Security Policy Issues

G

Guest

I'm having a problem with a security templates deployed by an OU Policy for
some computers on our domain.

Some of the policies computer settings are pushed to the workstations others
are not. Specifically the restricted group configuration for the power users
group doesn’t work at all.

On the workstations application event log I get an Event ID 1202 logged the
source being SCEcli. These entries show up everytime the computer policy
refreshes.

Sample event text:

Security policies are propagated with warning. 0xd : The data is invalid.

For best results in resolving this event, log on with a non-administrative
account and search http://support.microsoft.com for "Troubleshooting Event
1202s".

Help where do I begin?

Thanks
Rob

Rob
IT guy!
 
S

Steven L Umbach

The only references that I could find for that error with 0xd : The data is
invalid is for when seen on domain controllers but that is not your case.
Since you are having problems with Restricted Groups for power users what I
would try is to remove that RG setting and then see is the Event ID 1202
goes away and if it does it would seem to be related to RG misconfiguration.
It is also a good idea when having such problems to run the support tool
netdiag on one or a couple of the domain computers being affected looking
for problems such as dc discovery, dns, and trust/secure channel. I would
also run the support tool gpotool on a domain controller to see if all
active domain controllers are found and no problems are reported such as GPO
mismatches. --- Steve

http://support.microsoft.com/kb/250842 -- general Group Policy
troubleshooting
http://technet2.microsoft.com/WindowsServer/en/Library/0c627456-5dfa-44db-b43a-e41c8f4f09231033.mspx
--- more GP troubleshooting.
 
G

Guest

I ran the netdiag and GPOtool.exe on the workstation and everything came back
fine. I ended up creating a new GP in a new OU and I applied the comp account
to it. Guess what it worked fine at that point. It turns out something in the
policy itself is corrupt and caused some of the items not to be enforced on
receiving computer. I'm not sure how this happened are there any tools that
can check the integrity of a GP? If not MS should look at adding this
capability. My new concern is do I have other policies like this? I guess
i'll have to look at each one and test to find out.

Thanks for your feedback in this matter.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SCECLI 1202 3
Error in Winlogon.log on DC 1
W2K ESENT Event ID 454, error -515 every 5 minutes 1
Security Policy Error 2
Event ID 1202 2
SceCli 1202 Not enough storage 1
Troubleshooting Event 1202s 4
Group policy problem related to client-side security extension 1

Top