secedit or group policy issues?

From: Patrick (patl_at_reply.newsgroup.msn.com)
Date: 08/24/04 

Date: Tue, 24 Aug 2004 17:48:44 +0100

I just did the following
1) Created a new OU in AD on a Win2K Server SP4
2) Created a new Group Policy Object under this OU. Objectives:
2.1) The only reason why these users are in AD under this OU is purely for
IIS Authentication, and because it looks like those users need "Log on
locally right" for Basic Authentication or Integrated Windows authentication
to work (otherwise with auditing, a failure audit is generated when I try
to log on with the correct username/password pair)
2.2) I try to set up a GPO under this OU so users under this OU can't do
anything destructive even if they try to log on (which they would be allowed
to do so)
3) at command prompt:
3.1) secedit /refreshpolicy user_policy /enforce
3.2) secedit /refreshpolicy machine_policy /enforce
3.3) secedit /refreshpolicy machine_policy

4) Wait a few minutes

5) Try to logon to the console (of the one and only one Domain Controller
for the domain) as those users under this OU, and I get the following logged
in event viewer:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 24/08/2004
Time: 17:28:20
User: MyWEB\SiteAdmin
Computer: MyWEBServer
Description:
Windows cannot query for the list of Group Policy objects . A message that
describes the reason for this was previously logged by this policy engine.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 24/08/2004
Time: 17:28:20
User: MyWEB\SiteAdmin
Computer: MyWEBServer
Description:
Windows cannot establish a connection to myweb.local with (0).

How could I rectify this?

Relevant Pages

  • Re: secedit or group policy issues?
    ... > 2) Created a new Group Policy Object under this OU. ... > locally right" for Basic Authentication or Integrated Windows ... > Computer: MyWEBServer ...
    (microsoft.public.win2000.security)
  • RE: Event ID: 1104
    ... Microsoft CSS Online Newsgroup Support ... <One of the client desktops, running Windows XP w/SP2, was experiencing ... <Windows cannot perform filter check for Group Policy object ... <The associated filter cannot be found. ...
    (microsoft.public.windows.server.sbs)
  • RE: Event ID: 1104
    ... Please ask the problematic user logon a good workstation, ... <One of the client desktops, running Windows XP w/SP2, was experiencing ... <Windows cannot perform filter check for Group Policy object ... <The associated filter cannot be found. ...
    (microsoft.public.windows.server.sbs)
  • Re: Controlling access to MSTSC.exe
    ... > i'm running a Windows 2003 enivronment with XP SP1 desktops. ... > searching for a group policy object to control access to the "remote ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: windows 2003 server [beginner]
    ... Well that's because domain users don't have LOCAL administrative rights to ... Enable Printer and File Sharing in a Group Policy Object ... This is better because then the print server processes the print job, ... share a printer from a windows XP machine then that machine will process ...
    (microsoft.public.windows.server.general)