SCECLI 1202 Event

[Will]

On a Windows 2000 domain controller (it is a backup and does not hold any
roles), we are getting an SCECLI 1202 event in the eventviewer with a code
of 0x534, which means "no mapping between account names and security IDs was
done." The error does not occur on the primary domain controller. I read
throught the Microsoft kb article on this event here:

http://support.microsoft.com/kb/324383

but this leads me to a dead end. There is no group policy that contains
the "Power Users" group, and that is the group that is being objected to
here.

I am including an extract from winlogon.log below my signature. Does
someone have a theory on why Power Users appears in this file if Power Users
does not show up in any of the
%SYSTEMROOT%\Security\Templates\Policies\GPT*.INF files?

--
Will


Error 0 to send control flag 1 over to server.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

[Mapping] gpt00000.inf = Default Domain Controllers Policy
-------------------------------------------
11/12/2005 14:43:29
Invoke Registry Value Delay Filter.
Analyze machine\software\microsoft\driver signing\policy.
...
Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
Copy local policy.


----Un-initialize configuration engine...
-------------------------------------------
11/12/2005 14:43:31
----Configuration engine is initialized successfully.----

----Reading Configuration template info...


----Configure User Rights...
Configure S-...
Configure S-1-5-18.
Configure Power Users.
Error 1332: No mapping between account names and security IDs was done.
Cannot find Power Users.
Configure S-1-5-32-545.
...

User Rights configuration completed with error.

 

[Andrei Ungureanu]

from the
http://www.eventid.net/display.asp?eventid=1202&eventno=348&source=SceCli&phase=1

error code 0x534 (decimal 1332)- "No mapping between account names and
security IDs was done.":
A program was installed, which creates user accounts and assigns rights to
those user accounts. Later, the program was removed,the user accounts
deleted, but the rights from policy before the accounts were still there. A
user account is added and rights assigned to the account. The account is
deleted, but not from security policies. The "0x534" code is the hex for
"1332". Following the suggestions in M324383 (see the link below) helps.
Make sure you check the domain, domain controllers and local group policies.

Are you sure that there is no Local Security Policy applied on that DC?


--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader beta!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

 

[Will]

Will the local security policy be located in
%SYSTEMROOT%\Security\Templates\Policies?

I did follow the directions in the Microsoft KB article that I originally
posted, and that you referenced in your response.

 

[Will]

Is there a straightforward way to reset the local security policy to its
default values (i.e., everything disabled and not set)?