Re: Error convert applying security template

From: Resonate (resonate_at_jolt.co.uk)
Date: 08/13/04 

Date: Thu, 12 Aug 2004 22:43:21 GMT

In my infinate wisdom i manually removed Everyone from the whole of C: on
this DC as a security measure lol.

I have since before your recommendation to the contrary forced down
everyone>full control on the whole of C drive in a hope to get replication
going again but no joy.

"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:keRSc.293429$Oq2.277565@attbi_s52...
> How did you try to change permissions? Did you manually change
> permissions, import a
> template into Local Security Policy on one or more domain controllers, or
> import a
> template into Domain Controller Security policy or another GPO?? Hopefully
> you did
> this locally so that ntfs permissions are not replicating. What permission
> did you
> modify? Below is some information on the Event ID 1126.
>
> http://eventid.net/display.asp?eventid=1126&eventno=656&source=NTDS%20General&phase=1
>
> What I would do for now, is try and manually change ntfs permissions for
> now on that
> computer. For the system drive make sure administrators and system have
> full control,
> that users have read/list/execute and everyone has read permissions. Do
> NOT force
> those changes down, just configure in the root folder. Do the same for
> program files
> and \winnt folder. Make sure there are no deny permissions listed either.
> The Sysvol
> share should have administrators full control and users have read.
>
> "Resonate" <resonate@jolt.co.uk> wrote in message
> news:WORSc.2155$9M3.611@newsfe2-gui.ntli.net...
>> Stephen
>>
>> All this occored when i screwed around with the C: file permissions to
>> try
>> and lock down security. It seems I have screwed the SYSVOL security etc
>> and
>> I belive this template replaces the file permissions. As I couldnt do it
>> I
>> decided to try and demote the DC and re add it to the domain but it wont
>> even let me do that.
>>
>> I am not getting all them errors in that KB only these
>>
>> Event Type: Error
>> Event Source: NTDS General
>> Event Category: Global Catalog
>> Event ID: 1126
>> User: Everyone
>> Description: Unable to establish connection with global catalog.
>>
>> Event Type: Warning
>> Event Source: NTDS General
>> Event Category: Global Catalog
>> Event ID: 1655
>> Description: The attempt to communicate with global catalog
>> \\computername.SoftwareManager.TheSoftwareManager.com failed with the
>> following status:
>>
>> Access is denied.
>>
>> The operation in progress might be unable to continue. The directory
>> service
>> will use the locator to try to find an available global catalog server
>> for
>> the next operation that requires one.
>>
>> The record data is the status code.
>> Data: 0000: 05 00 00 00
>>
>> Any further help appreciated.
>>
>>
>>
>>
>> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
>> news:wQQSc.275646$JR4.24015@attbi_s54...
>> > The error message indicates there is a problem reading the file
>> > security
>> > section of
>> > the security template. You might try to replace it from the install
>> > disk
>> > and also try
>> > to apply it using the Security Configuration and Analysis mmc snapin
>> > tool.
>> > I read
>> > that KB and it seems like you might have some major problem with
>> > replication if all
>> > that was going on. If you still have problems with replication I
>> > suggest
>> > you post in
>> > the win2000.active_directory newsgroup for help on resolving your
>> > issue.
>> > Replmon,
>> > gpotool, repadmin, nltest, dnslint, netdiag, and dcdiag are support
>> > tools
>> > that you
>> > may find helpful. --- Steve
>> >
>> > "Resonate" <resonate@jolt.co.uk> wrote in message
>> > news:nbRSc.667$oP2.339@newsfe5-gui.ntli.net...
>> >>
>> >>
>> >>
>> >> Following the advice of KB Q305837. I tried to apply the
>> >> security template as follows.
>> >>
>> >>
>> >> secedit /configure /cfg basicdc.inf /db basicdc.sdb /log
>> >> basicdc.log /verbose
>> >>
>> >>
>> >> The reply was:
>> >>
>> >>
>> >> The data is invalid, the task completed with error. See
>> >> log file.
>> >>
>> >>
>> >> The log stated:
>> >>
>> >>
>> >> Error 13: The data is invalid.
>> >> Error convert %DSDIT%.
>> >> Error 13: The data is invalid.
>> >> Error convertting section File Security.
>> >> ----Configuration engine is initialized with error.----
>> >>
>> >>
>> >>
>> >> ----Un-initialize configuration engine...
>> >>
>> >>
>> >>
>> >>
>> >> Can anyone help please! My DC's are not replicating :(
>> >>
>> >>
>> >
>> >
>>
>>
>
>

Relevant Pages

  • Re: File Permissions
    ... The default full control for everyone on the root folder is a security issue ... back to default ntfs permissions. ... particularly for the administrator account, ...
    (microsoft.public.win2000.security)
  • Re: User Control Security on .Net 2.0
    ... we'll suggest design the security policy and ... help calculate the permissions our assemblies require.... ... Microsoft Online Support ... since the IE hosted winform control are hosted in Internet explore ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: folder permissions
    ... permissions, everyone has full control. ... Security tab, I added my security group, select everything BUT Full control, ... I have a folder on my server that will contain information scanned ...
    (microsoft.public.windows.server.general)
  • Re: folder permissions
    ... permissions, everyone has full control. ... Security tab, I added my security group, select everything BUT Full ... I have a folder on my server that will contain information ...
    (microsoft.public.windows.server.general)
  • Re: FileIOPermissions issue - howto fix?
    ... In the .NET CAS security manager, doesn't really matter what user permissions you ... have on that network share, the code-origin is queried first and it is LocalInternet ... > control and edit/save capabilities) disappears from the main form. ...
    (microsoft.public.dotnet.security)