RE: SBS 2003 Lost all the Security Policies.

Hello,

Thank for posting in our newsgroup.

From your description, I know that your Default Domain Controller Security
Policy or Domain Security Policy it is empty. Also your Exchange server is
stopped. If I am off-base, please don't hesitate to let me know.

First, please understand that our newsgroup is an issue based service,
meaning we usually respond to one question/issue per post. This will lessen
the confusion for both of us, as well as ensure that our results are
accurate and not a result of a test for a different question. Since we're
not sure whether these issues are related, I suggest we focus on the
Security policy question in this post. I suggest you to open a new post on
Exchange problem in our newsgroup. Also, the Exchange server is down and
your business is affected by this, a suggestion is to call CSS which will
provide more speedy support. Thanks for your understanding.

Please take the following steps to see if the problem can be resolved:

Step 1: You said you created the policies, did you using the dcgpofix to
repair the default domain policy?

DCGPOFIX.EXE will restore the Default Domain Policy and the Default Domain
Controller Policy to original default settings. It does not affect other
GPOs on SBS server.
Note: This tool can restore default domain policy and default domain
controllers policy. When you run dcgpofix, you will lose any changes made
to these Group Policy objects. So please perform a complete backup first.

To restore Domain only , Domain Controller only or both at the same time,
the commands are as follows:

dcgpofix /target:domain
or
dcgpofix /target:dc
or
dcgpofix /target:both

For more information, please refer to:

Restore Default Group Policy Objects
http://www.microsoft.com/resources/documentation/windowsserv/2003/enterprise
/proddocs/en-us/dcgpofix.asp

Step 2: Please check the security setting for sysvol.

1. On the SBS server, open C:\WINDOWS\SYSVOL
2. There should be another sysvol subfolder in the above directory and it
should have been shared. Please right click the sysvol subfolder and click
Properties.
3. On the Sharing tab, click the Permissions button.
4. Ensure that the Administrators and Authenticated Users group have Full
Control permissions and Everyone has Read permission. Also, there should be
NO Deny items.
5. Browse to the Security tab and click Advanced button.
6. Ensure the following:

1) Administrators and SYSTEM should have Full Control permissions which
apply to "This folder, subfolders and files".
2) Authenticated Users and Server Operators should have Read & Execute
permissions which apply to "This folder, subfolders and files".
3) CREATOR OWNER should have Full Control permissions which apply to
"Subfolders and files only".
4) There should be NO Deny items.
5) All the permissions are inherited from the parent folder
(C:\WINDOWS\SYSVOL).

Please also help me collect the following information for further research:

MPS Report on both SBS server and one problematic client.

1. Download the MPSRPT_NETWORK.EXE from the following link and then run
this tool to gather some information from the problematic computer:
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE
2. Double-click on the MPSRPT_NETWORK.EXE file.
[Note] This process may take some time; however, it will not have a
negative effect on the performance.
3. A CAB file will be generated in the
%systemroot%\MPSReports\Network\Reports\Cab directory called
%COMPUTERNAME%_MPSReports.CAB. The CAB file will contain the reports
generated by the MPS Reporting Tool.
4. Please send the CAB to SBSCDATA@xxxxxxxxxxxxx with
subject:Windowsserver.sbs: Active Directory Errors (37452027).

I am looking forward to hear from you.

If you need further assistance, please don't hesitate to let me know.

Best regards,

Robert Li(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================

This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
<Date: Wed, 13 Jun 2007 20:54:37 +0100
<From: Fernando Morais <nandox7@xxxxxxxxx>
<User-Agent: Thunderbird 2.0.0.0 (Windows/20070326)
<MIME-Version: 1.0
<Subject: SBS 2003 Lost all the Security Policies.
<Content-Type: text/plain; charset=ISO-8859-1; format=flowed
<Content-Transfer-Encoding: 7bit
<Message-ID: <uqe7sSfrHHA.4104@xxxxxxxxxxxxxxxxxxxx>
<Newsgroups: microsoft.public.windows.server.sbs
<NNTP-Posting-Host: bl5-10-209.dsl.telepac.pt 82.154.10.209
<Lines: 1
<Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP06.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:43711
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<Hi,
<
<I have a SBS 2003 Premium that had a strange (for me) and a severe problem.
<For no reason that i can understand, it lost all the security policies.
<For example, if i go to Default Domain Controller Security Policy or
<Domain Security Policy it is clean.
<
<My main problem is exchange, it stopped working too has Exchange System
<Attendant can't start always giving the event id 1005 with the message:
<
<"Unexpected error Logon failure: unknown user name or bad password.
<Facility: Win32 ID no: 8007052e Microsoft Exchange System Attendant
<occurred. "
<
<I've tried to recreate all the Default Domain Controller Security
<Policies, re-run /forestprep and /domainprep to try to re-apply all the
<needed setting for it to run. But it's not working.
<
<One other thing, is that no other machine or server can list or broswe
<this machine shares, sysvol, Clientapps. Everytime i try it get the
<error "Target logon account is invalid". But locally it works.
<
<I tend to suspect that i still need to fix some security settings on the
<server but how can i do that? Any help on this?
<
<Thank you.
<
<Nando
<

.