Re: Event ID 1202
- From: "Gary Reynolds" <gazzadownunder_No_Spam@xxxxxxxxxxx>
- Date: Fri, 27 Oct 2006 18:27:34 +0100
The Authenticated user group is a Special Identities, which doesn't exist
and as such you can't control the membership. Check the following article
for more information:
http://technet2.microsoft.com/WindowsServer/f/?en/library/6375943b-1089-4ec5-9b2d-823b884ec1ec1033.mspx
The errors you have are two different things. The first 1058, is caused
because the GPO processing can't access the gpt.ini. First check the
permissions on file and make sure the station\user has permissions to read
the file. I have seen a similar problem caused by the file being locked by
another station. Use station management to check if this file has been held
open.
The second problem is not related to the first. I think you are on the right
track, check that your policy is not trying to set or configure the contents
of the Authenticated users group.
I hope this helps
Gary.
"Jeff" <Jeff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6FF4BA59-1EE9-4D06-A0C3-6BCF23C6FBD7@xxxxxxxxxxxxxxxx
For some reason my client workstations can no longer access group policy.
Here is the event log application error message:
Event ID: 1058
Source: Userenv
Windows cannot access the file gpt.ini for GPO
cn={CA3E9EAE-FD06-4B8D-9D5A-E2159B4BD0E3},cn=policies,cn=system,DC=pai,DC=com.
The file must be present at the location
<\\pai.com\SysVol\pai.com\Policies\{CA3E9EAE-FD06-4B8D-9D5A-E2159B4BD0E3}\gpt.ini>.
(Access is denied. ). Group Policy processing aborted.
So I check my domain controller and this error is listed:
Event ID: 1202
Source: SceCLI
Security policies are propagated with warning. 0x534 : No mapping between
account names and security IDs was done.
As I investigate this issue, I run the FIND /I "Cannot Find" c:\winnt\....
and it returns the Authenticated User as the account that it cannot find.
After running the FIND /I "Mapping" command it returns the
seChangeNotifyPrivilage which I believe is the ByPass Traverse Checking.
The
Authenticated account has this privilage on the dc.
Here is a stupid question, but should there be a Authenticated User
account
in Users and Computers? I can't seem to find the group. And would this be
the
reason for the errors? Can I create an Authenticated Users group? I don't
know if this account was accidently deleted.
THanks
.
- Follow-Ups:
- Re: Event ID 1202
- From: Andrei Ungureanu [MVP]
- Re: Event ID 1202
- Prev by Date: Re: Restricted group implementation
- Next by Date: command line to start published package install?
- Previous by thread: GP NOt Working on One XP Workstation
- Next by thread: Re: Event ID 1202
- Index(es):
Relevant Pages
|
