'Failed To Save Local Policy Database' Error

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi all,

I'm having a little bit of trouble altering the User Rights Assignment in my
Local Security Settings in XP Pro. I'm trying to change the 'Access this
computer from the network' policy security setting on my computer, so that
other computers in my HOME workgroup can read files from its harddrive.
Everytime I try to change the setting, to include the other computer on my
network, I get the above error message, although I can't see any particular
why it saves when I specify the local computer in the setting.

I'm only using Simple File Sharing between my laptop, which is running XP
pro, and the desktop, in the Study, which is running XP Home. I've tracked
the fault down to this particular setting since the laptop can access all the
files on the desktop but not vice-versa. I'm not quite sure how this state of
affairs has come about since the network was working fine both ways up until
a couple of weeks ago. I tried doing a System Restore when I first
encountered the problem, but it was to no avail.

I'm sure all the hardware is functioning correctly, since I can ping all of
the computers. I get the 'System Error 5 has occurred' message if I try to
net view the laptop from the Study computer. After trying all the other
advice proffered for people in similar situations I can only assume that this
policy setting is what is causing the problems. The intriguing thing is that
I haven't changed this setting from when everything was working. I guess
that's Windows for you...

Any suggestions would be readily accepted.

Cheers,

James
 
Hi all,

I'm having a little bit of trouble altering the User Rights Assignment in my
Local Security Settings in XP Pro. I'm trying to change the 'Access this
computer from the network' policy security setting on my computer, so that
other computers in my HOME workgroup can read files from its harddrive.
Everytime I try to change the setting, to include the other computer on my
network, I get the above error message, although I can't see any particular
why it saves when I specify the local computer in the setting.

I'm only using Simple File Sharing between my laptop, which is running XP
pro, and the desktop, in the Study, which is running XP Home. I've tracked
the fault down to this particular setting since the laptop can access all the
files on the desktop but not vice-versa. I'm not quite sure how this state of
affairs has come about since the network was working fine both ways up until
a couple of weeks ago. I tried doing a System Restore when I first
encountered the problem, but it was to no avail.

I'm sure all the hardware is functioning correctly, since I can ping all of
the computers. I get the 'System Error 5 has occurred' message if I try to
net view the laptop from the Study computer. After trying all the other
advice proffered for people in similar situations I can only assume that this
policy setting is what is causing the problems. The intriguing thing is that
I haven't changed this setting from when everything was working. I guess
that's Windows for you...

Any suggestions would be readily accepted.

Cheers,

James
Click to expand...

James,

What specific value are you trying to add to this setting? On my computer, you
add users and groups. How are you including another computer in that setting?

Are you sure there's no firewall blocking file sharing? That's a very common
cause of the Error 5 ("Access Denied").

Is this XP Pro with Advanced File Sharing, or is it SFS on XP Pro too?

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
 
James,

What specific value are you trying to add to this setting? On my computer, you
add users and groups. How are you including another computer in that setting?
Click to expand...

I think you've hit the nail on the head there! I'll explain exactly what's
happening...

After loading up the Local Security Policy manager I'm selecting 'User
Rights Assignment' and then right clicking on 'Access this computer from the
network' and opening the properties panel.

Clicking on 'Add User or Group' brings up the 'Select Users or Groups'
panel. The default location is listed as 'James' which is my laptop, so I'm
clicking on the 'Locations...' button to select the LAN Network called
'Home'. This causes the 'Select this object type:' box to display
'Computers', which is the only option available if I open the 'Object
Types...' panel. Everything seems to be working fine up to this point.

I'm then typing 'Study' (the name of the other computer on the LAN) into
the 'Enter the object names to select (examples):' box and clicking on 'Check
Names'. This causes the 'Study' entry to be amended to 'HOME/STUDY', which
seems to be correct. When I click on 'OK' , 'STUDY' appears in the 'Access
this computer from the network' box in the 'Access this computer from the
network Properties' panel.

If I click on 'Apply' I get the 'Failed To Save Local Policy Database'
error in a panel entitled 'Security Templates'. The thing I can't understand
is that if I do everything exactly the same, but substitute 'James' for
'Study' in the 'Enter object names to select' box, then everything works fine.
Are you sure there's no firewall blocking file sharing? That's a very common
cause of the Error 5 ("Access Denied").
Click to expand...

The only firewall that I have is the built in Windows one. I've tried
disabling it but it makes no difference.
Is this XP Pro with Advanced File Sharing, or is it SFS on XP Pro too?
Click to expand...

It's SFS on XP Pro as well. I wouldn't know how to go about setting up
Advanced File Sharing!

I installed SP2 last night, hoping it might make some difference, but
(rather predictably) it didn't. :-(

Thanks for your help,

James
 
I think you've hit the nail on the head there! I'll explain exactly what's
happening...

After loading up the Local Security Policy manager I'm selecting 'User
Rights Assignment' and then right clicking on 'Access this computer from the
network' and opening the properties panel.

Clicking on 'Add User or Group' brings up the 'Select Users or Groups'
panel. The default location is listed as 'James' which is my laptop, so I'm
clicking on the 'Locations...' button to select the LAN Network called
'Home'. This causes the 'Select this object type:' box to display
'Computers', which is the only option available if I open the 'Object
Types...' panel. Everything seems to be working fine up to this point.

I'm then typing 'Study' (the name of the other computer on the LAN) into
the 'Enter the object names to select (examples):' box and clicking on 'Check
Names'. This causes the 'Study' entry to be amended to 'HOME/STUDY', which
seems to be correct. When I click on 'OK' , 'STUDY' appears in the 'Access
this computer from the network' box in the 'Access this computer from the
network Properties' panel.

If I click on 'Apply' I get the 'Failed To Save Local Policy Database'
error in a panel entitled 'Security Templates'. The thing I can't understand
is that if I do everything exactly the same, but substitute 'James' for
'Study' in the 'Enter object names to select' box, then everything works fine.


The only firewall that I have is the built in Windows one. I've tried
disabling it but it makes no difference.


It's SFS on XP Pro as well. I wouldn't know how to go about setting up
Advanced File Sharing!

I installed SP2 last night, hoping it might make some difference, but
(rather predictably) it didn't. :-(

Thanks for your help,

James
Click to expand...

James,

OK, I think you're getting the picture. The Select Users or Groups applet is
more applicable to domain membership, and not really relevant if you're using
Simple File Sharing.

With SFS, you're limited to Guest access. If you want anything more, you should
upgrade the desktop to XP Pro, and enable Advanced File Sharing on both
computers.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
 
Hmm... Well, that leaves me in a bit of a quandary! If the Select Users or
Groups applet isn't causing my SFS problem then what is?

I've followed all of your numerous tips from other posts (enabling guest
accounts on both computers/ensuring guest passwords are blank etc.) but I'm
still not getting anywhere. I think I can rule out Firewall problems because,
as I mentioned, I only have the Windows Firewall on both computers and that
doesn't make any difference if it is enabled or disabled. Could this problem
be caused by registry/system files being corrupted? It was working
previously, and then stopped working without my changing any network settings.

Correct me if I'm wrong, but I'm thinking the problem is with the laptop,
rather than the desktop but I don't have a clue what could've stopped it from
working. I hadn't installed any new software when it stopped working or
anything like that. I'm seriously contemplating re-installing all of Windows!

Cheers,

James
Click to expand...

James,

What is your original problem? I got kind of distracted by your LSP problem.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
 
Hmm... Well, that leaves me in a bit of a quandary! If the Select Users or
Groups applet isn't causing my SFS problem then what is?

I've followed all of your numerous tips from other posts (enabling guest
accounts on both computers/ensuring guest passwords are blank etc.) but I'm
still not getting anywhere. I think I can rule out Firewall problems because,
as I mentioned, I only have the Windows Firewall on both computers and that
doesn't make any difference if it is enabled or disabled. Could this problem
be caused by registry/system files being corrupted? It was working
previously, and then stopped working without my changing any network settings.

Correct me if I'm wrong, but I'm thinking the problem is with the laptop,
rather than the desktop but I don't have a clue what could've stopped it from
working. I hadn't installed any new software when it stopped working or
anything like that. I'm seriously contemplating re-installing all of Windows!

Cheers,

James
Click to expand...

James,

Are you talking about the "System Error 5 has occurred" from net view attempts
against the laptop? Look at registry key
[HKLM\System\CurrentControlSet\Control\Lsa], value restrictanonymous.
<http://www.microsoft.com/windows200...2000/techinfo/reskit/en-us/regentry/46688.asp>
<http://www.jsifaq.com/subf/tip2600/rh2625.htm>
http://support.microsoft.com/?id=246261
http://support.microsoft.com/?id=296403

The above articles refer to Windows 2000. Remember Win2K is NT V5.0, and WinXP
is NT V5.1.

Have you used the Registry Editor before? If not, it's a scary tool, but it's
pretty simple once you get used to it. Here are a couple articles that might
help:
<http://www.microsoft.com/windowsxp/...home/using/productdoc/en/tools_regeditors.asp>
<http://www.annoyances.org/exec/show/registry>

Just remember to backup the key (create a registry patch) for
[HKLM\System\CurrentControlSet\Control\Lsa] before making any changes, if
appropriate.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
 
James,

Are you talking about the "System Error 5 has occurred" from net view attempts
against the laptop? Look at registry key
[HKLM\System\CurrentControlSet\Control\Lsa], value restrictanonymous.
Click to expand...

Yep, that's the error I'm talking about. I've already looked at that
particular registry key and it is currently set to 1. I tried changing it to
0 but that made no difference.

I think that you got about this far when helping someone else (the 'Network
- one computer cant access files in the other' thread), but then the thread
stopped before you could impart any more tips (I presume he got it working at
this point!) What's the next thing on the checklist? :-)

Cheers,

James
Click to expand...

James,

There's no checklist. I haven't encountered a case here that was identical to
any other case - many cases have similar symptoms, and many have similar
resolution, but there's not to date been enough homogeneity to warrant a
checklist IMHO. I do copy and paste sometimes, but even that I religiously edit
word by word. ;)

Anyway, the other case, which was Broooz aka Bruce, ended successfully setting
RA to 0. So I gotta wonder why yours didn't. How long did you leave it set to
0? Did you reboot the computer? Remember the browser has built in latency,
prompting one well known and respected (I won't name names) helper here to
frequently advise folks to forget about Network Neighborhood, and just map
shares manually as \\Server\Share.

OK, this is SFS on both computers, but it's XP Home on the client (desktop) and
XP Pro on the server (laptop). Right so far?

BTW, using AFS is not so difficult - you get AFS when you disable SFS. You do
have to setup shares and configure them just a bit but otherwise it's not
complicated. OTOH, if you have XP Home on one computer, you won't gain that
much, you'll still be stuck with SFS when accessing the desktop.

Anyway, let's continue. Set RA to 0 on both computers first. Next, check your
Local Security Policy on the laptop, and look at "Deny access to this computer
from the network". Make sure Guest is not in the list. Look at "Access this
computer from the network", and make sure that Everyone is in this list.

Make sure that the Guest account is enabled, on each computer. Enable Guest,
with Start - Run - "cmd", then type "net user guest /active:yes" in the command
window. Ensure that the password for Guest is blank, with Start - Run -
"control userpasswords2"; select Guest, click Reset Password, click OK without
entering a new password.

Next, check for a browser conflict between the computers. I"m not talking about
Internet Explorer here. The browser is the program that allows any computer to
see any other computer on the LAN.

Make sure the browser service is running on only one (your choice) of the
computers. Control Panel - Administrative Tools - Services. Verify that the
Computer Browser, and the TCP/IP NetBIOS Helper, services both show with Status
= Started. Disable the browser service (only) on the other computer.

After checking / disabling / enabling as above, power both computers off to
reset the browser settings on each. Once both computers have been powered off,
power them back on.

The Microsoft Browstat program will show us what browsers (I'm not talking about
Internet Explorer here) you have in your domain / workgroup, at any time.
http://support.microsoft.com/?id=188305

You can download Browstat from either:
<http://www.dynawell.com/reskit/microsoft/win2000/browstat.zip>
<http://rescomp.stanford.edu/staff/manual/rcc/tools/browstat.zip>

Browstat is very small (40K), and needs no install. Just unzip the downloaded
file, copy browstat.exe to any folder in the Path, and run it from a command
window, by "browstat status". Make sure all computers list the same master
browser.
For more information about the browser subsystem (very intricate), see:
http://support.microsoft.com/?id=188001
http://support.microsoft.com/?id=188305
http://support.microsoft.com/?id=231312
<http://www.microsoft.com/technet/prodtechnol/winntas/deploy/prodspecs/ntbrowse.mspx>
<http://www.microsoft.com/technet/archive/win95/w95brows.mspx>

If no help so far, provide ipconfig information for each computer, and we'll try
and diagnose the problem.
Start - Run - "cmd" - Type "ipconfig /all >c:\ipconfig.txt" into the command
window. Open Notepad, make sure that Format - Word Wrap is NOT checked!, open
file c:\ipconfig.txt, copy and paste entire contents into your next post.
Identify operating system (by name, version, and SP level) with each ipconfig
listing.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
 
James,

Are you talking about the "System Error 5 has occurred" from net view attempts
against the laptop? Look at registry key
[HKLM\System\CurrentControlSet\Control\Lsa], value restrictanonymous.
Click to expand...

Yep, that's the error I'm talking about. I've already looked at that
particular registry key and it is currently set to 1. I tried changing it to
0 but that made no difference.

I think that you got about this far when helping someone else (the 'Network
- one computer cant access files in the other' thread), but then the thread
stopped before you could impart any more tips (I presume he got it working at
this point!) What's the next thing on the checklist? :-)
Click to expand...

James,

This just occurred to me - What folders are you getting the "System Error 5 has
occurred" on? Remember you wn't be able to access "C:\Program Files",
"C:\Windows", or "My Documents" (or any profile related folders), because all of
those require access by either the administrator, or by the individual. Guest
won't give you access to any of those.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
 
Before I respond:

Yaay!! <Dances round the room> My network is finally working again! My two
months of frustration and involuntary hair removal are over.

I would just like to thank you for all your help and step by step advice. It
really goes beyond just offering the odd pointer, since you actually took
time out to go through all the problems step-by-step. This is even more
remarkable when you consider that you seem to help a lot of people in this
way. I'd say I owe you a pint, but unless you live in the North-East of
England I think the postage would be prohibitively expensive! :-)

"Chuck" wrote:
Click to expand...

James,

Bugger! You're one of those lucky Brits who has a nearby pub with REAL BEER!
Man would I love to take you up on that. I've been thru NE England, long ago.
Don't expect to return very soon though. :(

So what did you end up doing that worked?

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
 
Before I respond:

Yaay!! <Dances round the room> My network is finally working again! My two
months of frustration and involuntary hair removal are over.

I would just like to thank you for all your help and step by step advice. It
really goes beyond just offering the odd pointer, since you actually took
time out to go through all the problems step-by-step. This is even more
remarkable when you consider that you seem to help a lot of people in this
way. I'd say I owe you a pint, but unless you live in the North-East of
England I think the postage would be prohibitively expensive! :-)

"Chuck" wrote:
Click to expand...

James,

Bugger! You're one of those lucky Brits who has a nearby pub with REAL BEER!
Man would I love to take you up on that. I've been thru NE England, long ago.
Don't expect to return very soon though. :(

Never mind I see your details. You top posted and confused me. Well, it's good
to have that one down. I just wish I could celebrate at the pub, a pint of good
English ale would really hit the spot.

Oh well I'll go to the beach this weekend and celebrate.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
 
Back
Top