Re: Restricted Groups Not Working
- From: "Roger" <Roger@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 12 Apr 2005 14:13:01 -0700
Jody,
Has the problem been resolved? If not, I may have a solution for you.
"Nick Finco [MSFT]" wrote:
> Can you work with the C:\WINDOWS\security\templates\policies\gpt00000.dom
> template manually via secedit /validate, /import, or /configure? If the
> template is the issue, you can edit it and it will contain the GUID of the
> GPO from which it came so you can fix manually in the sysvol or via gpedit.
> If the template is fine, %windir%\security\database\secedit.sdb might be
> corrupt. You might be able to try using "esentutl /r edb" while in the
> %windir%\security directory to recover it or refer to KB278316.
>
> N
>
> --
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Any opinions or policies stated within are my own and do not necessarily
> constitute those of my employer. Use of included script samples are subject
> to the terms specified at http://www.microsoft.com/info/cpyright.htm
>
>
> "Jody Stoll" <jo@xxxxxxxxxxxxxxxx> wrote in message
> news:ug%23AfLFPFHA.3880@xxxxxxxxxxxxxxxxxxxxxxx
> > Hi ,
> > I'm trying through Group policy to add a Security Group which I have
> > created called Notts-xpadmins to the local administrators group on my xp
> > workstations. I have created the group in ad and have assigned the users
> > to the group through the 'Members of this Group' section in the Restricted
> > groups and specified 'administrators' in the 'This group is a member of '
> >
> > So far nothing is working although the rest of the GP is working.
> > I have researched this slighly and have turned on debugging so that I can
> > see the winlogon.log file in the security folder. I am getting scecli 1202
> > events in the eventlog but cannot seem to see what the problem is. The MS
> > article refers to the users/group being recently deleted in AD but this
> > is definately not the case.
> >
> > Could it be a corrupted GP? If so then it would be 2 separate GPs which
> > are corrupted as this is occuring with at least 2 GP's that I have tried.
> >
> > Although previously I have had this working by using the Domain Users
> > group to the local administrators group I do not want to add domain users
> > to local admins for obvious reasons.
> >
> > Please find below a copy of the winlog.log file i have taken from my win
> > xp sp2 workstation
> > The MS KB article I have been using to troubleshoot is Q324383.
> >
> > The Domain is Win2k3 running in full Native mode.
> >
> > Any help would be most gratefully recieved.
> >
> > cheers
> >
> >
> >
> > **************************
> >
> > No template is defined in GPO
> > \\i3.co.uk\SysVol\i3.co.uk\Policies\{5C036063-D807-4613-8A8D-80DC41C72395}\Machine.
> >
> > Make a local copy of
> > \\i3.co.uk\sysvol\i3.co.uk\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows
> > NT\SecEdit\GptTmpl.inf.
> > GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
> >
> > Make a local copy of
> > \\i3.co.uk\SysVol\i3.co.uk\Policies\{605E3F4E-F240-4E73-9A92-9DA478C00C93}\Machine\Microsoft\Windows
> > NT\SecEdit\GptTmpl.inf.
> > GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
> >
> > Process GP template gpt00000.dom.
> >
> > This is not the last GPO.
> > -------------------------------------------
> > 08 April 2005 16:25:59
> > Administrative privileged user logged on.
> > Parsing template C:\WINDOWS\security\templates\policies\gpt00000.dom.
> > Error 1208: An extended error has occurred.
> > Error creating database.
> > ----Configuration engine was initialized with one or more errors.----
> >
> >
> > ----Un-initialize configuration engine...
> > **************************
> >
> > No template is defined in GPO
> > \\i3.co.uk\SysVol\i3.co.uk\Policies\{5C036063-D807-4613-8A8D-80DC41C72395}\Machine.
> >
> > Make a local copy of
> > \\i3.co.uk\sysvol\i3.co.uk\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows
> > NT\SecEdit\GptTmpl.inf.
> > GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
> >
> > Make a local copy of
> > \\i3.co.uk\SysVol\i3.co.uk\Policies\{605E3F4E-F240-4E73-9A92-9DA478C00C93}\Machine\Microsoft\Windows
> > NT\SecEdit\GptTmpl.inf.
> > GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
> >
> > Process GP template gpt00000.dom.
> >
> > This is not the last GPO.
> > -------------------------------------------
> > 08 April 2005 16:26:05
> > Administrative privileged user logged on.
> > Parsing template C:\WINDOWS\security\templates\policies\gpt00000.dom.
> > Error 1208: An extended error has occurred.
> > Error creating database.
> > ----Configuration engine was initialized with one or more errors.----
> >
> >
> > ----Un-initialize configuration engine...
>
>
>
.
- Follow-Ups:
- Re: Restricted Groups Not Working
- From: Jody
- Re: Restricted Groups Not Working
- References:
- Restricted Groups Not Working
- From: Jody Stoll
- Re: Restricted Groups Not Working
- From: Nick Finco [MSFT]
- Restricted Groups Not Working
- Prev by Date: RE: Microsoft Office Language Bar
- Next by Date: RE: Folder Redirection using Dfs
- Previous by thread: Re: Restricted Groups Not Working
- Next by thread: Re: Restricted Groups Not Working
- Index(es):
Relevant Pages
|
