Re: Userenv Event 1030 Problem - cannot edit GPO
- From: "Jenny wu [MSFT]" <v-yanniw@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 29 Jul 2005 01:15:19 +0800
Hi DMC,
thanks for posting here!
I would also like to thank for Eriq's input.
Based my research, we need to apply predefined Security Template on SBS 2003
first, please refer to this KB article for the detail steps about how to:
816585 HOW TO: Apply Predefined Security Templates in Windows Server 2003
http://support.microsoft.com/?id=816585
Next, run "gpupdate.exe /force" under command prompt to force the policy
refresh, reboot the Server to test.
If the issue remains, let us disable SMB sign on SBS 2003 to test:
1. Open the Default Domain Controllers Policy.
2. Open the "Computer Configuration\Windows Settings\Security Settings\Local
Policies\Security Options" folder.
3. Locate the "Microsoft network server: Digitally sign communications
(always)" policy setting, and then click "Disabled" or "Do Not Configure".
4. Run run "gpupdate.exe /force" under command prompt again to force the
policy refresh, reboot the Server to test.
if the issue remains, please try to restore default domain policy and
default domain controllers policy to troubleshooting the issue.
1. First of all, please perform a complete backup for your domain so that we
are able to restore the domain to the current states in case of unexpected
issues.
2. Disable the GPOs that you created manually.
3. Try to use a built-in tool DcGPOFix.exe to restore the built-in GPOs
(Default Domain Policy and Default Domain Controller Policy). (Note: This
tool only applies to Windows Server 2003 domains.)
The following are the usage of this tool:
[Syntax]:
DcGPOFix [/ignoreschema] [/Target: Domain | DC | BOTH]
[Caution]:
This tool can restore default domain policy and default domain controllers
policy. When you run dcgpofix, you will lose any changes made to these Group
Policy objects. Therefore, please perform a complete backup first for
recovery purpose.
[Parameters]:
/ignoreschema
Optional. Ignores the Active Directory schema version number.
/target: {domain | dc | both}
Optional. Specifies the target domain, domain controller, or both. If you do
not specify /target, dcgpofix uses both by default.
[Remarks]:
1). Dcgpofix.exe is located in the C:\Windows\Repair folder.
2). You must be a domain or enterprise Administrator to use this tool.
3). Dcgpofix.exe checks the Active Directory schema version number to ensure
compatibility between the version of Dcgpofix you are using and the Active
Directory schema configuration. If the versions are not compatible,
Dcgpofix.exe will not run.
4). The following extension settings are maintained in a default Group
Policy object: Remote Installation Services (RIS), security settings, and
Encrypting File System (EFS).
5). The following extension settings are not maintained or restored in a
default Group Policy object: Software Installation, Internet Explorer
maintenance, scripts, folder redirection, and administrative templates.
6). The following changes are not maintained or restored in a default Group
Policy object: Security settings made by Exchange 2000 Setup, security
settings migrated to default Group Policy during an upgrade from Windows NT
to Windows 2000, and policy object changes made through Systems Management
Server (SMS).
7). You can run this tool only on servers running the Windows Server 2003
family. For Windows 2000 domains, we need to use another method.
[Examples]:
The following example shows how you can use the dcgpofix command to restore
the default domain policy object:
dcgpofix /target: domain
Try to test, how about the result?
more info: Restore Default Group Policy Objects
http://www.microsoft.com/resources/documentation/windowsserv/2003/enterprise/proddocs/en-us/dcgpofix.asp
I hope this helps. I am currently standing by for an update from you and
would like to know how things are going on your end.Thank you for your time
and cooperation!
Have a nice day!
Best Regards,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- References:
- Userenv Event 1030 Problem - cannot edit GPO
- From: dmc
- Re: Userenv Event 1030 Problem - cannot edit GPO
- From: Eriq Neale
- Userenv Event 1030 Problem - cannot edit GPO
- Prev by Date: RE: Critical error in application log SBS 2003 Premium ED
- Next by Date: Re: UPS Worldship
- Previous by thread: Re: Userenv Event 1030 Problem - cannot edit GPO
- Next by thread: UPS software killed web access!
- Index(es):
Relevant Pages
|
