Make a PayPal Donation


  KB 0000123
  Dated 10/11/09
  Revision 0.01
   
Event ID 1202
 
Problem
Event ID 1202
Solution

Security policies are propagated with warning. 0x5 : Access is denied. Please look for more details in Troubleshooting section in Security Help.

Cause:
This error typically occurs when the system has not been granted the correct permissions to update the access control list of a service. This may occur if the Administrator defines permissions for a service in a policy but does not grant the System account Full Control permissions.

 

 

Fix:
1.         Start > run > regedit {enter}
2.         Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F7 9F83A}
3.         Create a new DWORD Value called ExtensionDebugLevel set its value to 2
4.         This creates a winlogon.log file that logs service logon errors.
5.         Refresh the machine policy secedit /refreshpolicy machine_policy /enforce
6.         Start > run > cmd {enter}
7.         Execute the following command find /i "error opening" %SYSTEMROOT%\security\logs\winlogon.log
8.         This will tell you the name of the faulting service (get its name and google it to find out what it is eg IsmServ is the Microsoft Server Intersite Messaging service)
9.         If you only have one policy (default domain policy skip to Step 13
10.       Find out which policy is misconfigured on this service by executing the following command find /i "service" %SYSTEMROOT%\security\templates\policies\gpt*.*"
NB replace service with the service name you discovered in step 7
11.       Take a note of the GUID of the policy
for example for

GPOPath={6AC1786C-016F-11D2-945F-00C04FB984F9}\MACHINE

The GUID is {6AC1786C-016F-11D2-945F-00C04FB984F9}

12.       In the 2K resource kit is a tool called gptool that will list the GUIDS and friendly names of all the policies to execute it "gpotool /verbose" locate the GUID and it will give you the policy name.
13        Start > run > dsa.msc {enter} > Right click domain > properties > group policy
14.       Open the appropriate group policy
15.       Navigate to Computer Configuration\Windows Settings\Security Settings\System Services
16.       Locate the service you identified in step 8 > Right click > Properties > Edit Security
17.       Add the administrators group and SYSTEM and give both Full control > Exit Group Policy Editor
18.       Start > Run > Regedit {enter} Navigate to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\
19.       Below the services Key there is a subkey for every service locate the one for the service you identified in step 8
20.       Expand the appropriate key for the faulting service key and delete the "Security" subkey.
21.       Reboot the server.

 

 

Comments:
References

http://support.microsoft.com/?kbid=28446
http://support.microsoft.com/?id=324383

 

 

 

If this post helped you, PLEASE take the time to +1 it.

Please be aware, all information is provided free, but it does cost me to have this site hosted, if I've helped you in any way, or saved you some time/cost please take time to make a donation.

If you have anything to add to an article, or have an article you would like us to publish please feel free to contact PeteNetLive. (Please be aware I get a LOT of email, I cannot assist and fix everyone's problems, please do not be offended if you do not get a response).
References - Credits - Or External Links
NA

 


powered by
Socialbar