Re: Security policies are propagated with warning. 0xd : The data is invalid.
- From: "Nick Finco [MSFT]" <nfinco@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 1 Apr 2005 10:47:49 -0800
I'm looking at this purely from the security policy perspective. The
Userenv.log error is also troublesome but I'm unsure why it would be
surfacing. More context from userenv might be required.
If the env vars are set, the next thing I would to is to start looking
through the GPO security templates and find the one configuring those
settings. It's possible that the line where they are defined is malformed
causing you to get this error. The lines for the file security section are
formed like this:
"<FileName>",<InheritancePropagationType>,"<SDDL>"
The propagation type can be 0, 1, or 2. Also, if the SDDL is longer than
512 chars, it will be broken up into additional fields. You could probably
script the search by using "secedit /validate" to find the problematic
template in the DC's %windir%\security\templates\policies. Once found,
there's a GUID in the template that identifies which GPO it came from. The
template has to be located locally for secedit to work.
N
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer. Use of included script samples are subject
to the terms specified at http://www.microsoft.com/info/cpyright.htm
"DK1088" <anonymous@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0fd501c536bf$919cc130$a401280a@xxxxxxxxxx
>
> To follow up the responses:
>
> Nick - The environment variables are set, as per the KB
> article that covered that previously mentioned.
>
> Ptwilliams - Permissions on the Sysvol are correct (I've
> even compared them to other installed DC's that are not
> here to make sure).
>
> Brandon - I suspect a Bascidc.inf was imported into the
> policy, from what little information I have been given,
> but am unsure how to correct that. AD and GPO settings
> are replicating and applying normally (I've created new
> GPO's just to test this), so nothing 'appears' to be
> impacted, but this 5-minute warning is very annoying, and
> I would like to resolve to have piece of mind for myself
> and others. (And no, no groups with special permissions
> for security logs).
>
> Thanks all!
>
.
- Follow-Ups:
- References:
- Prev by Date: Re: Can remote client join my ADS Domain?
- Next by Date: Re: Built-in Administrators group losing members
- Previous by thread: Security policies are propagated with warning. 0xd : The data is invalid.
- Next by thread: Re: Security policies are propagated with warning. 0xd : The data is invalid.
- Index(es):
Relevant Pages
|
