Question about Operating Systems

1 Answer

Group policy problem

I am getting below problem in windows 2003 domain controller.pls help me.

Windows cannot access the file gpt.ini for GPO CN={89B935E4-B751-489C-89C0-2A0E2D100BBD},CN=Policies,CN=System,DC=clinsoft,DC=com. The file must be present at the location <\\clinsoft.com\SysVol\clinsoft.com\Policies\{89B935E4-B751-489C-89C0-2A0E2D100BBD}\gpt.ini>. (The system cannot find the file specified. ). Group Policy processing aborted.

Posted by on

1 Answer

  • Level 2:

    An expert who has achieved level 2 by getting 100 points

    MVP:

    An expert that got 5 achievements.

    Novelist:

    An expert who has written 50 answers of more than 400 characters.

    Governor:

    An expert whose answer got voted for 20 times.

  • Expert
  • 186 Answers

This a known issue with Microsoft, they descibe how to handle it here:

http://support.microsoft.com/kb/842804

Posted on Sep 28, 2008

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

Whenever i download and install any torrent file on my pc, i get a message to restart. when i restart the system, no icons will be displayed on the screen and not even the task manager gets operated. i get...


For task manager



1. Verity that the "Local Group Policy" or "Domain Group Policy" doesn’t block you from using

"Task Manager".

1.1 "Local Group Policy"

a. Go to "Start" -> "Run" -> Write "Gpedit.msc" and press on "Enter" button.

b. Navigate to "User Configuration" -> "Administrative Templates" -> "System" -> "Ctrl+Alt+Del Options"

c. In the right side of the screen verity that "Remove Task Manager"" option set to "Disable" or "Not Configured".If so set to other and viceversa

d. Close "Gpedit.msc" MMC.

e. Go to "Start" -> "Run" -> Write "gpupdate /force" and press on "Enter" button.

Note: If you are using Windows 2000, please follow KB q227302 instead stage "e".

Using SECEDIT to Force a Group Policy Refresh Immediately
http://support.microsoft.com/kb/q227302/


1.2 "Domain Group Policy"

a. Contact you local IT support team.


2. Verity correct registry settings::

a. Go to "Start" -> "Run" -> Write "regedit" and press on "Enter" button.


Warning: Modifying your registry can cause serious problems that may require you to reinstall your operating system.
Always backup your files before doing this registry hack.

b. Navigate to the following registry keys and verity that following settings set to default:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DisableCAD"=dword:00000000

c. Reboot the computer.


For no icons


go to run just type " explorer " and that should be it

Jun 06, 2009 | Microsoft Windows XP Professional

Tip

Fix Windows 7 Error ?Windows is Not Genuine? Error code 0×80070005


f63627f.png

Those users running genuine version of Windows 7 provided with their hardware platform reported that immediately after log on they were presented with following error message. “Windows is not genuine. Your computer might not be running a counterfeit copy of Windows. 0×80070005.”
Some other symptoms of associated with this issue are,
The computer desktop background is black, and you receive the following error message on the bottom right corner of the screen:
“This copy of Windows is not genuine”
You receive the following error message when you view the System Properties: (Control Panel / System and Security / System)
“You must activate today. Activate Windows now”
If you try to use slmgr.vbs /dlv to view the licensing status, you receive the following message:
Error: 0×80070005 Access denied: the requested action requires elevated privileges
Microsoft is fully aware of this issue and provided following explanation for the issue,
There is a lack of permissions in the registry key HKU\S-1-5-20. The Network Service account must have full control and read permissions over that registry key.
This situation may be the result of applying a Plug and Play Group Policy object (GPO).
To resolve this issue, you can either disable the policy setting (Method A), or edit the permissions to provide the Licensing Service the required permissions (Method B).
Method A: Disable the Plug and Play Policy

1. Determine the source of the policy . To do this, follow these steps:
a. On the client experiencing the Activation error, run the Resultant Set of Policy wizard by clicking Start, Run and entering rsop.msc as the command.
b. Visit the following location:
Computer Configuration / Policies / Windows Settings /Security Settings / System Services /
If the Plug and Play service is configured through a Group Policy setting, you see it here with settings other than Not Defined. Additionally, you can see which Group Policy is applying this setting.
2. Disable the Group Policy settings and force the Group Policy to be reapplied.
a. Edit the Group Policy that is identified in Step 1 and change the setting to “Not Defined.” Or, follow the section below to add the required permissions for the Network Service account.
b. Force the Group Policy setting to reapply: gpupdate /force (a restart of the client is sometimes required)
Method B: Edit the permissions of the Group Policy:

1. Open the Group Policy that is identified in Method A, Step 1 above, and open the corresponding Group Policy setting.
2. Click the Edit Security button, and then click the Advanced button.
3. In the Advanced Security Settings for Plug and Play window click Add and then add the SERVICE account. Then, click OK
4. Select the following permissions in the Allow section and then click OK:
Query template, Query status, Enumerate dependents, Interrogate, User-defined control, Read permissions
Note: The Previous rights are the minimum required permissions.
5. Run gpupdate /force after you apply the previous permissions to the Group Policy setting.
6. Verify that the appropriate permissions are applied with the following command:
sc sdshow plugplay
The following are the rights applied to the Plug and Play service in SDDL:
D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
(A;;CCLCSWLOCRRC;;;IU)
(A;;CCLCSWLOCRRC;;;SU)
S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
(A;;CC LC SW LO CR RC ;;;SU is an Access Control Entry (ACE) that allows the following rights to “SU” (SDDL_SERVICE – Service logon user)
A: Access Allowed
CC: Create Child
LC: List Children
SW: Self Write
LO: List Object
CR: Control Access
RC: Read Control
SU: Service Logon User
Note: If there are no GPO’s in place, then another activity may have changed the default registry permissions. To work around this issue, perform the following steps:
1. On the computer that is out of tolerance, start Registry Editor.
2. Right-click the registry key HKEY_USERS\S-1-5-20, and select Permissions…
3. If the NETWORK SERVICE is not present, click Add…
4. In Enter the object names to select type Network Service and then click Check Names and OK.
5. Select the NETWORK SERVICE and Grant Full Control and Read permissions.
6. Restart the computer.
7. After the restart, the system may require activation. Complete the activation.

on Jul 15, 2010 | Operating Systems

Tip

Using UAC in Windows Vista


Windows Vista has the built-in ability to automatically reduce the potential of security breaches in the system. It does that by automatically enabling a feature called User Account Control (or UAC for short). The UAC forces users that are part of the local administrators group to run like they were regular users with no administrative privileges.








Although UAC clearly improves the security on Windows Vista, under some scenarios you might want to disable it, for example when giving demos in front of an audience (demos that are not security related, for example). Some home users might be tempted to disable UAC because of the additional mouse clicking it brings into their system, however I urge them not to immediately do so, and try to get used to it instead.
Anyway, if required, you can disable UAC by using one of the following methods:
Method #1 - Using MSCONFIG
  1. Launch MSCONFIG by from the Run menu.
  2. Click on the Tools tab. Scroll down till you find "Disable UAC" . Click on that line.
    disable_uac_1.gif
  3. Press the Launch button.
  4. A CMD window will open. When the command is done, you can close the window.
  5. Close MSCONFIG. You need to reboot the computer for changes to apply.
You can re-enable UAC by selecting the "Enable UAC" line and then clicking on the Launch button.
*Recommended: Speed up Vista boot times by reducing the number of programs that load at startup. Control your Vista startup list with this Vista app
Method #2 - Using Regedit
  1. Open Registry Editor.
  2. In Registry Editor, navigate to the following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
  3. Locate the following value (DWORD): EnableLUA and give it a value of 0.
    disable_uac_2.gif Note: As always, before making changes to your registry you should always make sure you have a valid backup. In cases where you're supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.
  4. Close Registry Editor. You need to reboot the computer for changes to apply.
In order to re-enable UAC just change the above value to 1.
Method #3 - Using Group Policy This can be done via Local Group Policy or via Active Directory-based GPO, which is much more suited for large networks where one would like to disable UAC for many computers at once.
If using Local Group Policy you'll need to open the Group Policy Editor (Start > Run > gpedit.msc) from your Vista computer.
If using in AD-based GPO, open Group Policy Management Console (Start > Run > gpmc.msc) from a Vista computer that is a member of the domain. In the GPMC window, browse to the required GPO that is linked to the OU or domain where the Vista computers are located, then edit it.
  1. In the Group Policy Editor window, browse to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
    disable_uac_gpo_1.gif
  2. In the right pane scroll to find the User Access Control policies (they're down at the bottom of the window). You need to configure the following policies:disable_uac_gpo_2.gif
  3. You'll need to reboot your computers.
Method #4 - Using Control Panel
  1. Open Control Panel.
  2. Under User Account and Family settings click on the "Add or remove user account".
    disable_uac_3.gif
  3. Click on one of the user accounts, for example you can use the Guest account.
  4. Under the user account click on the "Go to the main User Account page" link.
    disable_uac_4.gif
  5. Under "Make changes to your user account" click on the "Change security settings" link.
    disable_uac_5.gif
  6. In the "Turn on User Account Control (UAC) to make your computer more secure" click to unselect the "Use User Account Control (UAC) to help protect your computer". Click on the Ok button.
    disable_uac_6.gif
  7. You will be prompted to reboot your computer. Do so when ready.
    disable_uac_7.gif
In order to re-enable UAC just select the above checkbox and reboot.

on Apr 29, 2010 | Microsoft Windows Vista Home Premium...

2 Answers

Logon issue in a domain trust - Win 2003


Are you logging in through terminal services? If so you need to give the user "allow logon through terminal services" permission in group policy.

Otherwise you need to give the user "allow logon locally" permission on the domain controller.

Mar 20, 2009 | Microsoft Windows Server Standard 2003 for...

1 Answer

Server 2003: what group policy to allow tabbed browsing for IE7?


First of all - what an excellent question! I felt challenged to find out and here is what I digged out:

The registry keys responsible for this settings are
  1. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
  2. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\TabbedBrowsing
The GPO's can be set on two levels:
  1. Computer Configuration / Administrative Templates / Windows Components / Internet Explorer
  2. User Configuration / Administrative Templates / Windows Components / Internet Explorer
Hope this helps!

Feb 19, 2009 | Microsoft Windows Server Standard 2003 for...

1 Answer

Domain\administrator has no local admin rights


You may need to edit group policy if this was once in a domain. You may want to try rebooting the machine and logging into the 'LOCAL' machine and see if you have rights that way. Each machine by default has one administrator account but if the server was part of a domain, that right may have been removed. You may need to reset OWNER privileges for all files in the machine.

Jul 24, 2008 | Microsoft Windows Server Standard 2003 for...

2 Answers

TERMINAL USER SECURITY IN WINDOWS 2003


please define users & give him restrictions as well as rights,
make them as an standard user (dont define them as an administrators) if u have some applications which have to be use by terminal users then give them only that much of applications..


dont allow them to use anyother applications..

May 03, 2008 | Microsoft Windows Server Standard 2003 for...

2 Answers

The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.


Make sure and keep copies of all the folders and files.
Take these actions to resolve your problem:
On all Active Directory registered domain controllers:
1. Stop NETLOGON Service
2. Stop File Replication Service (NTFRS)
On the PDC Emulator:
1. Rename all files in the %systemroot%\ntfrs folder and subfolders (change their extension to .old).
2. Give an unlisted account full control of the directory %systemroot%\SYSVOL folder and reset permissions on all child objects.
3. Change the registry key:
HKLM\System\CurrentControlSet\Services\ntfrs\paramaters\Backup/Restore\Process at Startup\BurFlags (REG_DWORD) = D4 (The default on this is 0)
4. Start the NETLOGON Service
5. Start the NTFRS Service
On all non-PDC emulators:
1. Change the registry key:
HKLM\System\CurrentControlSet\Services\ntfrs\paramaters\Backup/Restore\Process at Startup\BurFlags (REG_DWORD) = D2
2. Start the NETLOGON Service
3. Start the File Replication Service (NTFRS)
At this point, the system in question should have recreated the SYSVOL share and the NETLOGON share. Check this by running 'net share' from a command prompt. You should also see the Group Policy Objects listed in the SYSVOL directory as:
%systemroot%\SYSVOL\domain_name\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}
%systemroot%\SYSVOL\domain_name\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}
There may be more directories listed here, but these are the Default Domain Policy and the Default Domain Controllers Policy that are installed by default when the Active Directory is created. If these are being replicated, then file replication is functioning.
If you cannot find these directories, then you may have to manually recreate them. Here is a list of the proper directory structure of the %systemroot%\SYSVOL folder:
\SYSVOL
________\domain
________________\DO_NOT_REMOVE_NtFrs_PreInstall_Directory
________________\Policies
________________\Scripts
________\scripts
________\staging
________\staging areas
________________\domain_name
________\sysvol (shared as SYSVOL)
________________\domain_name
________________________\DO_NOT_REMOVE_NtFrs_PreInstall_Directory
________________________\Policies
________________________\Scripts (shared as NETLOGON)
If you have to manually recreate the directories, restart the File Replication Service (NTFRS) on all domain controllers to re-enable replication. This should get the file replication functioning normally

Apr 25, 2008 | Microsoft Windows Server Standard 2003 for...

1 Answer

Logging on to server


You need to go into administrative tools and look for group policy.

In the local computer policy
Computer Configuration
Windows Settings > security settings > Local policies > user rights assignment. In the right hand pane find the policy for "Allow log on locally" Set the user accounts for those users which are allowed to log on interactively on the server. Be careful you dont lock the administrator account out.
Use in conjunction with the "Deny logon locally policy" if you need to.
Hope this helps

Mar 22, 2008 | Microsoft Windows Server Standard 2003 for...

Not finding what you are looking for?
Operating Systems Logo

Related Topics:

95 people viewed this question

Ask a Question

Usually answered in minutes!

Top Operating Systems Experts

Les Dickinson
Les Dickinson

Level 3 Expert

18297 Answers

Brian Sullivan
Brian Sullivan

Level 3 Expert

27725 Answers

Prashant  Sharma
Prashant Sharma

Level 3 Expert

1127 Answers

Are you an Operating System Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...