Truncated AD logon banner

H

highroller152

I am in a mixed Windows Server 2000/2003 Server AD setting. I have the
Comp Config/Win Settings/Security Settings/Local Policies/Security
Options/Interactive Logon/Msg. Title and Msg. Text GPO settings
enabled for a legal disclaimer. The problem that I am running into is
that my message is a grand total of 1,112 characters (with spaces). I
am getting truncated at 511. I was only able to find <a
href="http://groups.google.com/groups?hl=...c3730a%2407950620%24a101280a%40phx.gbl&rnum=1">this
post</a> describing out a resolution. Everything else that I was able
to find references WinNT. I tried writing a custom ADM file with both
of the MAXLEN settings in the Login_Policies construct set to 2048 but
began receiving errors from the DC.
Custom.adm error in line 1
Error 51 Unexpected Keyword
Found: #if
Expected: CLASS, CATEGORY, [strings]
File not loaded
I am pursuing <a href="http://support.microsoft.com/?id=842933">this
MS article</a> and <a
href="http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q225087">this
MS article</a>.
For now, I am completely lost. Does anyone know where to go from here?
Thanks in advance.
 
H

highroller152

I am in a mixed Windows Server 2000/2003 Server AD setting. I have the
Comp Config/Win Settings/Security Settings/Local Policies/Security
Options/Interactive Logon/Msg. Title and Msg. Text GPO settings
enabled for a legal disclaimer. The problem that I am running into is
that my message is a grand total of 1,112 characters (with spaces). I
am getting truncated at 511. I was only able to find >"http://groups.google.com/groups?hl=...c3730a%2407950620%24a101280a%40phx.gbl&rnum=1"
describing out a resolution. Everything else that I was able
to find references WinNT. I tried writing a custom ADM file with both
of the MAXLEN settings in the Login_Policies construct set to 2048 but
began receiving errors from the DC.
Custom.adm error in line 1
Error 51 Unexpected Keyword
Found: #if
Expected: CLASS, CATEGORY, [strings]
File not loaded
I am pursuing "http://support.microsoft.com/?id=842933" and >"http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q225087"
For now, I am completely lost. Does anyone know where to go from here?
Thanks in advance.
Click to expand...


Follow-up: Error is fixed with the following adm file content. The
2048 MAXLEN setting did nothing to fix the truncation. Please help:

CLASS MACHINE

CATEGORY !!Login_Policies

POLICY !!LogonBanner

KEYNAME "Software\Microsoft\Windows
NT\CurrentVersion\Winlogon"

PART !!LogonBanner_Caption

EDITTEXT
VALUENAME "LegalNoticeCaption"
MAXLEN 2048
DEFAULT !!LogonBanner_DefCaption
END PART

PART !!LogonBanner_Text

EDITTEXT
VALUENAME "LegalNoticeText"
MAXLEN 2048
DEFAULT !!LogonBanner_DefText
END PART

END POLICY

END CATEGORY

[strings]
Login_Policies="Logon"
LogonBanner="Logon banner"
LogonBanner_Caption="Caption"
LogonBanner_Text="Text"
LogonBanner_DefCaption="Important Notice:"
LogonBanner_DefText="Do not attempt to log on unless you are an
authorized user."
 
H

highroller152

I am in a mixed Windows Server 2000/2003 Server AD setting. I have the
Comp Config/Win Settings/Security Settings/Local Policies/Security
Options/Interactive Logon/Msg. Title and Msg. Text GPO settings
enabled for a legal disclaimer. The problem that I am running into is
that my message is a grand total of 1,112 characters (with spaces). I
am getting truncated at 511. I was only able to find
<a href="http://groups.google.com/groups?hl=...c3730a%2407950620%24a101280a%40phx.gbl&rnum=1" /a>
describing out a resolution. Everything else that I was able
to find references WinNT. I tried writing a custom ADM file with both
of the MAXLEN settings in the Login_Policies construct set to 2048 but
began receiving errors from the DC.
Custom.adm error in line 1
Error 51 Unexpected Keyword
Found: #if
Expected: CLASS, CATEGORY, [strings]
File not loaded
I am pursuing <a href="http://support.microsoft.com/?id=842933" /a> and
<a href="http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q225087" /a>
For now, I am completely lost. Does anyone know where to go from here?
Thanks in advance.
Click to expand...


Follow-up: Error is fixed with the following adm file content. The
2048 MAXLEN setting did nothing to fix the truncation. Please help:

CLASS MACHINE

CATEGORY !!Login_Policies

POLICY !!LogonBanner

KEYNAME "Software\Microsoft\Windows
NT\CurrentVersion\Winlogon"

PART !!LogonBanner_Caption

EDITTEXT
VALUENAME "LegalNoticeCaption"
MAXLEN 2048
DEFAULT !!LogonBanner_DefCaption
END PART

PART !!LogonBanner_Text

EDITTEXT
VALUENAME "LegalNoticeText"
MAXLEN 2048
DEFAULT !!LogonBanner_DefText
END PART

END POLICY

END CATEGORY

[strings]
Login_Policies="Logon"
LogonBanner="Logon banner"
LogonBanner_Caption="Caption"
LogonBanner_Text="Text"
LogonBanner_DefCaption="Important Notice:"
LogonBanner_DefText="Do not attempt to log on unless you are an
authorized user."
 
H

highroller152

I am in a mixed Windows Server 2000/2003 Server AD setting. I have the
Comp Config/Win Settings/Security Settings/Local Policies/Security
Options/Interactive Logon/Msg. Title and Msg. Text GPO settings
enabled for a legal disclaimer. The problem that I am running into is
that my message is a grand total of 1,112 characters (with spaces). I
am getting truncated at 511. I was only able to find
<a href="http://groups.google.com/groups?hl=...c3730a%2407950620%24a101280a%40phx.gbl&rnum=1" /a>
describing out a resolution. Everything else that I was able
to find references WinNT. I tried writing a custom ADM file with both
of the MAXLEN settings in the Login_Policies construct set to 2048 but
began receiving errors from the DC.
Custom.adm error in line 1
Error 51 Unexpected Keyword
Found: #if
Expected: CLASS, CATEGORY, [strings]
File not loaded
I am pursuing <a href="http://support.microsoft.com/?id=842933" /a> and
<a href="http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q225087" /a>
For now, I am completely lost. Does anyone know where to go from here?
Thanks in advance.
Click to expand...


Follow-up: Error is fixed with the following adm file content. The
2048 MAXLEN setting did nothing to fix the truncation. Please help:

CLASS MACHINE

CATEGORY !!Login_Policies

POLICY !!LogonBanner

KEYNAME "Software\Microsoft\Windows
NT\CurrentVersion\Winlogon"

PART !!LogonBanner_Caption

EDITTEXT
VALUENAME "LegalNoticeCaption"
MAXLEN 2048
DEFAULT !!LogonBanner_DefCaption
END PART

PART !!LogonBanner_Text

EDITTEXT
VALUENAME "LegalNoticeText"
MAXLEN 2048
DEFAULT !!LogonBanner_DefText
END PART

END POLICY

END CATEGORY

[strings]
Login_Policies="Logon"
LogonBanner="Logon banner"
LogonBanner_Caption="Caption"
LogonBanner_Text="Text"
LogonBanner_DefCaption="Important Notice:"
LogonBanner_DefText="Do not attempt to log on unless you are an
authorized user."
Click to expand...


Follow up #2: Situation is fixed. Here was the resolution (to try to
help someone else out there):

I was modifying the AD templates on a Win XP SP2 machine with the new
(sp1) group policy manager snapin
(http://www.microsoft.com/windowsserver2003/gpmc/default.mspx). Our
DCs are mixed Win2k and Win2k3. Apparently, when you open the GP
template with the new GPM snap-in that is accessed by a Win2k server,
the template gets updated and the old managers cannot fully read the
new template. There is a hotfix to resolve this:
http://support.microsoft.com/?id=842933
Here is more on upgrading the administrative templates:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/upgradetemplate.mspx
I then opened the template from the Win2k server DC and edited from
that machine. I followed the suggested format in this post:
http://groups.google.com/groups?hl=...c3730a%2407950620%24a101280a%40phx.gbl&rnum=1

After all the searching that I did (thankfully, it was all out there,
I just had to dig) I thought that I would put up a few of the sites
that I found to create a logon banner.
Creating Login Banners from CIAC:
http://www.ciac.org/ciac/bulletins/j-043.shtml
Win2k clients do not display banners created in Win2k3 server
templates: http://support.microsoft.com/?kbid=823146
These links were helpful for reference:
WinITPro Article: http://www.winnetmag.com/WindowsSecurity/Article/ArticleID/23074/23074.html
Creating custom .ADM files:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q225087
 
H

highroller152

Just adding a few words to help with those searching:
log in log-in log-on legal notice caption splash screen
 
D

Dan

Our W2K3 domain GPO includes legal text and it is suddenly not displaying
correctly. Getting truncated and carriage returns where commas are, etc.
Why does it happen and how is it resolved?
 
M

mynospam

Joined
Sep 13, 2007
Messages
1
Reaction score
0
After may hours of troubleshooting. we had a situation where the 512 character was a semi-colon. We thought it was based on the 2000 limitation but really the ; is a special character. A semi-colon basically means EOF in the banner, and comma can mean carriage return. To use a semi-colon in the text, you must encapsulate it with quotes (";").
I guess Microsoft never though anyone would use a ; or , in text; go figure. I guess they figured we'd use ^ and ~ more in our legal notices.
 
Top