I had the same error on a single GPO recently, I managed to get rid of it by backing up the existing one, creating a new one, and importing the settings back into it from the original. After that, the output was fine.
On 1 April 2011 03:01, Sean Martin <seanmarti...@gmail.com> wrote: > They're all wired. > > I think the policy might be a red herring. I finally got a list of servers > they're having problems collecting logs from and they're not all in the > previously mentioned OU and gpresult from the others shows no oddities. I > advised them to engage the deployment engineer from symantec since the > product hasn't even been fully implemented yet. > > I appreciate all of the assistance. > > - Sean > > > > On Mar 31, 2011, at 5:35 PM, Jonathan <ncm...@gmail.com> wrote: > > Just for kicks....are the affected clients wired or wireless. Also, are > other machine policies being applied properly? > > Jonathan A+, MCSA, MCSE > > Thumb-typed from my HTC Droid Incredible (and yes, it really is) on the > Verizon network. Please excuse brevity and any misspellings. > > On Mar 31, 2011 2:24 PM, "Sean Martin" < <seanmarti...@gmail.com> > seanmarti...@gmail.com> wrote: > > Thanks for the advice. > > > > Gpotool indicates the policy is ok. > > > > Gpresult /v results seem ok, but the policy in question displays oddly in > the results. The policy settings are under Computer Configuration/Windows > Settings/Security Settings/Local Policies/Security Options: > > > > "Eventlog: Security descriptor for Application event log" > > > > With additional settings for each log were collecting. The results from > gpresult show the following: > > > > GPO: <policy name> > > Policy: N/A > > ValueName: machine\system\currentcontrolset\services\eventlog\directory > service\customsd > > Computer Setting: <the settings> > > > > What is odd is that the policy is only referenced once, even though it > should configuring up to 6 settings. Also, the policyname shows "N/A". > > > > I tried comparing gpresults to a server where the policy apppears to > apply correctly, but the only one I'm aware of is a domain controller and > the format of the results are completely different. > > > > Please bear with me if I'm not providing enough information. We're > blocking GMail at %work% until we get patch 2524375 deployed, so I'm doing > this from my iPhone. > > > > > > > > > > On Mar 31, 2011, at 9:32 AM, "Free, Bob" < <r...@pge.com>r...@pge.com> > wrote: > > > >> First I would check the overall health of the GPO components with > gpotool including checking the ACL- > >> > >> gpotool /gpo:<GUID od suspect GPO> /checkacl > >> > >> Then I would check it locally on an affected server with grpesult /v to > see what is going on in more detail and also see if you get something better > than "(unknown reason)" > >> > >> I usually do something like gpresult /v >gp.txt & notepad gp.txt > >> > >> -----Original Message----- > >> From: Sean Martin [mailto: <seanmarti...@gmail.com> > seanmarti...@gmail.com] > >> Sent: Thursday, March 31, 2011 10:10 AM > >> To: NT System Admin Issues > >> Subject: GPO Not Applying > >> > >> Windows 2003 AD > >> Windows 2003/2008 member servers > >> > >> I've got a GPO that configures security descriptors on event logs for > Symantec SSIM to do log collection. I have a security group containing the > computer accounts used for security filtering on the GPO. The GPO is linked > to 2 OUs where these computer accounts reside. There's a top level OU with > multiple sub OUs. One of the sub OUs blocks inheritance for other reasons so > the policy is linked directly to that OU. > >> > >> We're having problems collecting logs from computers that reside in the > sub OU. Group Policy is being singled out because RSOP lists the following: > >> > >> <Policy Name> > >> Filtering: Not Applied (Unknown Reason) > >> > >> However, the policy also appears under "Applied Group Policy Objects". I > haven't been able to identify anything that would prevent the GPO from > applying. Other GPOs linked directly to the sub OU apply without issue. The > only difference is the problem GPO uses more granular security filtering, > where the others default to authenticated users. > >> > >> I'm going to create a separate GPO that can be applied to only the sub > OU and not modify security filtering. > >> > >> I'm not entirely convinced this is specifically a GPO problem because > there are other environmental differences that make members of this OU > unique. > >> > >> Anyone have any ideas on the GPO scenario? Does it sound like there's an > issue? > >> > >> > >> > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > >> <<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >> > >> --- > >> To manage subscriptions click here: > <http://lyris.sunbelt-software.com/read/my_forums/> > http://lyris.sunbelt-software.com/read/my_forums/ > >> or send an email to <listmana...@lyris.sunbeltsoftware.com> > listmana...@lyris.sunbeltsoftware.com > >> with the body: unsubscribe ntsysadmin > >> > >> > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >> ~ < <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >> > >> --- > >> To manage subscriptions click here: > <http://lyris.sunbelt-software.com/read/my_forums/> > http://lyris.sunbelt-software.com/read/my_forums/ > >> or send an email to <listmana...@lyris.sunbeltsoftware.com> > listmana...@lyris.sunbeltsoftware.com > >> with the body: unsubscribe ntsysadmin > >> > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ < <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > <http://lyris.sunbelt-software.com/read/my_forums/> > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to <listmana...@lyris.sunbeltsoftware.com> > listmana...@lyris.sunbeltsoftware.com > > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > <http://lyris.sunbelt-software.com/read/my_forums/> > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to <listmana...@lyris.sunbeltsoftware.com> > listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." *IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
