Re: Security Policy Is not opening.
From: Varadarajam (Varadarajam_at_discussions.microsoft.com)
Date: 05/02/05
- Previous message: Galen: "Re: Free Download: Visio Connector for MBSA"
- In reply to: Steven L Umbach: "Re: Security Policy Is not opening."
- Next in thread: Steven L Umbach: "Re: Security Policy Is not opening."
- Reply: Steven L Umbach: "Re: Security Policy Is not opening."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 1 May 2005 23:30:02 -0700
Hi steve
Thanks for ur response. Actually we dont wanna do Authrotative Restore.
Because we dont know when the problem has started. We have made lot of
changes recently in our DC like creation of users and other share and
Security permissions. If we go for authoratative restore everything what we
have done recently we will lose.
About that tool which is specified by you, How much is safety is there?
Plase advise me which is the best way to restore our Default Domain
Policies... Waiting for your reply.
Thanks and Regards
Varadarajam.
"Steven L Umbach" wrote:
> Well it certainly looks like you have a problem with the two default
> policies for domain and domain controller. One solution could be to an
> authoritative restore of Active Directory from a System State backup from a
> time before this problem occurred. if it is a fairly recent problem then
> that may be a good solution assuming you have the System State backups.
> Another possibility that I can think of is to use a free tool from Microsoft
> to rebuild those two policies called RecreateDefpol.EX. The link for it is
> below and be sure to read the instructions and warnings. That is what I
> would try. You may however want to post in the Active Directory newsgroup to
> see if they have any further suggestions or alternatives. --- Steve
>
> http://www.microsoft.com/downloads/details.aspx?FamilyID=b5b685ae-b7dd-4bb5-ab2a-976d6873129d&displaylang=en
>
> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
> news:68CA3690-3D4C-4899-9AEA-0A5CCAE1F21B@microsoft.com...
> > Hi Steven
> >
> > Thanks for your reply. Actually we checked for that policy which u
> > mentioned
> > previously. Actually we dint find that policy in the Domain Controllers
> > Sysvol folder. If we try to change the settings of Default Domain Policy
> > properties also its saying u cannot access that file. We ran GPOTool also.
> > It
> > has given some errors on this Default Domain Policy. I am sending that
> > report
> > with this mail. Pls look into it and give me the suggestion on this. Is it
> > possible to create that Domain Default Policy. If its possible pls give me
> > the clear procedure for that. Waiting for your reply. Pls find the GPO
> > Report.
> > This is the report we got it when we ran GPOTool.
> >
> > Domain: sprosys.com
> > Validating DCs...
> > spro.sprosys.com: OK
> > softpro.sprosys.com: OK
> > Available DCs:
> > spro.sprosys.com
> > softpro.sprosys.com
> > Searching for policies...
> > Found 7 policies
> > ============================================================
> > Policy {0196EEA9-48D4-480E-8961-2E5E2C35D891}
> > Policy OK
> > Details:
> > ------------------------------------------------------------
> > DC: spro.sprosys.com
> > Friendly name: AccountTracking
> > Created: 4/26/2005 6:22:38 AM
> > Changed: 4/28/2005 10:05:15 AM
> > DS version: 0(user) 0(machine)
> > Sysvol version: 0(user) 0(machine)
> > Flags: 0
> > User extensions: not found
> > Machine extensions: not found
> > Functionality version: 2
> > ------------------------------------------------------------
> > ------------------------------------------------------------
> > DC: softpro.sprosys.com
> > Friendly name: AccountTracking
> > Created: 4/26/2005 6:22:38 AM
> > Changed: 4/28/2005 10:01:39 AM
> > DS version: 0(user) 0(machine)
> > Sysvol version: 0(user) 0(machine)
> > Flags: 0
> > User extensions: not found
> > Machine extensions: not found
> > Functionality version: 2
> > ------------------------------------------------------------
> > ============================================================
> > Policy {07DDE52B-4D39-4007-BB66-B37887143BE7}
> > Policy OK
> > Details:
> > ------------------------------------------------------------
> > DC: spro.sprosys.com
> > Friendly name: Terminal
> > Created: 2/28/2005 2:24:50 PM
> > Changed: 4/28/2005 10:05:15 AM
> > DS version: 33(user) 3(machine)
> > Sysvol version: 33(user) 3(machine)
> > Flags: 0
> > User extensions:
> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> > Machine extensions:
> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]
> > Functionality version: 2
> > ------------------------------------------------------------
> > ------------------------------------------------------------
> > DC: softpro.sprosys.com
> > Friendly name: Terminal
> > Created: 2/28/2005 2:24:50 PM
> > Changed: 4/28/2005 10:01:29 AM
> > DS version: 33(user) 3(machine)
> > Sysvol version: 33(user) 3(machine)
> > Flags: 0
> > User extensions:
> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> > Machine extensions:
> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]
> > Functionality version: 2
> > ------------------------------------------------------------
> > ============================================================
> > Policy {277C0E32-FC88-483F-BD63-EDA7DBA00770}
> > Policy OK
> > Details:
> > ------------------------------------------------------------
> > DC: spro.sprosys.com
> > Friendly name: Terminal
> > Created: 2/28/2005 2:23:24 PM
> > Changed: 4/28/2005 10:05:15 AM
> > DS version: 0(user) 0(machine)
> > Sysvol version: 0(user) 0(machine)
> > Flags: 0
> > User extensions: not found
> > Machine extensions: not found
> > Functionality version: 2
> > ------------------------------------------------------------
> > ------------------------------------------------------------
> > DC: softpro.sprosys.com
> > Friendly name: Terminal
> > Created: 2/28/2005 2:23:24 PM
> > Changed: 4/28/2005 10:01:22 AM
> > DS version: 0(user) 0(machine)
> > Sysvol version: 0(user) 0(machine)
> > Flags: 0
> > User extensions: not found
> > Machine extensions: not found
> > Functionality version: 2
> > ------------------------------------------------------------
> > ============================================================
> > Policy {31B2F340-016D-11D2-945F-00C04FB984F9}
> > Error: Cannot access
> > \\spro.sprosys.com\sysvol\sprosys.com\policies\{31B2F340-016D-11D2-945F-00C04FB984F9},
> > error 2
> > Error: Cannot access
> > \\softpro.sprosys.com\sysvol\sprosys.com\policies\{31B2F340-016D-11D2-945F-00C04FB984F9},
> > error 2
> > Details:
> > ------------------------------------------------------------
> > DC: spro.sprosys.com
> > Friendly name: Default Domain Policy
> > Created: 10/12/2004 4:37:20 PM
> > Changed: 4/30/2005 7:28:50 AM
> > DS version: 1(user) 3(machine)
> > Sysvol version: not found
> > Flags: 0
> > User extensions:
> > [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}]
> > Machine extensions:
> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
> > Functionality version: 2
> > ------------------------------------------------------------
> > ------------------------------------------------------------
> > DC: softpro.sprosys.com
> > Friendly name: Default Domain Policy
> > Created: 10/12/2004 4:37:20 PM
> > Changed: 4/30/2005 7:29:56 AM
> > DS version: 1(user) 3(machine)
> > Sysvol version: not found
> > Flags: 0
> > User extensions:
> > [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-11D2-842D-00C04FA372D4}]
> > Machine extensions:
> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
> > Functionality version: 2
> > ------------------------------------------------------------
> > ============================================================
> > Policy {5176A5A6-48DD-4A96-8405-A815C10B7EA8}
> > Policy OK
> > Details:
> > ------------------------------------------------------------
> > DC: spro.sprosys.com
> > Friendly name: terminal
> > Created: 2/28/2005 12:22:15 PM
> > Changed: 4/28/2005 10:05:15 AM
> > DS version: 1(user) 0(machine)
> > Sysvol version: 1(user) 0(machine)
> > Flags: 0
> > User extensions:
> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> > Machine extensions: not found
> > Functionality version: 2
> > ------------------------------------------------------------
> > ------------------------------------------------------------
> > DC: softpro.sprosys.com
> > Friendly name: terminal
> > Created: 2/28/2005 12:22:15 PM
> > Changed: 4/28/2005 10:01:08 AM
> > DS version: 1(user) 0(machine)
> > Sysvol version: 1(user) 0(machine)
> > Flags: 0
> > User extensions:
> > [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]
> > Machine extensions: not found
> > Functionality version: 2
> > ------------------------------------------------------------
> > ============================================================
> > Policy {6AC1786C-016F-11D2-945F-00C04FB984F9}
> > Error: Cannot access
> > \\spro.sprosys.com\sysvol\sprosys.com\policies\{6AC1786C-016F-11D2-945F-00C04FB984F9},
> > error 2
> > Error: Cannot access
> > \\softpro.sprosys.com\sysvol\sprosys.com\policies\{6AC1786C-016F-11D2-945F-00C04FB984F9},
> > error 2
> > Details:
> > ------------------------------------------------------------
> > DC: spro.sprosys.com
> > Friendly name: Default Domain Controllers Policy
> > Created: 10/12/2004 4:37:20 PM
> > Changed: 4/28/2005 10:05:15 AM
> > DS version: 0(user) 4(machine)
> > Sysvol version: not found
> > Flags: 0
> > User extensions: not found
> > Machine extensions:
> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> > Functionality version: 2
> > ------------------------------------------------------------
> > ------------------------------------------------------------
> > DC: softpro.sprosys.com
> > Friendly name: Default Domain Controllers Policy
> > Created: 10/12/2004 4:37:20 PM
> > Changed: 4/28/2005 10:01:01 AM
> > DS version: 0(user) 4(machine)
> > Sysvol version: not found
> > Flags: 0
> > User extensions: not found
> > Machine extensions:
> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> > Functionality version: 2
> > ------------------------------------------------------------
> > ============================================================
> > Policy {E3668F2C-D789-4A77-822D-DEABB4B9A657}
> > Policy OK
> > Details:
> > ------------------------------------------------------------
> > DC: spro.sprosys.com
> > Friendly name: New Group Policy Object
> > Created: 4/27/2005 3:54:32 AM
> > Changed: 4/28/2005 10:05:15 AM
> > DS version: 0(user) 34(machine)
> > Sysvol version: 0(user) 34(machine)
> > Flags: 0
> > User extensions: not found
> > Machine extensions:
> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> > Functionality version: 2
> > ------------------------------------------------------------
> > ------------------------------------------------------------
> > DC: softpro.sprosys.com
> > Friendly name: New Group Policy Object
> > Created: 4/27/2005 3:54:32 AM
> > Changed: 4/28/2005 10:00:51 AM
> > DS version: 0(user) 34(machine)
> > Sysvol version: 0(user) 34(machine)
> > Flags: 0
> > User extensions: not found
> > Machine extensions:
> > [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
> > Functionality version: 2
> > ------------------------------------------------------------
> >
> > Errors found
> >
> > Thanks and Regards
> > Rajam.
> >
> >
> > "Steven L Umbach" wrote:
> >
> >> Well good to hear that your dns seems to working correctly. See if
> >> anything
> >> unusual shows in the application or system logs in Event Viewer and try
> >> accessing the sysvol share as I explained before to see first if you can
> >> access it and then if you can try to navigate to those policies via
> >> domain
> >> name\policies\31B2F....\machine\Microsoft\Windows NT\SecEdit where you
> >> should see and be able to open the GptTmpl.inf file there. The policy
> >> starting 31B2F.... is the default domain Group Policy. Also try running
> >> the
> >> support tool gpotool to see if it shows at least two Group Policies and
> >> if
> >> any problems are reported as far as version numbers. Another thing to
> >> check
> >> is to Use Active Directory Users and Computers. Then find your domain,
> >> right
> >> click and select properties/Group Policy where you should see default
> >> domain
> >> policy. For it select properties/security to make sure that domain admins
> >> have necessary permissions which need to be at least read and write to
> >> edit
> >> the Group Policy. Verify that domain admins global group is a member of
> >> the
> >> administrators group and that you are logged on as a member of the domain
> >> admins group. --- Steve
> >>
> >>
> >> "Varadarajam" <Varadarajam@discussions.microsoft.com> wrote in message
> >> news:B72B0975-D61E-4826-93EA-BBDECB3FFE11@microsoft.com...
> >> > Hi Steven
> >> >
- Previous message: Galen: "Re: Free Download: Visio Connector for MBSA"
- In reply to: Steven L Umbach: "Re: Security Policy Is not opening."
- Next in thread: Steven L Umbach: "Re: Security Policy Is not opening."
- Reply: Steven L Umbach: "Re: Security Policy Is not opening."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
