Re: Event ID: 1202

I typed the command C:\>find /i "power Users"
%systemroot%\security\templates\policies\gpt*.*, then it showed this message.
I looked around the domain controller security ploicy and domain security
policy. I could not find Power Users in these policy files. how can I remove
power users ?

C:\>find /i "everyone" %systemroot%\security\templates\policies\gpt*.*

---------- C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00000.DOM

---------- C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00001.INF

C:\>find /i "power users" %systemroot%\security\templates\policies\gpt*.*

---------- C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00000.DOM

---------- C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00001.INF

C:\>find /i "Power Users" %systemroot%\security\templates\policies\gpt*.*

---------- C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00000.DOM

---------- C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00001.INF


"Ace Fekay [MVP]" wrote:

In news:B4277EDF-A9C8-417C-BEEB-E88A1C80C56E@xxxxxxxxxxxxx,
penny <penny@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
First of all, Thank for their help. Then I will show them my result
as I followed their instruction.

C:\>secedit /refreshpolicy machine_policy /enforce
Group policy propagation from the domain has been initiated for this
computer. t may take a few minutes for the propagation to complete
and the new policy to ake effect. Please check Application Log for
errors, if any.
C:\>find /i "cannot find" %systemroot%\security\logs\winlogon.log

---------- C:\WINNT\SECURITY\LOGS\WINLOGON.LOG
Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users.

C:\>find /i "power Users"
%systemroot%\security\templates\policies\gpt*.*

---------- C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00000.DOM

---------- C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00001.INF

C:\>find /i "administrator"
%systemroot%\security\templates\policies\gpt*.*

---------- C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00000.DOM
SeMachineAccountPrivilege =
*S-1-5-21-531969533-277817386-569397357-500,Admini rators
SeBackupPrivilege = Backup
Operators,*S-1-5-21-531969533-277817386-569397357-1 2,Administrators
SeCreatePagefilePrivilege = Administrators
SeEnableDelegationPrivilege = Administrators
SeRemoteShutdownPrivilege = Administrators
SeAuditPrivilege = Administrators
SeIncreaseBasePriorityPrivilege = Administrators
SeLoadDriverPrivilege = Administrators
SeSecurityPrivilege = Administrators
SeSystemEnvironmentPrivilege = Administrators
SeProfileSingleProcessPrivilege = Administrators
SeSystemProfilePrivilege = Administrators
SeRestorePrivilege = Backup
Operators,*S-1-5-21-531969533-277817386-569397357- 92,Administrators
SeTakeOwnershipPrivilege = Administrators

---------- C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00001.INF
SeBackupPrivilege = Backup Operators,Administrators
SeCreatePagefilePrivilege = Administrators
SeIncreaseBasePriorityPrivilege = Administrators
SeIncreaseQuotaPrivilege = Administrators
SeInteractiveLogonRight = Backup
Operators,*S-1-5-21-531969533-277817386-56939
57-3204,*S-1-5-21-531969533-277817386-569397357-3205,*S-1-5-21-531969533-27781
86-569397357-6435,Administrators
SeLoadDriverPrivilege = Administrators
SeNetworkLogonRight =
Administrators,*S-1-5-21-531969533-277817386-569397357-6
5,*S-1-5-21-531969533-277817386-569397357-3205,*S-1-5-21-531969533-277817386-5
397357-6434,*S-1-5-21-531969533-277817386-569397357-3206,*S-1-5-11,Backup
Oper ors
SeProfileSingleProcessPrivilege = Administrators
SeRemoteShutdownPrivilege = Administrators
SeRestorePrivilege = Backup Operators,Administrators
SeSecurityPrivilege = Administrators
SeShutdownPrivilege = Backup Operators,Administrators
SeSystemEnvironmentPrivilege = Administrators
SeSystemProfilePrivilege = Administrators
SeSystemTimePrivilege = Administrators
SeTakeOwnershipPrivilege = Administrators
SeEnableDelegationPrivilege = Administrators
SeUndockPrivilege = Administrators

"Ace Fekay [MVP]" wrote:

In news:D48C3692-3DF5-49EA-84F8-D553BDD5FA86@xxxxxxxxxxxxx,
penny <penny@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:


Also, you may want to follow this article:

http://support.microsoft.com/default.aspx?scid=kb;en-us;324383

Follow the steps in the section called:
"0x534: No mapping between account names and security IDs was
done."

Ace

Power users is missing. Did you or someone else delete it at any time?

It seems that this command's result, (C:\>find /i "power Users"
%systemroot%\security\templates\policies\gpt*.*) showed that these two
policies are referencing Power Users:

---------- C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00000.DOM

---------- C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00001.INF

But from the above results, it doesn;t say where the Power Users group is
referenced. In the article, it shows this as an example output that
indicates the problems is int he SeInteracticeLogonRight:

============================
c:\>find /i "MichaelAlexander"
%SYSTEMROOT%\security\templates\policies\gpt*.*
---------- D:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00000.DOM

---------- D:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00001.INF

---------- D:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00002.INF
SeInteractiveLogonRight =
TsInternetUser,*S-1-5-32-549,*S-1-5-32-550,MichaelAlexander,*S-1-5-32-551,*S-1-5-32-544,*S-1-5-32-548

---------- D:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00003.DOM
=============================


Your output doesn't show where Power Users being refernces. I noticed you
also ran it for Administrators. That was not necessary because power Users
is the problem group.

Can you re-run this only for Power Users please and see what additional
output it provides to show us where Power Users is being referenced.
Normally, once we find out which setting is referencing Power Users, we can
remove the Power Users group from the setting to clean this up. Otherwise we
will not be able to fix the problem until we find that out.

C:\>find /i "power Users" %systemroot%\security\templates\policies\gpt*.*







Ace



.

Relevant Pages

  • Re: Restricted Groups and Power Users
    ... I have also created a policy to control the Power Users group to avoid this ... over the machine local Administrators group of computers ... That GPO is not affecting the ...
    (microsoft.public.windows.group_policy)
  • Re: Event ID: 1202
    ... Cannot find Power Users. ... SeEnableDelegationPrivilege = Administrators ... SeSystemEnvironmentPrivilege = Administrators ... SeRestorePrivilege = Backup ...
    (microsoft.public.win2000.active_directory)
  • Re: Adding a location from a domain
    ... or power users, but I can only add users from the local station. ... Double clicking on the group administrators. ... The batch file would have this: ... net localgroup power users DOMAIN\localpoweruser /add ...
    (microsoft.public.windowsxp.network_web)
  • Re: Disabling sharing tab in client systems
    ... removing them from the power users or administrators group and making sure ... that they are only regular users. ... member of a domain group that is a member of the local administrators or ... power users group on his computer. ...
    (microsoft.public.windows.server.security)
  • Event ID: 1202
    ... Cannot find Power Users. ... SeBackupPrivilege = Backup Operators,Administrators ... SeIncreaseBasePriorityPrivilege = Administrators ... I want to try to delete these unmatch SID. ...
    (microsoft.public.win2000.active_directory)