Event ID 1202

KB ID 0000123 


Security policies are propagated with warning. 0x5 : Access is denied. Please look for more details in Troubleshooting section in Security Help.

This error typically occurs when the system has not been granted the correct permissions to update the access control list of a service. This may occur if the Administrator defines permissions for a service in a policy but does not grant the System account Full Control permissions.


1.         Start > run > regedit {enter}

2.         Navigate to HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{827D319E-6EAC-11D2-A4EA-00C04F7 9F83A}

3.         Create a new DWORD Value called ExtensionDebugLevel set its value to 2

4.         This creates a winlogon.log file that logs service logon errors.

5.         Refresh the machine policy secedit /refreshpolicy machine_policy /enforce

6.         Start > run > cmd {enter}

7.         Execute the following command find /i “error opening” %SYSTEMROOT%securitylogswinlogon.log

8.         This will tell you the name of the faulting service (get its name and google it to find out what it is eg IsmServ is the Microsoft Server Intersite Messaging service)

9.         If you only have one policy (default domain policy skip to Step 13

10.       Find out which policy is misconfigured on this service by executing the following command find /i “service” %SYSTEMROOT%securitytemplatespoliciesgpt*.*”

NB replace service with the service name you discovered in step 7

11.       Take a note of the GUID of the policy

for example for


The GUID is {6AC1786C-016F-11D2-945F-00C04FB984F9}

12.       In the 2K resource kit is a tool called gptool that will list the GUIDS and friendly names of all the policies to execute it “gpotool /verbose” locate the GUID and it will give you the policy name.

13        Start > run > dsa.msc {enter} > Right click domain > properties > group policy

14.       Open the appropriate group policy

15.       Navigate to Computer ConfigurationWindows SettingsSecurity SettingsSystem Services

16.       Locate the service you identified in step 8 > Right click > Properties > Edit Security

17.       Add the administrators group and SYSTEM and give both Full control > Exit Group Policy Editor

18.       Start > Run > Regedit {enter} Navigate to HKEY_LOCAL_MACHINESYSTEMControlSetServices

v19.       Below the services Key there is a subkey for every service locate the one for the service you identified in step 8

20.       Expand the appropriate key for the faulting service key and delete the “Security” subkey.

21.       Reboot the server.

Related Articles, References, Credits, or External Links


Author: Migrated

Share This Post On