SceCli Event ID 1704 security policy questions


Michael W. Lurie

Since installing SP4 for my personal Windows 2000 server, I get a regular
message (plus one on bootup) that shows up in Event Viewer -> Application
Log at an apparently random, approximately daily interval - as follows:

Event Type: Information
Event Source: SceCli
Event Category: None
Event ID: 1704
Date: 08/21/2003
Time: 23:34:02
User: N/A
Computer: OFFICE
Security policy in the Group policy objects are applied successfully.

This machine is not a domain controller, not configured for DNS, and I am
not sure a.) WHY Security policy is being applied at all, b.) why this only
started appearing with SP4, and c.) how to shut it off. Looking for clues
on Usenet, it appears I'm not the first to notice this - but no answers to
the above questions have been offered. I have pored through the Local
Computer Policy settings so far to no avail...

As an addendum to this query: is there any simple, straightforward, or any
other way at all to display - in a list-type format - which security policy
setting are (and/or are not) in place on a given Windows 2000 server?
Thanks very much in advance for any illumination which may be provided. :)

Eric Fleischman [MSFT]

Hey Michael.
Here are some answers, let's see if they give you what you need:
a.) WHY Security policy is being applied at all
All machines in a 2000 domain have security policy being applied. Even if
they are blank, technically, that is still an application of a security
policy. Check out the default domain and default domain controllers policy.
I assume this machine is in a 2000 domain?
By default you'll see the default domain controllers policy has all sorts of
goodies in there. Be careful when changing them (if you do), but that's
security policy.
You noted this isn't a DC, so out of this box the machine will have two
security policies: default domain policy, and the local security policy.
b.) why this only started appearing with SP4
Couldn't tell you that.
A few thoughts.....sometimes we don't notice events until we change
something, then we look for errors and find stuff that was there already.
Sometimes service pack's increase our logging level. I'm not aware of this
SP doing that, but I'm not going to swear it didn't either.
If it helps, I get this on my machines when policy applies as well. (by
default in my environment, roughly every 8 hours).
c.) how to shut it off
Well, this is informational, so I don't see much of a reason to sweat it to
be honest with you. It's telling you life is good, not that you have
anything to worry about.
As an addendum to this query: is there any simple, straightforward, or any
other way at all to display - in a list-type format - which security policy
setting are (and/or are not) in place on a given Windows 2000 server?

On a 2000 machine you've got a few tools at your disposal:
1) gpedit.msc on the machine will show effective policy and local policy
(effective column would give you what you're looking for)
2) gpresult - support tool if memory serves me correctly. Use the /v switch
on it to get the real goodies.

When on an XP/2003 machine you also have:
1) rsop.msc
2) GPMC (GPMC can run against a 2000 environment though, so you could check
out the effective settings of a 2000 machine from an XP/2003 machine using
the GPMC modeling functionality)

Hope this helps.

Nick Finco [MSFT]

That event will appear on any domain member or domain controller that
receives security policy through group policy. By default, on DCs it will
appear every 5 minutes and on domain members every 16 hours. It can't be
turned off.

Look at the Local Security Policy. It will tell you what is set for your
system and what the effective policy currently is. You can also call
"secedit /export /mergedpolicy /cfg securitytemplate.inf" to retrieve a
security template which reflects what settings came to your machine from
group policy.


Don Ferguson\(Microsoft\)

Hello Michael,
What you see is default behavior for Windows 2000. This was not introduced
in Service Pack 4.

The default refresh rate in your situation is about every 16 hours for a
refresh to occur if no changes are made to the policy.

To modify this, you can modify the registry. Here are 2 articles that will
give you more information.;EN-US;203607;EN-US;277543

A good way to get a list of policies applied to a Windows 2000 server is to
use the new Group Policy management console.
Even though the console will not run on Windows 2000 , it can be run on a
Windows XP computer in a Windows 2000 domain.

Here is an FAQ that will answer a lot of questions.

I hope the above helps you out.

Don Ferguson
Microsoft EPS Directory Services Team
(e-mail address removed)

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question