Re: GPO errors in application eventlog

Hello,

Great advise, I changed the secedit.sdb file and I got rid off the
errormsgs.
The rename administrator account policy was not enabled.

Thanks for your help.

Dieter

""Crina Li"" <v-crinal@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:XETfg20xGHA.5460@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Dieter,

Thank you for posing in SBS newsgroup.

You would not want that, I think.


From your post, my understanding on this issue is: You notice event ID
1202
and related event id 1085 logged on a Windows XP client. If I
misunderstand
your concern, please do not hesitate to let me know.

The detailed error message should be the following:

event id: 1085 - Userenv "The group policy client-side extension Security
failed to execute. Please look for any errors reported earlier by that
extension".

event id: 1202 - SceCli "Security policies were propagated with warning.

0x4b8 : An extended error has occured. For best results in resolving this
event, log on with a non-administrative account and search
http://support.microsoft.com for "Troubleshooting Event 1202's".

As I know, these two events indicate that the group policy client-side
extension Security encounters a problem and the security policy cannot be
applied. I would like to suggest the following:

1. Check if the "Rename Administrator Account" security policy is enabled.

These error messages can occur if the "Rename Administrator Account"
security policy is enabled and then set to an account name that is already
in use. To resolve this issue, please either disable the "Rename
Administrator Account" policy (Computer Configuration\Windows
Settings\Security Settings\Local Policies\Security Options\Account: Rename
administrator account), or configure the policy to use an account name
that
does not exist on the client system.

For additional information, please refer to:

260715 Event ID 1000 and 1202 After Configuring Policies
http://support.microsoft.com/default.aspx?scid=kb;EN-US;260715

2. The issue may occur if the local security database is corrupted. If the
above step does not help, we can recreate the local security database on
the problematic computer.

1) Arrange the Secedit.sdb file from another good Windows XP-based
computer
with the same SP/patch level. This file is located in the
C:\Windows\Security\Database folder.
2) On the computer that is experiencing the problem, reboot into safe
mode.
3) Rename the existing Secedit.sdb file in the
C:\Windows\Security\Database
folder to Secedit.old. Do not restart the computer. Paste the new
Secedit.sdb file from the other good Windows XP system in the same
C:\Windows\Security\Database folder.
4) Restart the computer.

Please check if the problem can be resolved in this way.

Related information:

324383:Troubleshooting SCECLI 1202 Events
http://support.microsoft.com/?id=324383

I appreciate your time and look forward to hearing from you.

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check
the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
| From: "Dieter Visser" <kdv@xxxxxxxxx>
| Subject: GPO errors in application eventlog
| Date: Wed, 23 Aug 2006 09:13:03 +0200
| Lines: 27
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.3790.2663
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| X-RFC2646: Format=Flowed; Original
| Message-ID: <uAOgUOoxGHA.3568@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: asd-slod-41c9.mxs.adsl.euronet.nl 212.129.193.201
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:292136
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hello,
|
| Our system:
| SBS 2003 SP1, Windows 2003 Server as a memberserver, 10 workstations XP
Pro
| SP2.
|
| One of the workstations is every 2 hours or so coming up with errors in
the
| eventlog about the GPO.
|
| Warning event ID 1202 and error event ID 1085. As far as I know there is
| nothing going wrong, the workstation functions like all the others.
|
| I found a heap of papers about this problem and I find it very
confusing.
| Can someboby tell me in simple terms what is going on and what I should
do
| to cure this?
|
| Thanks in advance
|
| Dieter
|
|
|
| --
| Had ik maar naar m'n moeder geluisterd, dan had ik een echt vak geleerd.
|
|
|
|



.

Relevant Pages

  • Re: APC Back-UPS CS XP Driver?
    ... administrator account and that is completely consistent with XP security ... policy: enabling hibernation, selecting who and how to notify when there ... and timing before hibernation is induced. ... need to observe the Windows Security Model. ...
    (microsoft.public.windowsxp.hardware)
  • Re: Group Policy is now inhibiting the Administrator account
    ... "Deny log on locally" is set for the security group "SBS Remote ... When you find the one that's keeping the administrator account ... it'll tell you which GPO contains the policy so you ... Editor on the bottom half so I could change things as I went.), ...
    (microsoft.public.windows.server.sbs)
  • Domain Controller Security Policy
    ... Rename Administrator Account setting in the Domain Controller Security ... Policy to a name containing the '@' character. ...
    (microsoft.public.windows.server.security)
  • RE: GPO errors in application eventlog
    ... these two events indicate that the group policy client-side ... These error messages can occur if the "Rename Administrator Account" ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Account Rename Policy
    ... What the policies apply to depends on what policy was modified and what it was linked to as well as whether or not there is a competing policy. ... Don't get confuse i will explain clearly with some example.Thing i have TESTnamed DC and XYZ is a system is the member TEST domain. ... Iam applied Administrator Account rename group policy for all member systems in a TEST.COM Domain,it is renamed the adminstrator account only in member of domain systems,but now onlyits renaming the builtin global administrator account in the DC also. ...
    (microsoft.public.windows.server.active_directory)