Windows Server

Al-Amin · Guest

Hi Jenny,
1. The account does not belong to the Remote Operators Group nor the Domain
Power Users Group. Neither Domain Admins nor power Users is in the Remote
Operators group.
2. Administrator, everyone and Authenticated users all have the permission
"access this computer from network"
3. I have run the GP wizard and e-mailed results to you. I have also found a
related error in event view. Please find below.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 11/10/2005
Time: 4:54:51 PM
User: AIPDC\aipdcstor
Computer: AIPDC-SERVER
Description:
Windows cannot query for the list of Group Policy objects. Check the event
log for possible messages previously logged by the policy engine that
describes the reason for this.

4. I logged on to the server box and tried to edit Group Policy and it gave
me the usual error
"An extended error has occurred. Failed to save
\\AIPDC.local\sysvol\AIPDC.local\Policies\{31B2F340-016D-11D2-945F-00C04FB98

5. I disabled the trend anti-virus we use and did a clean boot but the
problem still persisted

I have e-mailed you all the results thanks for the help
--
AIP Admin

""Jenny wu [MSFT]"" wrote:

Jenny wu [MSFT] · Guest

Hi,

Thanks for your update!

Please do as follows to check settings:

1- Verify that the OU GPO has Authenticated Users with Read and Apply Group
Policy.

a. Run command "gpmc.msc" (no quotation marks) to open Group Policy
Management console.
b. Locate Forest servername -> Group Policy Objects, click Default Domain
Controllers Policy
c. Please check if the Authenticated Users list in Security Filter in right
panel. If not, please add it.
d. After please check if these group policy object links to appropriate OU
(still in the Group Policy Management console):

2- Verify that the OU itself has Authenticated Users with Read permissions.

a. Open ADUC (Start -> Administrative Tools -> Active Directory Users and
Computers).
b. Locate server name -> Domain Controllers node, right click your SBS
server in right panel to choose Properties to open Properties page.
c. Under Security tab, please ensure Authenticated Users has Read
permissions.
d. Click Advanced button, under Permissions tab, please ensure Domain Admin
has full control (Allow) permissions.

If not, please verified it and then test to see if how thing goes.

And also I suggest you perform the following check to try to trouble shoot
the issue:

1. Network Binding Order

To correctly configure the network binding order, follow these steps:

A. Right-click My Network Places, and then click Properties.
B. On the Advanced menu, click Advanced Settings.
C. Under Connections, use the up and down arrow buttons to put the
connections in the following order:

Local Area Connection for the internal adapter
Local Area Connection for the external adapter
Remote Access Connections

2. DNS Configuration

Correct DNS configuration is important for the correct functioning of
Active Directory and programs on Small Business Server.

To verify correct DNS configuration, follow these steps:

A. Click Start, point to Programs, point to Administrative Tools, and then
click DNS.
B. Right-click the name of your server, and then click Properties.
C. Click the Forwarders tab, and then click Enable Forwarders. If the IP
addresses provided by your ISP are not listed here, add them by typing the
IP address, and then clicking Add.

3. TCP/IP settings of client computers

A. Right-click My Network Places, and then click Properties.
B. Right-click Local Area Connection for the internal network, and then
click Properties.
C. Click Internet Protocol (TCP/IP), and then click Properties. By default,
the internal IP address of the server with a Class C subnet, 255.255.255.0.
The Default Gateway for this connection must be blank. The IP address for
the Primary DNS server must be the internal IP address of the server and
the Alternate DNS server IP address must be blank.

D. Right-click My Network Places, and then click Properties.
E. Right-click the Local Area Connection for your external adapter, and
then click Properties.
F. Click Internet Protocol (TCP/IP), and then click Properties.
G. Under DNS, click Use the following DNS server. The IP address for the
Primary DNS server must be the IP address of the server, and the Alternate
DNS server IP address must be blank. Do not list your ISP''s DNS servers
here or obtain DNS server IP address automatically.

Restart the SBS server, does the issue still occur?

4. On the XP workstation goes to User Accounts in Control Panel.

Advanced Tab
Manage Passwords
Remove All.
Logged out and back in.

5. Make sure the Distributed File System service is started, and set the
Startup type to Automatic. To do this, use the following steps:

1. Click "Start", point to "Programs", point to "Administrative Tools", and
then click "Services".
2. In "Services", double-click "Distributed File System".
3. On the "General" tab, click "Automatic" next to "Startup type".
4. Under "Service Status", click "Start" if the service is not started.
5. Click "OK", and then close the "Services" window.

Restart the computer in clean boot to see if the issue be fixed.

If the issue still persists, for further trouble shoot the issue we need
more information that is hard handle in newsgroup, I suggest you contact
Microsoft Customer Support Services via telephone so that a dedicated
Support Professional can assist with your request online. Thanks for your
understanding!

To obtain the phone numbers for specific technology request please take a
look at the web site listed below.

http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS

If you are outside the US please see http://support.microsoft.com for
regional support phone numbers.

More information:
887303 Applying Group Policy causes Userenv errors and events to occur on
your
http://support.microsoft.com/?id=887303

839499 You cannot open file shares or Group Policy snap-ins when you
disable
http://support.microsoft.com/?id=839499

I appreciate your time! I am happy to be assistance and look forward to
your test result.

Have a nice day!

Sincerely,

Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

Can't set Local Security policies. They fail to save Goto page Previous 1, 2

	Windows Server Forum Index -> Small Business Server 2003	All times are GMT Goto page Previous 1, 2
Page 2 of 2