Re: Group Policy Error - Parameter Incorrect

From: Glenn L (the.only(delete)_at_gmail)
Date: 02/02/05 

Date: Tue, 1 Feb 2005 22:19:10 -0800

This is often a mismatch with SMB signing settings in the registry on the
server.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000001

Go into the registry on the server. If the lanmanserver
'requiresecuritysignature' = 1, then the lanmanworkstation
'enablesecuritysignature' must = 1

If lanmanworkstation 'requiresecuritysignature' = 1, then the lanmanserver
'enablesecuritysignature' must = 1

Verify this configuration. If this is the problem, then change it in the
registry, then open group policy editor and change it in there. Otherwise,
you will be back in the same boat in 5 minutes. 

-- 
Glenn L
CCNA, MCSE 2000/2003 + Security
"Becker" <ben@benbecker.net> wrote in message 
news:%235IrBIKCFHA.1084@TK2MSFTNGP11.phx.gbl...
>
> In SBS 2003, when looking in the server manager at the group policy 
> management, I go to
> right click and edit the default domain policy and I get an error.  The
> window says:
>
> Group Policy Error
> Failed to open the Group Policy Object.  You may not have appropriate
> rights.
> Details:
> The parameter is incorrect.
>
> It then opens the Group Policy Object Editory, however it just has a red X
> on the root of the tree on the left pane.
>
> I get this when I also open the group policy management icon from admin 
> tools.
>
> What gives?
>
> I have 1 NIC installed and have setup 10 IPs on this NIC.  I have 
> registered
> two DNS forward lookup zones, one for my domain name (tradewinds.local) 
> and
> another for some other addressing schemes I'm using.  Other than that, 
> it's
> a fresh install of SBS 2003.
>
> Thanks,
> Becker
>
>
>

Relevant Pages

  • RE: WSUS 3.0
    ... we need to configure a DWORD registry on the client. ... "Does this port need to be added in the group policy object where I ... specify the URL of the server?" ...
    (microsoft.public.windows.server.general)
  • Re: Remote Desktop
    ... group policy you can create a separate organization unit on the domain and ... Try the registry first, it should work. ... server) without affecting other servers. ... It will also no allow you to enable Offline files, ...
    (microsoft.public.windows.server.general)
  • RE: Group policy
    ... >How can i create a group policy in windows 2000 server, ... How to Lock Down a Windows 2000 Terminal Server Session ... Definition of the RunOnce Keys in the Registry ...
    (microsoft.public.win2000.general)
  • Re: AD account - limiting access to a single server
    ... Be sure to only add the particular user to that since you could easily lock yourself and all users out. ... If you configure an Administrative Template which is nothing more than a registry entry in the client's registry, "Bob the bad guy" could, using his local administrative rights, change the corresponding registry entry's key and "unlock" whatever you set by policy. ... At least he could until the background refresh of Group Policy takes place and your settings get applied again. ... Microsoft MVP - Windows Server - Group Policy. ...
    (microsoft.public.windows.group_policy)
  • Re: Group Policy Error - Parameter Incorrect
    ... When trying to modify a group policy with Active Directory ... Users and Computer or Group Policy Management Console the error ... > This is often a mismatch with SMB signing settings in the registry on the ... >> It then opens the Group Policy Object Editory, however it just has a red ...
    (microsoft.public.windows.group_policy)