I sent this to Microsoft today:
In reply to Microsofts advice to me re my detailed desription of problem:
Unfortunately none of those things fixes the problem
Let me explain what does and I suggest because of the confusion in
ascertaining the problem Microsoft specifically address this.
This attribute never existed on XP PCs in SP1 so it doesn’t mean a thing to
me and many other people.
It is all to do with the Impersonate a client after authentication policy in
User Rights Assignment in Local Security Policy. It appears Administrator and
Service need to be added to the GPO NOT the local PC as this is greyed out.
Microsoft (if you find the advice and it’s not in a KB article - simply a
popup!) tell you to update the local policy on the PC which for this one
which you can’t do in a Domain. You have to update the Group Policy.
When SP2 is first installed everything works Ok because the installation
updated the Local Security Policy however in a Domain this is part of the
Global Security Policy which in due course gets over written and it appears
after a period time and possibly a reboot all the problems arise – this may
take over 24 hours. So of course you think you have it beat but next is
Goundhog Day!!!
Frustration sets in about now
Let me list some of the problems that wasted a week of my time – these are
all resolved by this fix:
- Word fails to work as the editor in Outlook - getting frazzled
- Excel says that the Mail Server has failed when trying to email - stumped
- Blackberry Desktop fails to start - what the ....
- The Office Detect and Repair fails to work because it says the Microsoft
Installer is not properly installed ... you're kidding
- You cannot install or remove any programs - that sort of follows but why?
- Reregistering Windows Installer works but has no effect - wasted 2 hours
here exhausting threads on google
- Constant explorer errors and the Dr Watson dumps that fail but freeze the
PC for about 2 mins - starting to tear my hair out
- Trying to manually start COM+ Sytem Application service causes a 1067
error (I was going up this dry gully trying to fix one of these other
problems) - took me ages to get here
- And of course Windows Update doesn’t get to the site because of the
0x800A0046 error - oh for f*** sake
Now any sane human being presented with these errors wouldn't know where to
start
Microsoft needs to understand that this is a diabolical situation and if you
scan the microsoft communities and the private newsgroups and other forums
you will find these errors and no real resolution in most cases.
I think what happens for users in a domain is the Sys Admin eventually finds
the problem – which is straight forward once you understand – and it gets
rectified and the problem goes away. A lot of people wouldn't even know.
The company that supports our operation are IT/Microsoft Pros – they were
flabbergasted by the solution. Remember this particular attribute didn’t
exist in XP until SP2.
I have read the Microsoft Solutions for Security – Supporting the Windows XP
Security Guide August 2004 – and Appendix A concerning SP2 – there is nothing
about this, in fact there is nothing about specifically updating GPO for SP2
for this situation anywhere.
In my case usually unless there is a specific written instruction regarding
GPO I won’t do it – Microsoft has nothing about this anywhere that is obvious.
I hope this helps other frustrated Microsoft users
mfhau
|
Similar Threads
Linear Mode
