Microsoft KB Archive/936483

= You receive an error message and changes that you make to the default domain policy GPO are not saved to the Gpttmpl.inf file in Windows Server 2003 =

Article ID: 936483

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)

-



SYMPTOMS
When you try to save changes that are made to the default domain Group Policy object (GPO) on a Microsoft Windows Server 2003-based domain controller, you may receive an error message that resembles the following:

An extended error has occurred. Failed to save \\ \Sysvol\ \Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\ \Microsoft\Windows NT\SecEdit\Gpttmpl.inf



CAUSE
This issue may occur because of malicious software activity. This issue may also occur if user rights permissions are incorrectly set in the Gpttmpl.inf file.



RESOLUTION
To resolve this issue, follow these steps:  Log off from the computer. Log on to the computer as a user who has administrative rights. Use antivirus software or the Microsoft Windows Malicious Software Removal Tool. Scan the computer and remove any malicious software that is found. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

890830 The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000

 Modify the Gpttmpl.inf file for the default domain policy. By default, the default domain policy GPO is where user rights are defined for a domain controller. By default, the Gpttmpl.inf file for the default domain policy GPO is located in the following folder:

%SystemRoot%\Sysvol\Sysvol\ \Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\ \Microsoft\Windows NT\SecEdit

To modify the Gpttmpl.inf file, follow these steps:  Click Start, click Run, type %SystemRoot%\Sysvol\Sysvol\ \Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\ \Microsoft\Windows NT\SecEdit, and then click OK. Right-click Gpttmpl.inf, and then click Open. In the Gpttmpl.inf file, look for the following entry:

SeNetworkLogonRight = *S-1-5-32-544, *S-1-1-0

Note The value *S-1-5-32-544 represents the security identifier (SID) for the Administrators group. The value *S-1-1-0 represents the SID for the Everyone group.</li> If you do not find the values that are mentioned in step c, add them to the SeNetworkLogonRight entry.</li> Save the changes that you made to the Gpttmpl.inf file.</li></ol> </li> Restart the computer.</li></ol>

<div class="moreinformation_section">

MORE INFORMATION
For more information, click the following article number to view the article in the Microsoft Knowledge Base:

243330 Well-known security identifiers in Windows operating systems

Keywords: kbtshoot kbexpertiseinter kbprb KB936483

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.