RE: Can't set Local Security policies. They fail to save
- From: "Al-Amin" <AlAmin@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 31 Oct 2005 01:25:05 -0800
Hi Jenny Hope you had a nice weekend.
I imported the default Group Policies from a fresh SBS Installation as per
your instructions.
Afterwards I was able to set the Local Security Policies for the Domain and
Domain controller which it finally allowed me to do. All the problems I was
having were resolved until I rebooted the server box and we went back to how
its was before. The settings were saved but I can't re-define them. It gives
me the error
" An extended error has occurred. Failed to save
\\AIPDC.local\sysvol\AIPDC.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\WindowsNT\SecEdit\GptTmpl.inf"
I thought that maybe it didn't save properly so i did the import of default
policies again. Just for the same thing to happen after re-booting.
Also whenever I reboot the server i find this error in the application log
Source Userenv
Category None
Event ID 1030
User Admin
Computer Server
"Windows cannot query for the list of Group Policy objects. Check the event
log for possible messages previously logged by the policy engine that
describes the reason for this."
Do you think this has anything to do with the problem.
Thanks for everything and waiting for your reply. At least I'm half way to
breathing a sigh of relief
I couldn't acce
--
AIP Admin
""Jenny wu [MSFT]"" wrote:
> Hi,
>
> I am sorry, but what is your valid mail address? You can mail me to tell
> the inforamtion, my mailbox is: v-yanniw@xxxxxxxxxxxxx
>
> Thanks!
>
> Have a nice weekend!
>
> Sincerely,
>
> Jenny Wu
> Microsoft CSS Online Newsgroup Support
> --------------------
> >Newsgroups: microsoft.public.windows.server.sbs
> >From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
> >Organization: Microsoft
> >Date: Fri, 28 Oct 2005 12:01:07 GMT
> >Subject: RE: Can't set Local Security policies. They fail to save
> >X-Tomcat-NG: microsoft.public.windows.server.sbs
> >MIME-Version: 1.0
> >Content-Type: text/plain
> >Content-Transfer-Encoding: 7bit
> >
> >Hi,
> >
> >Thanks for your update! I have attached the default group policy backup
> >file in mail, please try to import these files to reset your domain group
> >policy.
> >
> >Note: Before do this process, please take a full backup of SBS server box
> >in case unexpected thing, you can restore:
> >
> >Backing Up and Restoring Windows Small Business Server 2003
> >http://download.microsoft.com/download/b/d/8/bd8e1a40-d202-429a-8eb7-26300d
> 6
> >2bcc9/BKU_BkupRstr.doc
> >
> >You can refer to the following steps to import default group policy:
> >1. Run command "gpmc.msc" (no quotation marks) to open Group Policy
> >Management console.
> >2. Locate Forest servername -> Group Policy Objects, right click Default
> >Domain Controllers Policy and choose Import Settings ¡ item to import
> >appropriate group policy from backup file I sent you.
> >3. Repeat step 2 to import these default group policies.
> >4. After please check if these group policy object links to appropriate OU
> >(still in the Group Policy Management console):
> >
> >a. Go to Forest servername -> Domains -> servername.local, there are
> >following group policies links to it:
> >+++Default Domain Policy
> >+++Small Business Server Client Computer
> >+++Small Business Server Domain Password Policy
> >+++Small Business Server Internet Connection Firewall
> >+++Small Business Server Lockout Policy
> >+++Small Business Server Remote Assistance Policy
> >+++Small Business Server Windows Firewall
> >
> >b. Go to Forest servername -> Domains -> Domain Controllers, there are
> >following group policies links to it:
> >+++Default Domain Controllers Policy
> >+++Small Business Server Auditing Policy
> >
> >c. Go to Forest servername -> Domains -> MyBusiness -> Security Groups,
> >there are following group policies links to it:
> >+++Default Domain Policy
> >
> >If not, please try to correct, and then try to test to see if the issue be
> >fixed.
> >
> >I appreciate your time and efforts to the issue. I am happy to be
> >assistance of you and look forward to your reply!
> >
> >Have a nice day!
> >
> >Sincerely,
> >
> >Jenny Wu
> >Microsoft CSS Online Newsgroup Support
> >Get Secure! - www.microsoft.com/security
> >======================================================
> >This newsgroup only focuses on SBS technical issues. If you have issues
> >regarding other Microsoft products, you'd better post in the corresponding
> >newsgroups so that they can be resolved in an efficient and timely manner.
> >You can locate the newsgroup here:
> >http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> >
> >When opening a new thread via the web interface, we recommend you check
> the
> >"Notify me of replies" box to receive e-mail notifications when there are
> >any updates in your thread. When responding to posts via your newsreader,
> >please "Reply to Group" so that others may learn and benefit from your
> >issue.
> >
> >Microsoft engineers can only focus on one issue per thread. Although we
> >provide other information for your reference, we recommend you post
> >different incidents in different threads to keep the thread clean. In
> doing
> >so, it will ensure your issues are resolved in a timely manner.
> >
> >For urgent issues, you may want to contact Microsoft CSS directly. Please
> >check http://support.microsoft.com for regional support phone numbers.
> >
> >Any input or comments in this thread are highly appreciated.
> >======================================================
> >This posting is provided "AS IS" with no warranties, and confers no rights.
> >
> >--------------------
> >>Thread-Topic: Can't set Local Security policies. They fail to save
> >>thread-index: AcXbFw/1MKvew5QFRoCIkfr2SKENPA==
> >>X-WBNR-Posting-Host: 62.173.36.24
> >>From: "=?Utf-8?B?QWwtQW1pbg==?=" <AlAmin@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >>References: <524324AD-BD69-47E0-B1F5-1DD131613BE7@xxxxxxxxxxxxx>
> ><6wdjMLH2FHA.3936@xxxxxxxxxxxxxxxxxxxxx>
> ><69F5C0BD-DB81-4E08-8FF5-F10AD70F525E@xxxxxxxxxxxxx>
> ><YG8yOiU2FHA.3104@xxxxxxxxxxxxxxxxxxxxx>
> ><461D7B7C-3963-42A5-AD51-4A5EF4754345@xxxxxxxxxxxxx>
> ><WIkO7ij2FHA.3936@xxxxxxxxxxxxxxxxxxxxx>
> >>Subject: RE: Can't set Local Security policies. They fail to save
> >>Date: Thu, 27 Oct 2005 09:54:14 -0700
> >>Lines: 312
> >>Message-ID: <4C1A8805-1DB9-4D63-A25C-1700C206EAB1@xxxxxxxxxxxxx>
> >>MIME-Version: 1.0
> >>Content-Type: text/plain;
> >> charset="Utf-8"
> >>Content-Transfer-Encoding: 8bit
> >>X-Newsreader: Microsoft CDO for Windows 2000
> >>Content-Class: urn:content-classes:message
> >>Importance: normal
> >>Priority: normal
> >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >>Newsgroups: microsoft.public.windows.server.sbs
> >>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:165150
> >>X-Tomcat-NG: microsoft.public.windows.server.sbs
> >>
> >>Hi,
> >>I have backed up the GPO's like you suggested but unfortunately i
> couldn't
> >>reset the default group policy because i don't have a fresh installed SBS
> >>server. I would really apreciate it if you could e-mail it to me.
> >>
> >>Thanks for the assistance. It's much appreciated
> >>--
> >>AIP Admin
> >>
> >>
> >>""Jenny wu [MSFT]"" wrote:
> >>
> >>> Hi,
> >>>
> >>> Thanks for your group policy information! After research your group
> >policy,
> >>> I found the Default Domain Controllers policy has not been applied and
> >many
> >>> default group policy settings has been changed.
> >>>
> >>> For your now scenario, I suggest you backup your current group policy
> >and
> >>> then try to reset all default Group Policy(s) for your SBS domain to
> >test.
> >>>
> >>> The only way that you can do it to use the GPMC.MSC console on a fresh
> >>> installed SBS Server, export all the GPO settings and import it to the
> >>> existing one.
> >>>
> >>> For more info about GPMC, please refer to:
> >>> Backing up, Restoring, Migrating, and Copying GPOs
> >>>
> >http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
> i
> >>> t/937d5838-f720-4c0b-a65c-e8ed2658a414.mspx
> >>>
> >>> If you have not a fresh installed SBS Server, you can also try to
> export
> >>> fine running SBS server group policy settings to test. If you can not
> >get
> >>> that resource, please let me know I will mail you it.
> >>>
> >>> I appreciate your time and efforts to perform test. I am happy to be
> >>> further assistance and looking forward to your reply!
> >>>
> >>> Have a nice day!
> >>>
> >>> Sincerely,
> >>>
> >>> Jenny Wu
> >>> Microsoft CSS Online Newsgroup Support
> >>> Get Secure! - www.microsoft.com/security
> >>> ======================================================
> >>> This newsgroup only focuses on SBS technical issues. If you have issues
> >>> regarding other Microsoft products, you'd better post in the
> >corresponding
> >>> newsgroups so that they can be resolved in an efficient and timely
> >manner.
> >>> You can locate the newsgroup here:
> >>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> >>>
> >>> When opening a new thread via the web interface, we recommend you check
> >the
> >>> "Notify me of replies" box to receive e-mail notifications when there
> >are
> >>> any updates in your thread. When responding to posts via your
> >newsreader,
> >>> please "Reply to Group" so that others may learn and benefit from your
> >>> issue.
> >>>
> >>> Microsoft engineers can only focus on one issue per thread. Although we
> >>> provide other information for your reference, we recommend you post
> >>> different incidents in different threads to keep the thread clean. In
> >doing
> >>> so, it will ensure your issues are resolved in a timely manner.
> >>>
> >>> For urgent issues, you may want to contact Microsoft CSS directly.
> >Please
> >>> check http://support.microsoft.com for regional support phone numbers.
> >>>
> >>> Any input or comments in this thread are highly appreciated.
> >>> ======================================================
> >>> This posting is provided "AS IS" with no warranties, and confers no
> >rights.
> >>>
> >>> --------------------
> >>> >Thread-Topic: Can't set Local Security policies. They fail to save
> >>> >thread-index: AcXZf4oQrgblkpcGTiOkEzvG+tgOZQ==
> >>> >X-WBNR-Posting-Host: 62.173.36.24
> >>> >From: "=?Utf-8?B?QWwtQW1pbg==?=" <AlAmin@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >>> >References: <524324AD-BD69-47E0-B1F5-1DD131613BE7@xxxxxxxxxxxxx>
> >>> <6wdjMLH2FHA.3936@xxxxxxxxxxxxxxxxxxxxx>
> >>> <69F5C0BD-DB81-4E08-8FF5-F10AD70F525E@xxxxxxxxxxxxx>
> >>> <YG8yOiU2FHA.3104@xxxxxxxxxxxxxxxxxxxxx>
> >>> >Subject: RE: Can't set Local Security policies. They fail to save
> >>> >Date: Tue, 25 Oct 2005 09:17:05 -0700
> >>> >Lines: 324
> >>> >Message-ID: <461D7B7C-3963-42A5-AD51-4A5EF4754345@xxxxxxxxxxxxx>
> >>> >MIME-Version: 1.0
> >>> >Content-Type: text/plain;
> >>> > charset="Utf-8"
> >>> >Content-Transfer-Encoding: 8bit
> >>> >X-Newsreader: Microsoft CDO for Windows 2000
> >>> >Content-Class: urn:content-classes:message
> >>> >Importance: normal
> >>> >Priority: normal
> >>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >>> >Newsgroups: microsoft.public.windows.server.sbs
> >>> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >>> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >>> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:164383
> >>> >X-Tomcat-NG: microsoft.public.windows.server.sbs
> >>> >
> >>> >Jenny Hi there and thanks for all the help.
> >>> >
> >>> >I followed your instructions on applying the predefined security
> >>> templates.
> >>> >I also ran the gpupdate.exe /force. the administrator account still
> >can't
> >>> >connect to serverThe local policies are still set as before.
> >>> >
> >>> >The user accounts are back online but unfortunately the administrative
> >>> >account still can’t connect to server from client computers. It
> >still
> >>> gives
> >>> >the error "Logon Failure: The user has not been granted the requested
> >>> logon
> >>> >type at this computer".
> >>> >
> >>> >I still can’t set any of the local security policies on the
> >server box.
> >>> It
> >>> >still fails to save giving the error message "An extended error has
> >>> occurred.
> >>> >Failed to save". I have e-mailed the group policy report and the
> system
> >>> and
> >>> >security logs from the server box to you.
> >>> >
> >>> >Regards
> >>> >
> >>> >--
> >>> >AIP Admin
> >>> >
> >>> >
> >>> >""Jenny wu [MSFT]"" wrote:
> >>> >
> >>> >> Hi,
> >>> >>
> >>> >> Thanks for your update!
> >>> >>
> >>> >> For your now scenario, I suggest you follow KB 816585 article to
> >apply
> >>> >> predefined Security Template on SBS 2003 to restore security groups
> >>> >> permissions.
> >>> >>
> >>> >> 816585 HOW TO: Apply Predefined Security Templates in Windows Server
> >2003
> >>> >> http://support.microsoft.com/?id=816585
> >>> >>
> >>> >> Note: please strictly follow the steps to process and create a
> backup
.
- References:
- RE: Can't set Local Security policies. They fail to save
- From: "Jenny wu [MSFT]"
- RE: Can't set Local Security policies. They fail to save
- From: Al-Amin
- RE: Can't set Local Security policies. They fail to save
- From: "Jenny wu [MSFT]"
- RE: Can't set Local Security policies. They fail to save
- Prev by Date: RE: backup job crashes wspsrv.exe process (fwsrv service)
- Next by Date: RE: RemoteAccess service is Stop Pending
- Previous by thread: RE: Can't set Local Security policies. They fail to save
- Next by thread: Re: RWW, port settings
- Index(es):
Relevant Pages
|
