Microsoft KB Archive/310741

= Group Policy Is Not Applied and You Receive No Error Message =

Article ID: 310741

Article Last Modified on 3/1/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q310741



SYMPTOMS
When you change a security setting in the machine Group Policy, the change is not applied to target computers. For example, user rights do not work.

You receive no error message or other warning in any of the troubleshooting tools.



CAUSE
This behavior occurs because the Gpttmpl.inf Group Policy template from the Group Policy directories on SYSVOL is copied to the following location

%windir%\Security\Templates\Policies

and then applied to the local security database from there.

The file names in this directory are Gpt .inf and Gpt .dom, where  is a number starting from 00000.

After the policy is applied, this temporary file is deleted. If this operation is unsuccessful (for example, because the file is in use by a virus scanner or the read-only flag is set), the policy engine may enter a mode where it does not correctly manage these temporary files, and therefore the application of Group Policy is broken.



RESOLUTION
To resolve this issue, delete all the files in %windir%\Security\Templates\Policies folder except Tmpgptfl.inf, and then make sure that the read-only attribute is cleared for this file.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.



MORE INFORMATION
Currently, Microsoft can reproduce this issue only when the local files have the read-only attribute set. When the files are in use (for example, a program has them open), the behavior is different. In this case, you receive the following event log entries.

When the files Gpt.inf and Gpt .dom are in use:

Event Type: Warning

Event Source: SceCli

Event Category: None

Event ID: 1202

Date: 08.04.2002

Time: 16:05:02

User: N/A

Computer:

Description:

Security policies are propagated with warning. 0x5 : Access is denied. Please look for more details in Troubleshooting section in Security Help.

When Tmpgptfl.inf is in use:

Event Type: Error

Event Source: SceCli

Event Category: None

Event ID: 1001

Date: 08.04.2002

Time: 16:15:18

User: N/A

Computer:

Description:

Security policy cannot be propagated. Cannot access the template. Error code = 32.

\\ \sysvol\ \Policies\ \Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.

When there is a summary error, which may also be logged with a status code of 32:

Event Type: Error

Event Source: Userenv

Event Category: None

Event ID: 1000

Date: 08.04.2002

Time: 16:05:02

User: NT AUTHORITY\SYSTEM

Computer:

Description:

The Group Policy client-side extension Security was passed flags (145) and returned a failure status code of (5).

Keywords: kbenv kbprb KB310741

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.