Re: GPO Problem
- From: john d <johnd@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 19 Jan 2007 13:51:02 -0800
Danny - Please clarify how this applies to my problem?
To add to my existing problem description, I found on a couple other
machines I ran rsop.msc the new WSUS policy was not even listed, and the old
SUS policy was still in place. These machines got the following error
message:
ADMINISTRATIVE TEMPLATES
The latest versions of the ADM files below are not available. This can be
due to insufficient permissions or unavailable network resources. The local
copy of these ADM files will be used.
Details:
wuau.adm
Location - \\domain name.com\Sysvol\domain name.com\Policies\{16B31360-.....
Error - Access is denied
conf.adm
Location - \\domain name.com\Sysvol\domain name.com\Policies\{16B31360-.....
Error - Access is denied
"Danny Sanders" wrote:
.I recently noticed some users were able to set passwords that did not meet
the "Default Domain Policy" minimum requirements applied to their OU.
Account policies are one to a domain. You apply them at the domain level.
Account policies applied at the OU level only take affect when logging in
locally to a computer in that OU.
"john d" <johnd@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A75454DC-9E65-4010-AEF8-44EB9C60ECBE@xxxxxxxxxxxxxxxx
I recently noticed some users were able to set passwords that did not meet
the "Default Domain Policy" minimum requirements applied to their OU. In
addition, I recently removed a policy outlining the SUS settings for all
employee computers and replaced it with a new WSUS policy. When I run
RSOP.msc on an employee machine, I can see that the pc is pulling down the
"Default Domain Policy" and the newly applied WSUS policy, however the
settings being passed down are from teh old SUS policy.
With that being said, I noticed the following Events in the application
log
of the employee machines:
Event id: 1043
Windows cannot access the registry information at \\domain
name.com\sysvol\domina
name.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol.
(Access is denied. ).
Event id: 1096
Windows cannot access the registry policy file, \\domain
name.com\sysvol\domain
name.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol.
(Access is denied. ).
Event ID: 1030
Windows cannot query for the list of Group Policy Objects. A message that
describes the reason for this was previously logged by the policy engine.
As per the following article,
http://technet2.microsoft.com/WindowsServer/en/library/0c73a3d4-4f93-4490-80f1-299eea89177f1033.mspx?mfr=true,
I have verified that replication between the domain controllers is
working,
as the registry.pol file exists on all 5 Domain Controller machines. This
leads me to believe that the "Default Domain Policy" is corrupt. How do I
go
about confirming this and resolving the issue?
- Follow-Ups:
- Re: GPO Problem
- From: Danny Sanders
- Re: GPO Problem
- References:
- Re: GPO Problem
- From: Danny Sanders
- Re: GPO Problem
- Prev by Date: Re: Add Windows User to ADAM Role using LDIFDE.exe
- Next by Date: Re: Add Windows User to ADAM Role using LDIFDE.exe
- Previous by thread: Re: GPO Problem
- Next by thread: Re: GPO Problem
- Index(es):
Relevant Pages
|
