Re: Error convert applying security template

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 08/12/04 

Date: Thu, 12 Aug 2004 21:24:32 GMT

How did you try to change permissions? Did you manually change permissions, import a
template into Local Security Policy on one or more domain controllers, or import a
template into Domain Controller Security policy or another GPO?? Hopefully you did
this locally so that ntfs permissions are not replicating. What permission did you
modify? Below is some information on the Event ID 1126.

http://eventid.net/display.asp?eventid=1126&eventno=656&source=NTDS%20General&phase=1

What I would do for now, is try and manually change ntfs permissions for now on that
computer. For the system drive make sure administrators and system have full control,
that users have read/list/execute and everyone has read permissions. Do NOT force
those changes down, just configure in the root folder. Do the same for program files
and \winnt folder. Make sure there are no deny permissions listed either. The Sysvol
share should have administrators full control and users have read.

"Resonate" <resonate@jolt.co.uk> wrote in message
news:WORSc.2155$9M3.611@newsfe2-gui.ntli.net...
> Stephen
>
> All this occored when i screwed around with the C: file permissions to try
> and lock down security. It seems I have screwed the SYSVOL security etc and
> I belive this template replaces the file permissions. As I couldnt do it I
> decided to try and demote the DC and re add it to the domain but it wont
> even let me do that.
>
> I am not getting all them errors in that KB only these
>
> Event Type: Error
> Event Source: NTDS General
> Event Category: Global Catalog
> Event ID: 1126
> User: Everyone
> Description: Unable to establish connection with global catalog.
>
> Event Type: Warning
> Event Source: NTDS General
> Event Category: Global Catalog
> Event ID: 1655
> Description: The attempt to communicate with global catalog
> \\computername.SoftwareManager.TheSoftwareManager.com failed with the
> following status:
>
> Access is denied.
>
> The operation in progress might be unable to continue. The directory service
> will use the locator to try to find an available global catalog server for
> the next operation that requires one.
>
> The record data is the status code.
> Data: 0000: 05 00 00 00
>
> Any further help appreciated.
>
>
>
>
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> news:wQQSc.275646$JR4.24015@attbi_s54...
> > The error message indicates there is a problem reading the file security
> > section of
> > the security template. You might try to replace it from the install disk
> > and also try
> > to apply it using the Security Configuration and Analysis mmc snapin tool.
> > I read
> > that KB and it seems like you might have some major problem with
> > replication if all
> > that was going on. If you still have problems with replication I suggest
> > you post in
> > the win2000.active_directory newsgroup for help on resolving your issue.
> > Replmon,
> > gpotool, repadmin, nltest, dnslint, netdiag, and dcdiag are support tools
> > that you
> > may find helpful. --- Steve
> >
> > "Resonate" <resonate@jolt.co.uk> wrote in message
> > news:nbRSc.667$oP2.339@newsfe5-gui.ntli.net...
> >>
> >>
> >>
> >> Following the advice of KB Q305837. I tried to apply the
> >> security template as follows.
> >>
> >>
> >> secedit /configure /cfg basicdc.inf /db basicdc.sdb /log
> >> basicdc.log /verbose
> >>
> >>
> >> The reply was:
> >>
> >>
> >> The data is invalid, the task completed with error. See
> >> log file.
> >>
> >>
> >> The log stated:
> >>
> >>
> >> Error 13: The data is invalid.
> >> Error convert %DSDIT%.
> >> Error 13: The data is invalid.
> >> Error convertting section File Security.
> >> ----Configuration engine is initialized with error.----
> >>
> >>
> >>
> >> ----Un-initialize configuration engine...
> >>
> >>
> >>
> >>
> >> Can anyone help please! My DC's are not replicating :(
> >>
> >>
> >
> >
>
>

Relevant Pages

  • Re: Customzing Security Template Files
    ... You are welcome Shawn. ... I tried my template editing steps with an XPSP2 ... > permissions dialog box when you configure a service and you don't end up ... >> As you work with the Security Templates and the Security Configuration ...
    (microsoft.public.security)
  • Re: Customzing Security Template Files
    ... different from System need full permissions to the service.>> ... I did try some more experimenting with new template files and came ... load the Security Templates snap-in and expand the Security ... > Windows Server 2003 given the version of guide you mention). ...
    (microsoft.public.security)
  • Re: Customzing Security Template Files
    ... I tried my template editing steps with an XPSP2 ... permissions dialog box when you configure a service and you don't end up ... > As you work with the Security Templates and the Security Configuration ... >> Windows Server 2003 given the version of guide you mention). ...
    (microsoft.public.security)
  • RE: What server hardening are you doing these days?
    ... permissions on their data, and Microsoft encourages ISVs to minimize ... I've been able to discuss ACLs and other security issues in Windows with ... Control or DAC (which is what you're referring to by the "stupid ...
    (Focus-Microsoft)
  • ASP Dot Net Security Guidelines
    ... with just system / admin ntfs permissions then use filemon from sysinternals ... guidelines for securing a web server with the dot net platform installed on ... Also I've been looking at the security templates snap it and wondering if it ... was possible to create my own template with file system permissions on so ...
    (Focus-Microsoft)