Some Policies not applying after upgrade to 2003 and XP Pro-

Discussion in 'Active Directory' started by fnstrat2, Oct 11, 2004.

  1. fnstrat2

    fnstrat2 Guest

    After upgrading our servers and some clients I've started noticing a lot of
    weird problems and have discovered that many machines are getting policy
    processing errors. I use a very large number of policies on our machines so
    it is causing quit a few problems.

    One error is:
    Security policies propagated with warning. 0x4b8: An extended error has
    occurred. Please review the detailed log security\logs\winlogon.log

    When I look in Resultant set of Policy I see this error under the precedence
    tab:

    GPOs higher in the list have the highest priority
    The policy engine did not attempt to configure the setting.

    On some computers I'm seeing this in the winlogon.log file:

    Configure User Rights
    Configure s-1-5-32-544
    Error 1168. Element not found.
    Some user rights are not defined in SecEdit
    Erron configuring 5-.... etc.

    Could this problem be caused by inconsistent or wrong version of the *.adm
    files being used in the policies? When upgrading to XP and 2003 do I need to
    change all the .adm files to support XP?
    Does anyone know how I can track this problem down?

    Thanks for any help.
     
    fnstrat2, Oct 11, 2004
    #1
    1. Advertisements

  2. fnstrat2

    fnstrat2 Guest

    Also seeing this in the winlogon.log file on the one domain controller having
    problems.


    Error 0 to send control flag 1 over to server.

    Make a local copy of
    \\sjc.sjca.edu\SysVol\sjc.sjca.edu\Policies\{465D3307-4C66-4AEB-BD19-DECCFE168607}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
    GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

    Process GP template gpt00000.inf.

    This is the last GPO : domain policy is ignored on DC.
    -------------------------------------------
    Tuesday, September 07, 2004 11:29:52 AM
    Copy undo values to the merged policy.


    ----Un-initialize configuration engine...
    -------------------------------------------
    Tuesday, September 07, 2004 11:29:53 AM
    ----Configuration engine was initialized successfully.----

    ----Reading Configuration Template info...


    ----Configure User Rights...
    Configure S-1-5-21-1451830106-1666385412-837300805-512.
    Configure S-1-5-20.
    Configure S-1-5-19.
    Configure S-1-5-32-544.
    Configure S-1-5-21-1451830106-1666385412-837300805-6151.
    Configure S-1-5-21-1451830106-1666385412-837300805-1004.
    Configure S-1-5-21-1451830106-1666385412-837300805-7104.
    Configure S-1-5-21-1451830106-1666385412-837300805-5104.
    Configure S-1-5-21-1451830106-1666385412-837300805-7105.
    Configure S-1-5-21-1451830106-1666385412-837300805-5105.
    Configure S-1-5-21-1451830106-1666385412-837300805-6148.
    Configure S-1-5-21-1451830106-1666385412-837300805-6835.
    Configure S-1-5-21-1451830106-1666385412-837300805-5056.
    Configure S-1-5-11.
    Configure S-1-1-0.
    Configure S-1-5-32-554.
    Configure S-1-5-32-549.
    Configure S-1-5-32-550.
    Configure S-1-5-32-551.
    Configure S-1-5-32-548.
    Configure S-1-5-9.
    Configure S-1-5-32-545.
    Configure S-1-5-21-1451830106-1666385412-837300805-2601.
    Configure S-1-5-21-1451830106-1666385412-837300805-4848.

    User Rights configuration was completed successfully.


    ----Configure Security Policy...
    Configure log settings.
    Configure event audit settings.

    Audit/Log configuration was completed successfully.

    Kerberos Policy configuration was completed successfully.
    Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
    Configure
    machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
    Configure
    machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.

    Configuration of Registry Values was completed successfully.


    ----Configure available attachment engines...

    Configuration of attachment engines was completed successfully.


    ----Un-initialize configuration engine...
    **************************

    Error 0 to send control flag 1 over to server.

    Make a local copy of
    \\sjc.sjca.edu\SysVol\sjc.sjca.edu\Policies\{465D3307-4C66-4AEB-BD19-DECCFE168607}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
    GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
     
    fnstrat2, Oct 11, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.