split that IDE controller into two different one, each with its
own port and IRQ.
good luck and let me know if

:::Flash Debugging Please Help:::

Hello all,
I've just finished a website and there is a bug and I've
been having the most trouble figuring out. Go to
www.chameleonworldwide.com/CCD.swf . Click on the mainsite button,
and it will take you to a random part of my intro, I used the code
on(release){
gotoAndPlay("main", 1);
and if it actually did that we would be fine, however, what
you see when you click the button is not in the "main" movie scene
at all. Its in the "intro" scene. I can't figure how I would change
this code, because I've typed in exactly what I wanted to do.
Please Help! My site cannot officially lauch until I fix
this.

D. Porter wrote:
> Hello all,
> I've just finished a website and there is a bug and I've
been having
> the most trouble figuring out. Go to
www.chameleonworldwide.com/CCD.swf . Click
the button does not work here at all... tho running SWF
directly w/o html
might have such effects. So can't even test it, sorry.
Regards
Urami
Happy New Year guys - all the best there is in the 2006 :)
<urami>
http://www.Flashfugitive.com
</urami>
<web junk free>
http://www.firefox.com
</web junk free>

I am trying to side load XBMC/KODI to my FireTV. I cannot open the Gotham .APK file. I says no app available. I'm not sure what app to download. Please help.

I am trying to side load XBMC/KODI to my FireTV. I cannot open the Gotham .APK file. I says no app available. I'm not sure what app to download. Please help.

Try a site focused on hacking the fire TV... maybe something like this...
http://bit.ly/1BsVrje

I can't determine how a group policy is being applied. Please help. Thank you.

Hi,
I'm having a problem trying to find how a particular policy is being applied on my domain (I've inherited this domain). When ever a user logs into a domain, the computer get's a new local group policy. One particular attribute is that the local
admin account get's renamed:
I can't figure out where it's coming from. I've run gpresult, and I'm assuming it's the default domain policy.
But when I go to the domain controller and look at the default domain policy, the entry is empty:
I'm really at a loss. However, I really don't think it's the default domain policy, but I can't figure out what else it could be?
Any help would be greatly appreciated. Thanks!!! -Tim

Does this help
C:\Users\***>gpresult /z
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 2/12/2015 at 1:57:06 PM
RSOP data for ****\*** on H9MHD12 : Logging Mode
OS Configuration:            Member Workstation
OS Version:                  6.1.7601
Site Name:                   Default-First-Site-Name
Roaming Profile:             N/A
Local Profile:               C:\Users\***
Connected over a slow link?: No
COMPUTER SETTINGS
    CN=H9MHD12,CN=Computers,DC=***,DC=com
    Last time Group Policy was applied: 2/12/2015 at 1:03:12 PM
    Group Policy was applied from:      ***.***.Com
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        ****
    Domain Type:                        Windows 2000
    Applied Group Policy Objects
        Default Domain Policy
        Local Group Policy
    The computer is a part of the following security groups
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        This Organization
        H9MHD12$
        Domain Computers
        System Mandatory Level
    Resultant Set Of Policies for Computer
        Software Installations
            N/A
        Startup Scripts
            N/A
        Shutdown Scripts
            N/A
        Account Policies
            GPO: Default Domain Policy
                Policy:            MaximumPasswordAge
                Computer Setting: 42
            GPO: Default Domain Policy
                Policy:            MinimumPasswordAge
                Computer Setting: N/A
            GPO: Default Domain Policy
                Policy:            LockoutBadCount
                Computer Setting: N/A
            GPO: Default Domain Policy
                Policy:            PasswordHistorySize
                Computer Setting: 1
            GPO: Default Domain Policy
                Policy:            MinimumPasswordLength
                Computer Setting: N/A
        Audit Policy
            N/A
        User Rights
            N/A
        Security Options
            GPO: Default Domain Policy
                Policy:            PasswordComplexity
                Computer Setting: Not Enabled
            GPO: Default Domain Policy
                Policy:            ClearTextPassword
                Computer Setting: Not Enabled
            GPO: Default Domain Policy
                Policy:            ForceLogoffWhenHourExpire
                Computer Setting: Not Enabled
            GPO: Default Domain Policy
                Policy:            RequireLogonToChangePassword
                Computer Setting: Not Enabled
            GPO: Default Domain Policy
                Policy:            NewAdministratorName
                Computer Setting: Enabled
            N/A
        Event Log Settings
            N/A
        Restricted Groups
            N/A
        System Services
            N/A
        Registry Settings
            N/A
        File System Settings
            N/A
        Public Key Policies
            N/A
        Administrative Templates
            GPO: Local Group Policy
                KeyName:     Software\Policies\Microsoft\Windows\ScPnp\EnableScP
nP
                Value:       0, 0, 0, 0
                State:       Enabled
USER SETTINGS
    CN=*******,OU=Users,OU=Corporate,OU=***,DC=***,DC=com
    Last time Group Policy was applied: 2/12/2015 at 1:33:14 PM
    Group Policy was applied from:      ***.***.Com
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        ***
    Domain Type:                        Windows 2000
    Applied Group Policy Objects
        Default Domain Policy
    The following GPOs were not applied because they were filtered out
        Local Group Policy
            Filtering: Not Applied (Empty)
    The user is a part of the following security groups
        Domain Users
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
    The user has the following security privileges
        Bypass traverse checking
        Manage auditing and security log
        Back up files and directories
        Restore files and directories
        Change the system time
        Shut down the system
        Force shutdown from a remote system
        Take ownership of files or other objects
        Debug programs
        Modify firmware environment values
        Profile system performance
        Profile single process
        Increase scheduling priority
        Load and unload device drivers
        Create a pagefile
        Adjust memory quotas for a process
        Remove computer from docking station
        Perform volume maintenance tasks
        Impersonate a client after authentication
        Create global objects
        Change the time zone
        Create symbolic links
        Increase a process working set
    Resultant Set Of Policies for User
        Software Installations
            N/A
        Logon Scripts
            N/A
        Logoff Scripts
            N/A
        Public Key Policies
            N/A
        Administrative Templates
            N/A
        Folder Redirection
            N/A
        Internet Explorer Browser User Interface
            N/A
        Internet Explorer Connection
            N/A
        Internet Explorer URLs
            N/A
        Internet Explorer Security
            N/A
        Internet Explorer Programs
            N/A

Group Policy Preferences - Internet Settings - Trusted Sites

hi all
I can't set Trusted Zone (Site) with GPO Preferences - Internet Settings because it is grey?
Chris

Hi Chris,
The Trusted Sites cannot be added using Group Policy Preferences. But you can add it by native group policy.
The group policy settings are here:
User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
If you really want to use the GPP, please manually add the registry keys through GPP.
Regards,
Miya
This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer
your question. This can be beneficial to other community members reading the thread.

Group Policy not populating IE11's compatibility sites.

We normally do not allow IE updates, but we got a pallet of new computers with IE11 preinstalled on them from Dell. I figured now is a good time to get this working in our environment.
The issue is that under our group policy settings are not putting the websites we need in compatibility mode. I have verified the group policy is applied to my computer using rsop.msc and I verified the settings in there. However when
I try to visit our loan application which runs at http://192.168.1.9 it shows a browser not supported message and says to use IE 5.5 or later. Well if one were to manually add the site in compatibility mode, then it would work. So we want to avoid
the calls to IT Support on how to add sites to compatibility mode and just control it from our end via Group Policy.
So under User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Compatibility View : we have these set:
Include updated Web site lists from Microsoft - Enabled
Use Policy List of Internet Explorer 7 sites - Enabled
Show:
http://192.168.1.9 (our lending application)
https://another website
http://192.168.1.15 (our lending application test site for new upcoming releases)

Hi,
The site list deployed using administrative template might not be visible in IE user interface. We could see the sites loading in the compatibility mode by opening the developer tool bar (press F12) and checking the browser mode.
Also, we can verify the setting in the client machine registry. The configuration is written to registry under HKCU(HKLM)\Software\[Wow6432Node]\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyList. More information, please see
this blog:
How to add web site to Compatibility View List via GPO
In addition, we need to configure the "Turn on Internet Explorer Standards
mode for Local Intranet" policy and set it to disable.
For the “Use
Policy List of Internet Explorer 7 sites”
policy: We need to add Top level domain names in the
policy settings. Reference: Compatibility List FAQ
Some more information:
Missing the Compatibility View Button
Hope this helps
Best regards
Michael Shao
TechNet Community Support

Need help in setting up Group Policy for same user in local system and Terminal server

Hi All,
Currently our remote users are using our network using VPN client over internet.
They are generally at their home computer and doing VPN as they have to work only in one RDP server for application.
We actually have a OU created for these RDP users and assign then some strict policy like they can not use any other .exe,they can not user any explorer ,they can not even use windows explorer when they are on RDP they just use one exe of their application.
Now what my management want is they want their home computers in Domain and want them to login via their same credentials they are using for RDP but they don't want them to restrict in their home computers with any strict policy.
Now my confusion is how can I configure different policies for same users or same OU.
Can any one guide me please...

you can achieve this fairly easily with group policy.
create an OU and put your remote desktop servers in that OU.
configure both user and computer policies in a group policy and link it to that ou.
you need to enable loopback mode - you may want it in merge or replace depending on your other policies you have. Probably replace though I would guess. this is set in the computer configuration > admin templates > system / group policy section.
now remove the policy you have currently setup for your users on the users OU containing the rdp users. If you want you can move these users back to your main users OU.
when your users login to the RDP server the settings in the user section of the GPO linked to the RDP Servers OU will apply.
when the user logs in to their own computer the policies from the user OU and computer OU will apply - but not the more restrictive RDP OU.
hope that makes sense.
Regards,
Denis Cooper
MCITP EA - MCT
Help keep the forums tidy, if this has helped please mark it as an answer
My Blog
LinkedIn:

Please wait for the group policy client - shutting down issues

Hi
I have issues with shutting down machines. When machine is connected to company's LAN everything works fine. However, if machine is connected to VPN - Juniper NC - 1 hour or more it always hangs when it is shutting down. When I shut down the machine
(verbose mode on), first stage is:
Please wait for the system Event Notification service.
This ends exactly
after 3 minutes. Next stage:
Please wait for the group policy client windows 7
...is never timed out (even after few hours). Machine never shuts down.
In Application logs there are always these 4 events when machine is unsuccessfully shutting down:
6005: The winlogon notification subscriber <Sens> is taking long time to handle the notification event (Logoff).
4627: The COM+ Event System timed out attempting to fire the Logoff method on event class {D5978650-5B9F-11D1-8DD2-00AA004ABD5E} for publisher and subscriber . The subscriber failed to respond within 180 seconds.
The display name of the subscription is "ISensLogon2". The HRESULT was 80010002.
6006: The winlogon notification subscriber <Sens> took 180 second(s) to handle the notification event (Logoff).
6005: The winlogon notification subscriber <GPClient> is taking long time to handle the notification event (Logoff).
Sens is timed out after 3 minutes while there is no 6006 event for GPClient and machine is stuck there for ages (Please wait for the group policy client
stage). I noticed in System logs that machine always hangs if there is this error
5783: The session setup to the Windows NT or Windows 2000 Domain Controller \\server for the domain X is not responsive. The current RPC call from Netlogon on \\machine to \\server has been cancelled.
I made a group policy log and below you can see part of GPSVC log when machine is unsuccessfully shutting down:
GPSVC(2d4.1cfc) 21:31:24:327 CGPNotify::UnregisterNotification: Entering with event 0xe58
GPSVC(2d4.1cfc) 21:31:24:327 CGPNotify::AbortAsyncRegistration: No asyn registration is pending
GPSVC(2d4.1cfc) 21:31:24:327 CGPNotify::UnregisterNotification: Canceling pending calls
GPSVC(2d4.1cfc) 21:31:24:327 Client_CompleteNotificationCall: failed with 0x71a
GPSVC(2d4.1cfc) 21:31:24:327 CGPNotify::UnregisterNotification: Cancelled pending calls
GPSVC(2d4.1cfc) 21:31:24:327 CGPNotify::UnregisterNotification: Exiting with dwStatus = 0x0
GPSVC(438.1a04) 21:31:24:327 Waiting for user group policy thread to terminate.
GPSVC(2d4.1cfc) 21:31:24:327 CGPNotify::UnregisterNotification: Entering with event 0xe10
GPSVC(2d4.1cfc) 21:31:24:327 CGPNotify::AbortAsyncRegistration: No asyn registration is pending
GPSVC(2d4.1cfc) 21:31:24:327 CGPNotify::UnregisterNotification: Canceling pending calls
GPSVC(218.c88) 21:31:24:327 Client_CompleteNotificationCall: failed with 0x525
GPSVC(2d4.1cfc) 21:31:24:327 Client_CompleteNotificationCall: failed with 0x71a
GPSVC(2d4.1cfc) 21:31:24:327 CGPNotify::UnregisterNotification: Cancelled pending calls
GPSVC(2d4.9c8) 21:31:24:327 CGPNotify::OnNotificationTriggered: Completenotification failed with 1317
GPSVC(2d4.1cfc) 21:31:24:327 CGPNotify::UnregisterNotification: Entering with event 0xdcc
GPSVC(218.1054) 21:31:24:327 CGPNotify::UnregisterNotification: Entering with event 0x20cc
GPSVC(2d4.1cfc) 21:31:24:327 CGPNotify::AbortAsyncRegistration: No asyn registration is pending
GPSVC(2d4.9c8) 21:31:24:327 CGPNotify::OnNotificationTriggered: Completenotification failed with 1317
GPSVC(2d4.1cfc) 21:31:24:327 CGPNotify::UnregisterNotification: Entering with event 0xd90
GPSVC(218.1054) 21:31:24:327 CGPNotify::AbortAsyncRegistration: No asyn registration is pending
GPSVC(2d4.1cfc) 21:31:24:327 CGPNotify::AbortAsyncRegistration: No asyn registration is pending
GPSVC(2d4.1cfc) 21:31:24:342 CGPNotify::UnregisterNotification: Exiting with dwStatus = 0x0
GPSVC(218.d48) 21:31:24:342 Client_CompleteNotificationCall: failed with 0x525
GPSVC(218.d48) 21:31:24:342 CGPNotify::OnNotificationTriggered: Completenotification failed with 1317
GPSVC(218.1c04) 21:31:24:327 Client_CompleteNotificationCall: failed with 0x525
GPSVC(218.1c04) 21:31:24:342 CGPNotify::OnNotificationTriggered: Completenotification failed with 1317
GPSVC(218.1054) 21:31:24:342 CGPNotify::AbortAsyncRegistration: No asyn registration is pending
GPSVC(218.1054) 21:31:24:342 CGPNotify::UnregisterNotification: Exiting with dwStatus = 0x0
GPSVC(218.1054) 21:31:24:342 CGPNotify::UnregisterNotification: Entering with event 0x2100
GPSVC(218.1054) 21:31:24:342 CGPNotify::AbortAsyncRegistration: No asyn registration is pending
GPSVC(218.1054) 21:31:24:342 CGPNotify::UnregisterNotification: Exiting with dwStatus = 0x0
GPSVC(218.1054) 21:31:24:342 CGPNotify::UnregisterNotification: Entering with event 0x1264
GPSVC(218.1054) 21:31:24:342 CGPNotify::AbortAsyncRegistration: No asyn registration is pending
GPSVC(218.1054) 21:31:24:342 CGPNotify::UnregisterNotification: Exiting with dwStatus = 0x0
I tried with signing out from VPN before shutting down machine, I even switched off WiFi but machine still hung. If i tried to get GP results before shutting down machine it takes ages and it is stuck in "Getting the user name" stage.
Gpupdate /force never updates policy (It stops at Updating Policy...). I tired with installing different hotfixes which did not resolve the issue. I never have any
issues with logging in, no GP scripts are applied when user is logging off or on, no roaming profiles. The only issue is when machine needs to be shut down.
I excluded 1 machine from GP and left it on VPN for a few hours, several times. It always shuts down successfully. I applied GP back one by one and the one which is presumably causing an issue is Avecto which adds admin rights when VPN application
starts (event 100):
Process started with admin rights added to token.
Command Line: "C:\Users\User\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe"
Process Id: 5540
Parent Process Id: 2252
Policy: EA-PrivilegeGuardSettings.UK Policy
Application Group: EA-PrivilegeGuardSettings.Applications Granted Admin Rights
Reason: <None>
File Name: c:\users\User\appdata\roaming\juniper networks\setup client\junipersetupclient.exe
Hash: 27D8463A913A802E555AEEF45717B122249AA993
Certificate: Juniper Networks, Inc.
Description: Juniper Setup Client
Application Type: exe
Product Name: Juniper Setup Client
Product Code: <None>
Upgrade Code: <None>
Product Version: 8.0.6.48695
I guess there is a DNS issues when machine is on VPN which leads that GP cannot be applied / updated. Not sure if or why Avecto would have an impact on this. When machine is trying to shut down it still somehow thinks it is connected to DC. What
I also noticed are several explorer crashes while machine is on VPN.
Does anyone have same issues? All machines are Dell with Juniper NC (VPN).
Thanks,

Hi,
According to event log, Winlogon process takes a long time to handle logoff event. That's to say winlogon process is waiting for response to logoff.
According to your description after, this problem is most probably caused by Avecto. You can try to disable or uninstall it temporarily for test.
To make further troubleshoot with this problem, you can try to use WPT (Windows Performance Tool) to make troubleshoot.
http://blogs.technet.com/b/askpfeplat/archive/2013/03/22/troubleshooting-windows-performance-issues-using-the-windows-performance-recorder.aspx
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Please Help| group policy site failure

Similar Messages

Maybe you are looking for