This program is blocked by group policy ( on a computer running vista)
I have read so much about the problem and tried about everything that everyone said to do. and it still has not fixed the problem. the problem I see is that most of the problems that I have read about the units are running something besides Vista. It seem
to also have blocked me from down loading programs and files. I need help on fixing this problem. I dont know what to try next. can someone help PLEASE.
Unfortunately your post is off topic here, in the TechNet Site Feedback forum, because it is not Feedback about the TechNet Website or Subscription. This is a standard response I’ve written up in advance to help many people (thousands, really.)
who post their question in this forum in error, but please don’t ignore it. The links I share below I’ve collected to help you get right where you need to go with your issue.
For technical issues with Microsoft products that you would run into as an
end user of those products, one great source of info and help is
http://answers.microsoft.com, which has sections for Windows, Hotmail, Office, IE, and other products. Office related forums are also here:
http://office.microsoft.com/en-us/support/contact-us-FX103894077.aspx
For Technical issues with Microsoft products that you might have as an
IT professional (like technical installation issues, or other IT issues), you should head to the TechNet Discussion forums at
http://social.technet.microsoft.com/forums/en-us, and search for your product name.
For issues with products you might have as a Developer (like how to talk to APIs, what version of software do what, or other developer issues), you should head to the MSDN discussion forums at
http://social.msdn.microsoft.com/forums/en-us, and search for your product or issue.
If you’re asking a question particularly about one of the Microsoft Dynamics products, a great place to start is here:
http://community.dynamics.com/
If you really think your issue is related to the subscription or the TechNet Website, and I screwed up, I apologize! Please repost your question to the discussion forum and include much more detail about your problem, that could include screenshots
of the issue (do not include subscription information or product keys in your screenshots!), and/or links to the problem you’re seeing.
If you really had no idea where to post this question but you still posted it here, you still shouldn’t have because we have a forum just for you! It’s called the Where is the forum for…? forum and it’s here:
http://social.msdn.microsoft.com/forums/en-us/whatforum/
Moving to off topic.
Thanks, Mike
MSDN and TechNet Subscriptions Support
Similar Messages
-
"This program is blocked by group policy"
Hi all.
I have searched Google a fair bit on this but shockingly I just can't find an actual answer. The Group Policy forum is where I should have started rather than finally come to :)
I am no genius with GP, I use it in the most basic ways in very small orgs. My users appear to all have the same problem, when they insert a removable media device that has software on it that might run or autorun, I get the "This program
is blocked by group policy, contact your admin" message. I don't believe this ccurs with removable media just as just plain USB storage sticks. So far the two examples I know of are for an Internet providers USB broadband mobility stick, and
another user that is using some Kodak products (SD card, camera, and even the Kodak CD I think).
Environment is 2008 R2, Win7 Pro workstations, all users are local admin on their machine. All users are in the default Users container, and all computers are in the Computer container. To my recollection I have never set a GPO that would directly
or indirectly cause all users problems like this. The only thing that has had indirect consequences that I know of in the past, was because we use many of the options available under Folder Redirection, including redirecting the Desktop. In some
cases, when a user has tried to launch an exe or what not that was on the desktop, it failed because it's trying to launch in truth on their user folder on the server, not really on the Windows Desktop. I'm not sure if that might impact my current problem.
To start, where can I go to actually check GPO's for this? Is this the Software Restriction Policy? If so, which one governs, the one in User Configuration or Copmputer Configuration? In both cases I went to GPMC and under both, it would
say I had to go to the Actions menu to create a New Software Restriction policy. I did so (just picking the item in the Actions menu), and the resutlt was some choices under the actual GPO now, none of which I've yet configured.
So, I need to torublesahoot this ut also to know where such a thing causing this error message would be set under normal circumstances. Also, could antivirus cause this? I can't see the error saying "group policy" if it did though.
Thank you very much.Hi,
Thanks for posting your issue in the forum.
Based on your description, I suspect that maybe Software Restriction Policy has been configured in the domain. At this time, I suggest we could try to collect the following information to narrow
down the cause of the issue.
GPMC.log
==================
a. On domain controller, click Start ->Run, type GPMC.MSC, it will load the GPMC console.
b. Right click on "Group Policy Result" and choose wizard to generate a report for the problematic computer and user account (please place appropriately). (Choose computer and select the proper
user in the wizard)
c. Right click
the resulting group policy result and click the "Save Report…" => save report to save the report to a HTML file.
Once we get the report, please check if the Software Restriction Policy has been configured and applied to the problematic computers and users. If so, please disable the policy setting to see
if the issue persists.
In addition, please try to refer to the following articles for detailed information about Software Restriction Policy and how to troubleshoot Group Policy problems.
Software Restriction Policies
http://technet.microsoft.com/en-us/library/hh831534.aspx
Troubleshooting Group Policy Problems
http://technet.microsoft.com/en-us/library/cc787386(v=ws.10).aspx
Hope this helps.
Best Regards,
Andy Qi
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback
on our support quality, please send your feedback here.
Andy Qi
TechNet Community Support -
"This program is blocked by group policy. Contact admin"
This message comes us up when I try to manage accounts in the control panel. What do I do?
Sounds like this has been blocked by Group Policy. Run a GPRESULT /h on the computer to see if this is being pushed to you as a Domain GPO. If so... contact you administrator and ask them about the restriction.
Alan Burchill (MVP)
http://www.grouppolicy.biz
@alanburchill -
My Photoshop Elements 10 will no longer work on my home computer. When I try to use it, a pop up will state " This program is blocked by group policy''. I am not aware of any changes that I have made to computer to cause this. Any ideas?
Look in AppLocker to see if there are rules restricting things:
http://www.sevenforums.com/tutorials/7844-applocker-create-new-rules.html
If you know your way around your computer to some extent, open a command prompt, and get a report of your group policy settings, and post it in a message here. Specifically:
Start / Run / cmd
C:\whatever> cd \
C:\> gpreport /z > c:\gp.txt
C:\> notepad c:\gp.txt
In notepad: Ctrl-A, Ctrl-C (to select all and copy the text)
Paste the contents of the clipboard into a reply on the web version of the forum. -
Group Policy Preference Power Plan "Blocked By Group Policy"
I noticed this error in the application event log of a Windows 7 PC:
Log Name: Application
Source: Group Policy Power Options
Date: 3/21/2013 3:19:42 AM
Event ID: 4098
Task Category: (2)
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: xxx
Description:
The computer 'Power Plan (Windows Vista and later)' preference item in the 'Windows 7 Desktop Power Plan {A078F08F-45CC-4209-A264-FE0CB5635A99}' Group Policy object did not apply because it failed with error code '0x800704ec This program is blocked by group
policy. For more information, contact your system administrator.' This error was suppressed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Group Policy Power Options" />
<EventID Qualifiers="34305">4098</EventID>
<Level>3</Level>
<Task>2</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-03-21T10:19:42.000000000Z" />
<EventRecordID>7687</EventRecordID>
<Channel>Application</Channel>
<Computer>xx</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>computer</Data>
<Data>Power Plan (Windows Vista and later)</Data>
<Data>Windows 7 Desktop Power Plan {A078F08F-45CC-4209-A264-FE0CB5635A99}</Data>
<Data>0x800704ec This program is blocked by group policy. For more information, contact your system administrator.</Data>
</EventData>
</Event>
How can I find out exactly why it is not working? "Blocked by group policy" is not specific enough.Hi,
You can also enable GPP tracing and logging for more information:
Computer Configuration\Policies\Administrative Templates\System\Group Policy\Configure Power Options preference logging and tracing
http://blogs.technet.com/b/askds/archive/2008/07/18/enabling-group-policy-preferences-debug-logging-using-the-rsat.aspx
Regards,
Cicely
There is no such option "Configure Power Options preference logging and tracing" at Computer
Configuration\Policies\Administrative Templates\System\Group Policy\.
It alphabetical order Always use local ADM files ... is followed by Disallow interactive users from generating ... Not -
Programs Blocked by Group Policy - But Why?
Hi, I'm hoping someone can help with this... I'm an IT technician and one of my clients has suddenly experienced an issue whereby they can no longer execute two programs without right clicking and selecting "Run As Administrator". This happened
"out of the blue" and without any warning or trigger event. The user has been running this same configuration for months before this issue started happening. The only possible event was the user reported possibly running some sort of malware from
an email attachment they thought was safe but later determined it came from an unknown source. HOWEVER, all current virus and malware scans come up clean.
If they just click the icon and do a normal execute they receive the message "Program blocked by Group Policy". They are on a domain, however, there have been NO changes to any of the group policies AND no other users are experiencing the issue
despite the fact all the users are contained in the same security group on the domain controller.
The two programs this user can no longer execute, without elevation, are: AVG Antivirus Business edition and Symantec PC Anywhere.
I've been all over google and made some recommended changes via gpedit.msc but nothing has helped so far. I also did a gpupdate and tried turning UAC on and off but the behaivor is the same regardless of the state of UAC.
Anyone have any suggestions? Thanks much,
--RickThe mailware may have put in a registry entry under policies that is
causing yuor behaviour.
As a last resort you could try this:
Logon as an Administrator
Navigate to HKLM\Software\Policies and nose around to see if anything
there might be the cause.
Next, Navigate to
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies and do the
same.
If nothing jumps out at you, back up both of these registry keys then delete them and then
run GPUPDATE /FORCE and see if problem is still there.
If so, try all the above steps again, but this time use HKCU instead
of HKLM.
Rick G.1 wrote:
>
>
>Hi, I'm hoping someone can help with this... I'm an IT technician and one of my clients has suddenly experienced an issue whereby they can no longer execute two programs without right clicking and selecting "Run As Administrator". This happened
"out of the blue" and without any warning or trigger event. The user has been running this same configuration for months before this issue started happening. The only possible event was the user reported possibly running some sort of malware from
an email attachment they thought was safe but later determined it came from an unknown source. HOWEVER, all current virus and malware scans come up clean.
>
>If they just click the icon and do a normal execute they receive the message "Program blocked by Group Policy". They are on a domain, however, there have been NO changes to any of the group policies AND no other users are experiencing the
issue despite the fact all the users are contained in the same security group on the domain controller.
>
>The two programs this user can no longer execute, without elevation, are: AVG Antivirus Business edition and Symantec PC Anywhere.
>
>I've been all over google and made some recommended changes via gpedit.msc but nothing has helped so far. I also did a gpupdate and tried turning UAC on and off but the behaivor is the same regardless of the state of UAC.
>
>Anyone have any suggestions? Thanks much,
>
>--Rick
>
>
>
Ha®®y -
Installation blocked by group policy designed to prevent CryptoLocker
We have followed the steps outlined by bleepingcomputer.com to prevent as best we can the CryptoLocker virus. Link to article: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#prevent
Please update your Reader installer to not use %AppData%\Local\Temp\. The CryptoLocker prevention method involves blocking that and the following paths. I know many businesses using these techniques.
Block CryptoLocker executable in %AppData%
Path: %AppData%\*.exe
Security Level: Disallowed
Description: Don't allow executables to run from %AppData%.
Block CryptoLocker executable in %LocalAppData%
Path if using Windows XP: %UserProfile%\Local Settings\*.exe
Path if using Windows Vista/7/8: %LocalAppData%\*.exe
Security Level: Disallowed
Description: Don't allow executables to run from %AppData%.
Block Zbot executable in %AppData%
Path: %AppData%\*\*.exe
Security Level: Disallowed
Description: Don't allow executables to run from immediate subfolders of %AppData%.
Block Zbot executable in %LocalAppData%
Path if using Windows XP: %UserProfile%\Local Settings\*\*.exe
Path if using Windows Vista/7/8: %LocalAppData%\*\*.exe
Security Level: Disallowed
Description: Don't allow executables to run from immediate subfolders of %AppData%.
Block executables run from archive attachments opened with WinRAR:
Path if using Windows XP: %UserProfile%\Local Settings\Temp\Rar*\*.exe
Path if using Windows Vista/7/8: %LocalAppData%\Temp\Rar*\*.exe
Security Level: Disallowed
Description: Block executables run from archive attachments opened with WinRAR.
Block executables run from archive attachments opened with 7zip:
Path if using Windows XP: %UserProfile%\Local Settings\Temp\7z*\*.exe
Path if using Windows Vista/7/8: %LocalAppData%\Temp\7z*\*.exe
Security Level: Disallowed
Description: Block executables run from archive attachments opened with 7zip.
Block executables run from archive attachments opened with WinZip:
Path if using Windows XP: %UserProfile%\Local Settings\Temp\wz*\*.exe
Path if using Windows Vista/7/8: %LocalAppData%\Temp\wz*\*.exe
Security Level: Disallowed
Description: Block executables run from archive attachments opened with WinZip.
Block executables run from archive attachments opened using Windows built-in Zip support:
Path if using Windows XP: %UserProfile%\Local Settings\Temp\*.zip\*.exe
Path if using Windows Vista/7/8: %LocalAppData%\Temp\*.zip\*.exe
Security Level: Disallowed
Description: Block executables run from archive attachments opened using Windows built-in Zip support.Hi, I am using a toshiba personal laptop, windows 7 home premuim. No one else uses it, nor have i brought it to any buisness , other home, etc.
I have been blocked by group policy for 3 months. I have spend over 200 dollars on ITs to only tell me they have never seen this before, and to buy a new laptop.. I have no idea why i am the admin, and only user yet all i can open is aol.
I am at my wits end, and will go buy another laptop, deffenitly nothing like this one.. I have lost alot of time and money trying to fix this, late payments etc
thanks for any input
aimee
oh my isp is cox, and i have a router
reading this I am able to identify that you are contaminated with malware, it may has also affected your recovery
try recovery to factory fresh and then install Microsoft Security Essentials so that you have 1/2 a chance next time
Corsair Carbide 300R with window
Corsair TX850V2 70A@12V
Asus M5A99FX PRO R2.0 CFX/SLI
AMD Phenom II 965 C3 Black Edition @ 4.0 GHz
G.SKILL RipjawsX DDR3-2133 8 GB
EVGA GTX 6600 Ti FTW Signature 2(Gk104 Kepler)
Asus PA238QR IPS LED HDMI DP 1080p
ST2000DM001 & Windows 8.1 Enterprise x64
Microsoft Wireless Desktop 2000
Wacom Bamboo CHT470M
Place your rig specifics into your signature like I have, makes it 100x easier to understand!
Hardcore Games Legendary is the Only Way to Play! -
Since downloading Firefox when I go on the Internet Internet Explorer pops up with a message - IE cannot open the webpage - Favorit. I have tried everything but cannot stop this happening. Any suggestions? Thanks. I am running Vista.
The exact same things happend to me!! how frustrating! ive reinstalld it soooo many times and quicktime seperatly too as i have had so many different error messages including something to do with quicktime, i dont know what to do but as you said my ipod is useless with out itunes! if anyone works this out let us know! thanks alot x
-
Drive Block using group policy
Can Any one help me about this drive block
i am unable to block the E & F drive for all users. so please advice with clear steps of commands, how do i write the drive blocks script using the group policy in server 2012.
However I tried through registry but still its not working. my only concern how to block few users accessing D drive and few users from F drive in the local system using group policy.
Thanks in advance.whats registry settings have you set ?
-
HAD AN ERROR WHEN DOWNLOADING QUICKTIME THIS MORNING NOW ITUNES SAY ITS CLOSED ??? RUNNING VISTA
Found the solution! Hooray!
Noticed a suggestion on this thread:
http://discussions.info.apple.com/message.jspa?messageID=11731496#11731496
To look in the ~/Library/iTunes/Mobile\ Backups folder to find the Manifest.plist folder, and delete entries for apps that might be causing the problem.
I remembered that a little while ago, I had started getting an error message while syncing and updated app (Sleepmaker or something- couldn't remember which, precisely, but knew that it was a white noise app). So, I went to the Manifest.plist folder, and removed the entries for the couple different flavors of the Sleepmaker app that I had installed.
Then, reconnected the iPhone, and clicked "Continue Restore" once again when it reported that there had been an interrupted restore. This time, it went through fully! Took quite a while (~1 hr) to copy all my media onto the phone, but now it's all there! Hopefully this will help others who might in the same situation... -
This problem has appeared only in the last week or two.
Start Firefox in [[Safe Mode]] to check if one of the add-ons is causing the problem (switch to the DEFAULT theme: Tools > Add-ons > Themes).
* Don't make any changes on the Safe mode start window.
See:
* [[Troubleshooting extensions and themes]] -
My Computer comes up with This program is blocked by group policy. For more info contact your system administrator. What do I need to do to get rid of this and be able to download? Thanks
Bjoralemon,
It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at http://support.novell.com in both the "free product support" and "paid product support" drop down boxes.
- You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
Deploying Office 2013 with Group Policy
I would like to deploy Office 2013 using group policy. I am new to group policy so am looking for some advice and guidance on the best way to deploy. I would like to deploy with no interaction with the user but yet display a message so that they
know not to open Office. I would also like to create a custom registry setting so that if I need to re-install, all I have to do is delete the registry setting. I have tried a group policy for installing with OCT settings (Basic, Suppress
Model checked, No Cancel checked, Completion Notice checked) and modifying the Config.xml (<Display Level="Basic" CompletionNotice="yes" SuppressModal="yes" AcceptEula="yes" />) but I can not get it to display
the installer screen so that users know it is installing. It does display the screen when running the setup.exe manually. I have a setting in the OCT that creates the registry setting and that is working correctly. My group policy is set to run the
below bat file at startup in the Computer Configuration.
setlocal
REM *********************************************************************
REM Environment customization begins here. Modify variables below.
REM *********************************************************************
REM Get ProductName from the Office product's core Setup.xml file, and then add "office15." as a prefix.
set ProductName=Office15.Standard
REM Set DeployServer to a network-accessible location containing the Office source files.
set DeployServer="\\xxxxxx\setup.exe"
REM Set LogLocation to a central directory to collect log files.
set LogLocation=\\xxxxx\Logfiles
REM *********************************************************************
REM Deployment code begins here. Do not modify anything below this line.
REM *********************************************************************
IF NOT "%ProgramFiles(x86)%"=="" (goto ARP64) else (goto ARP86)
REM Operating system is X64. Check for 32 bit Office in emulated Wow6432 uninstall key
:ARP64
reg query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\Microsoft\Windows\CurrentVersion\Uninstall\%ProductName%
if NOT %errorlevel%==1 (goto End)
REM Check for 32 and 64 bit versions of Office 2013 in regular uninstall key.(Office 64bit would also appear here on a 64bit OS)
:ARP86
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%ProductName%
if %errorlevel%==1 (goto Office) else (goto End)
REM If 1 returned, the product was not found. Run setup here.
:Office
%DeployServer%
echo %date% %time% Setup ended with error code %errorlevel%. >> %LogLocation%\%computername%.txt
REM If 0 or other was returned, the product was found or another error occurred. Do nothing.
:End
Endlocal
Any advice or guidance would be greatly appreciate on how to get a pop up message while software is installing or if there is a better way to deploy.> but I can not get it to display the installer screen so that users know
> it is installing. It does display the screen when running the setup.exe
> manually. I have a setting in the OCT that creates the registry setting
> and that is working correctly. My group policy is set to run the
> below bat file at startup in the Computer Configuration.
Check http://gpsearch.azurewebsites.net/#2308 - if this is enabled, you
will not be able to show "anything" in startup scripts...
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Windows 7 Group Policy Processing - EventID 1058
I am having an issue with Windows 7 clients refreshing group policy. When I run gpupdate the user policy refreshes and the moves on to the computer policies but fails displaying the error below. Replication topology checks out, dcdiag returns
no errors and sysvol permissions look ok too. Curiously the same policies apply just fine on windows xp pro systems. The Domain Controller is running Server 2008 Enterprise Edt R2 SP1, I see no 1030 eventid's on the domain controllers as others
frequently report with this error. The domain is running at Windows Server 2003 functional level but I have creaded a PolicyDefinitions folder in the sysvol for admx files etc. Where to go from here? Does anyone have any suggestions/insight
as to what the issue may be?
The sysvol and the gpt.ini file is accessible from the Windows 7 client using UNC path.
Thanks in advance for any assistance given.
The error code listed is 0 which is not mentioned in this article
http://social.technet.microsoft.com/wiki/contents/articles/1456.aspx
## Error details
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 2/8/2012 2:38:09 PM
Event ID: 1058
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: win7box.abc123.net
Description:
The processing of Group Policy failed. Windows attempted to read the file
\\abc123.net\SysVol\abc123.net\Policies\{EB062BE8-CAF6-47B4-9B8B-27A19268C520}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused
by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1058</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-02-08T20:38:09.770740300Z" />
<EventRecordID>3972</EventRecordID>
<Correlation ActivityID="{24F60AA4-DC8D-4F6D-8787-9535072F03C0}" />
<Execution ProcessID="996" ThreadID="1148" />
<Channel>System</Channel>
<Computer>win7box.abc123.net</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SupportInfo1">4</Data>
<Data Name="SupportInfo2">816</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">3354</Data>
<Data Name="ErrorCode">0</Data>
<Data Name="ErrorDescription">The operation completed successfully. </Data>
<Data Name="DCName">DC.abc123.net</Data>
<Data Name="GPOCNName">CN={EB062BE8-CAF6-47B4-9B8B-27A19268C520},CN=Policies,CN=System,DC=abc123,DC=net</Data>
<Data Name="FilePath">\\abc123.net\SysVol\abc123.net\Policies\{EB062BE8-CAF6-47B4-9B8B-27A19268C520}\gpt.ini</Data>
</EventData>
</Event>
## DCDiag Results (No RODC's hence NCSecDesc error )
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: North\DC
Starting test: Connectivity
......................... DC passed test Connectivity
Doing primary tests
Testing server: North\DC
Starting test: Advertising
......................... DC passed test Advertising
Starting test: FrsEvent
......................... DC passed test FrsEvent
Starting test: DFSREvent
......................... DC passed test DFSREvent
Starting test: SysVolCheck
......................... DC passed test SysVolCheck
Starting test: KccEvent
......................... DC passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=abc123,DC=net
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=abc123,DC=net
......................... DC failed test NCSecDesc
Starting test: NetLogons
......................... DC passed test NetLogons
Starting test: ObjectsReplicated
......................... DC passed test ObjectsReplicated
Starting test: Replications
......................... DC passed test Replications
Starting test: RidManager
......................... DC passed test RidManager
Starting test: Services
......................... DC passed test Services
Starting test: SystemLog
......................... DC passed test SystemLog
Starting test: VerifyReferences
......................... DC passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : abc123
Starting test: CheckSDRefDom
......................... abc123 passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... abc123 passed test CrossRefValidation
Running enterprise tests on : abc123.net
Starting test: LocatorCheck
......................... abc123.net passed test LocatorCheck
Starting test: Intersite
......................... abc123.net passed test IntersiteI shortened this down a good bit but here is the gist of it, my question is which context/user/account is being denied access to the .ini files? I have never used the streams utility but I'll give it a whirl and report back what I get. Most of
the cannot be accessed are probably just policies that are not applicable to the machine but the gpt.ini errors are baffling me.
New GPO - it appears that new GPOs are fine
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Searching <cn={5D0EF3CD-7942-4A89-A879-4F9FDB3064BF},cn=policies,cn=system,DC=abc123,DC=net>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Machine has access to this GPO.
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: GPO passes the filter check.
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found functionality version of: 2
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found file system path of: <\\abc123.net\SysVol\abc123.net\Policies\{5D0EF3CD-7942-4A89-A879-4F9FDB3064BF}>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found common name of: <{5D0EF3CD-7942-4A89-A879-4F9FDB3064BF}>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found display name of: <gpoC-Win7Test>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found machine version of: GPC is 0, GPT is 0
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found flags of: 0
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: No client-side extensions for this object.
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: GPO gpoC-Win7Test doesn't contain any data since the version number is 0. It will be skipped.
Older GPO's - not so fine
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={B34A8F23-269C-43D8-A097-2307729FBFF6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Searching <CN={55338992-95C9-4FA2-80E4-0ED4A623EE09},CN=Policies,CN=System,DC=abc123,DC=net>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Machine has access to this GPO.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: GPO passes the filter check.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found functionality version of: 2
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found file system path of: <\\abc123.net\SysVol\abc123.net\Policies\{55338992-95C9-4FA2-80E4-0ED4A623EE09}>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found common name of: <{55338992-95C9-4FA2-80E4-0ED4A623EE09}>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found display name of: <gpoS-RealPlayerEnt6 - Security>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found machine version of: GPC is 0, GPT is 0
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found flags of: 0
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: No client-side extensions for this object.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: GPO gpoS-RealPlayerEnt6 - Security doesn't contain any data since the version number is 0. It will be skipped.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={C92FD413-E891-47E0-B554-BD7F9209D036},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={FEF33797-46D0-452A-B3D7-0BEEC2330592},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={CCBFECA5-2FF8-4512-8CE4-108C4092D009},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={767959D5-7AB6-4D55-A02E-3F54439CC7DA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={10DCAC5E-9904-41FF-B678-E8514F481E56},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={3229FD3D-868A-4406-AFAF-6449ADBB4749},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1DD39B5C-B930-4750-8EC3-42D0FB89A3B9},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={E10350D2-F632-4D5E-9668-4151596B1D77},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={86C864C5-C861-42FC-B728-BAEE81C9A091},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={FE1162BF-9FE2-4F04-A514-80A8E6D5F7CD},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={F68214D3-33F3-4F76-BE26-306D0237A048},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={CA6B06CE-C546-41F1-87FB-9013701AEF00},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={C8C9EFA2-90AA-4162-9051-23FD83B5CF62},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={DE445C4F-9A0F-488F-8769-C041CF2184AA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={7CDB465C-55AC-4CBC-9C18-F3ADACDFEB46},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={F4E0F78E-BE36-4793-A8B1-83B2D67083F1},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={53359F0A-8C9B-4831-936F-3D47C4CC2694},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={6793DBEE-47B0-458D-8F1C-D92EB7015733},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={93919120-7113-47C0-AA38-0561EAB18E42},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={5ABD1D9E-07E4-4A53-B854-A2FFC3B257CB},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={71E2B86C-A4A0-47C0-9D7F-BDD6220B9FA4},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={4401CF1C-7839-4496-BB87-304A8AB917FC},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1244CA5A-D654-4ED6-9374-148F1F3DA8ED},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={42875CF2-B9E9-4EFA-90C2-7ACA8882F1B7},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={6DD428B6-6B19-4A53-B172-57DB3E15A38E},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={983BFDAD-65F0-42B4-807A-E78DF275C352},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={AFA31A2D-07D8-4CB4-BE86-067A9624E324},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={77C9CA17-6359-4355-9FDF-F605F0441245},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={75D43291-6FA2-4B98-8422-228DDB45571B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={870C6FB3-74CD-46E8-9D4D-E6E6C0A2B52D},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={2144E4CF-01C1-4C5B-984B-E9BD4461406F},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={7D9DB917-1245-46BD-AEBF-163A2F0FCD06},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={B7431941-5DAA-4DD2-A569-35C31B92B677},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={D01BF1D1-33C8-4FC3-95C3-5948A1EE1647},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={57D4AD83-3BBF-43C2-9A3B-F71F3E52C2A6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={A8DB7DAC-42F0-43FC-99E1-F1AC15006101},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={56574927-6DC5-48A7-82F9-A00E820335F6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={2FB6858E-8B1C-4C89-83B2-0EEE97D9A72B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={93C56E3F-5334-4325-A328-0CCAFED0828B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1B64E00F-D3B6-49B6-B6C8-7AD0A8C9AEFA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={81B4E46C-8249-4547-BC75-9A1FB395E282},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={43D5184A-73C8-4BFD-9B09-33C70B8BC3C2},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Searching <CN={0ABE0BCF-0BC5-481E-AC86-5768D00901D5},CN=Policies,CN=System,DC=abc123,DC=net>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Machine has access to this GPO.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: GPO passes the filter check.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found functionality version of: 2
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found file system path of: <\\abc123.net\SysVol\abc123.net\Policies\{0ABE0BCF-0BC5-481E-AC86-5768D00901D5}>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Couldn't find the group policy template file <\\abc123.net\SysVol\abc123.net\Policies\{0ABE0BCF-0BC5-481E-AC86-5768D00901D5}\gpt.ini>,
error = 0x0. DC: DC2.abc123.net
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 EvalList: ProcessGPO failed
GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo: EvaluateDeferredGPOs failed. Exiting
GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo: Leaving with 0
GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo: ********************************
GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: GetGPOInfo failed.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: No WMI logging done in this policy cycle.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: Processing failed with error 87.
GPSVC(3e4.80c) 12:43:27:557 Application complete with bConnectivityFailure = 0.
GPSVC(3e4.80c) 12:43:27:557 Signalling 1 Refresh Policy callers
GPSVC(f84.df4) 12:43:27:557 Exiting RefreshPolicyForPrincipal with status = 0
GPSVC(3e4.80c) 12:43:27:557 GPLockPolicySection: Sid = (null), dwTimeout = 600000, dwFlags = 0
GPSVC(3e4.80c) 12:43:27:557 LockPolicySection called for user <Machine>
GPSVC(3e4.80c) 12:43:27:557 Sync Lock Called
GPSVC(3e4.80c) 12:43:27:557 Writer Lock got immediately.
GPSVC(3e4.80c) 12:43:27:557 Lock taken successfully
GPSVC(3e4.80c) 12:43:27:557 UnLockPolicySection called for user <Machine>
GPSVC(3e4.80c) 12:43:27:557 UnLocked successfully -
GPP Scheduled Task Fails in Group Policy Modeling depending on DC
We have multiple domain controllers running at a 2003 functional level.
We have 1 DC running Server 2003 x86 SP2 and the rest run Server 2008 (maybe R2)
I created a GPO that includes a Scheduled Task Group Policy Preference under Computer Configuration.
In order to test this I used Group Policy Modeling in the GPMC on a 2008 R2 Machine where I am editing Group Policy.
If I run the modeling (perform the simulation on the 2003 DC it fails. (Note I am modeling the GPO for a different computer, not the 2003 SP2 DC, I am running the modeling for a Workstation)
Information from the Component Status on the Summary Tab of the Modeling Report
Component Name Status
Group Policy Infrastructure Success
EFS recovery Success (no data)
Group Policy Scheduled Tasks Failed
Group Policy Scheduled Tasks failed due to the error listed below and failed to log resultant set of policy information.
Additional information may have been logged. Review the application event log on the domain controller on which the simulation was run for events between 2/28/2014 10:07:36 AM and 2/28/2014 10:07:36 AM.
Registry Success
Security Success
Info on the Settings Tab of the Modeling Report below.
An error has occurred while collecting data for Scheduled Tasks.
The following errors were encountered:
An unknown error occurred while data was gathered for this extension. Details: Invalid class
If I run the modeling using a 2008 DC to perform the simulation it works fine.
Per the instructions on the Summary Tab regarding the scheduled task failure I look at the event log on the 2003 domain controller and this is what i find.
The event I get on the 2003 DC is 8196 and I will place the details below.
Event Type: Error
Event Source: Group Policy Scheduled Tasks
Event Category: Disk
Event ID: 8196
Date: 2/27/2014
Time: 4:48:47 PM
User: NT AUTHORITY\SYSTEM
Computer: <computername>
Description:
The client-side extension caught the unhandled exception '0xC0000005' inside: 'threadEntry : client main' See trace file for more details. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
So, should I be concerned that this is failing on the 2003 DC, does this mean that if my workstations authenticate to my 2003 DC that the preference will not process?
I was reading that in 2003 client side extensions were not there and can be installed, would this make the modeling succeed?
How do I get verified, I tried to post screenshots, but I could not. :(Hi Jonathan,
As you have found the reason, I want to confirm whether the issue has been fixed.
In fact, for Windows Server 2003 to apply or process Group Policy Preferences settings, we must install client-side extensions of GPP for Windows Server 2003.
Although this is not related to this case, for your information, if our clients are Windows XP or Windows Vista, to use GPP, we must install client-side extensions for these
workstations respectively.
Regarding GPP, the following article can be referred to for more information.
Group Policy Preferences Getting Started Guide
http://technet.microsoft.com/en-us/library/cc731892(v=WS.10).aspx
Best regards,
Frank Shen
Maybe you are looking for
-
I am using a tablet,I had a problem on how to use the cam in skype for video call. What should I do.
-
Connection with serial device (SPP)
I try to connect with a bluetooth serial device (a robot, no standard device) which is working with every PC but not from my MAC. I can connect to the device (I use ZTerm) and send one character, but not more. If I send more, those characters are not
-
EAP-AUTH-AAA-ERROR: Reply received on stale handle
Hi, I try to deploy 802.1x EAP-TLS in Lab enviroment with ACS 4.2 and Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(46)SE If I use the PEAP, it is working, but if EAP-TLS, then nothing show in logs on ACS, but error messa
-
Photoshop Elements 8 Crashes On Splash Screen
Photoshop Elements does this to me whenever I try to open it now. It worked fine yesterday and as far as I know I haven't installed anything new other than a couple of photographs off the internet. I am currently running windows 7 64 bit on Windows 2
-
What do i do to trade in my mini ipad for a ipad
i have a 16gb mini ipad vedrsion 8.1.2 i'd like to trade in, how do i do that?