• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 311
  • Last Modified:

Win2000 Group Polocies and XP Pro

I have a Windows 2000 network with some WinXP Pro machines.  I am trying to set up group polocies.  I have followed the instructions from MicroSofts website, the ones where you edit the GPO from a Win XP machine.  However when trying to edit the Security Settings under Computer Configuration I get a message that says, "Failed to open IPSec Policy Storage.  The following error occured: The parameter is incorrect. (80070057)"

I can make changes to the policy, but they never take effect.  Any ideas how I can make these changes to my XP Pro machines besides editing each machines local policies?
0
HrdwareGuy
Asked:
HrdwareGuy
  • 7
  • 5
  • 4
  • +2
1 Solution
 
jmiller47Commented:
It would help greatly if you let us know which article you are following.

Is this the one?

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q307900
0
 
HrdwareGuyAuthor Commented:
Sorry about that, yes that is the article.

Do I need to have the GPO created in Win2000, then edit it with XP?
0
 
jmiller47Commented:
My suggestion is that you use a windows XP workstation for Administering you Windows 2000 Server. You will need the Adminpak.msi file installed to give you all the administrative Domain tools. Using Active Directory Users and COmputers, open Group Policy from your XP computer and it will have the same effect as mentioned in the article mentioned earlier.

It would be best for you to have an XP computer to administer things from yourself. You will learn XP better and you can do any Windows 2000 Aminstrative function. If you find one that you can't let me know... I've found a way... :)

You can get the newest version of Adminpak.msi for WINDOWS XP here. Notice it is a Beta still but has worked stable for quite some months now.

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q304718
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LRI41Commented:
I kept the following excerpt from one of the
recent LockerGnome E-zine's

http://www.gnometomes.com/

Even X-Setup may not give us enough control (despite its unrivaled power). Where, then, can we turn? To the operating system. Enter "GPEDIT.MSC" in the Run command field. Now you'll be staring the Group Policy editor straight in the face. From here, you can perform a myriad of tasks. Change password policies for yourself and other users, edit user-specific permissions, control Windows components like Netmeeting, Task Scheduler, and the Windows Messenger. Heck, you can even change IE's Title Bar from here, too! Click User Configuration | Windows Settings | Internet Explorer Maintenance | Browser User Interface | Browser Title. Dude, I'm just scratching the surface here. Check it out for yourself!



0
 
jmiller47Commented:
This only edits the local group policy is is VERY bad to use in a Corporate Environment since it is not centrally managed like AD is...
0
 
HrdwareGuyAuthor Commented:
Jmiller47,

I'll try the new msi tomarrow and let you know how it works.
0
 
jmiller47Commented:
OK, let me know if you have any questions about adapting the article to work using the new MSI. It's easy, you'll just administer GP from AD Users and computers and use the local Administrative Templates. Good Luck!
0
 
GUEENCommented:
Search here for your events: http://www.jsiinc.com/

I just had the same problem (for 3 weeks) - http://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=winntnet&qid=20319780
What I ended up having to do was remove the logs and secedit db out of the security folder. Then I had to create a new db on the server.  I had to do the same on all the workstations and point the sec db back to the server.
then run secedit /refreshpolicy machine_policy /enforce
at the server and run  gpupdate /force from the xp boxes



0
 
HrdwareGuyAuthor Commented:
Jmiller47,

Tried the new adminpak, but still get the same error
0
 
slatebluCommented:
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

- You should try shekerra's suggestion of deleting/recreating the secedit db and then pointing the workstations to the server db. Input from jmiller47 and shekerra appreciated here.

Please leave any comments here within the
next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Warm Regards

SB
0
 
jmiller47Commented:
Are you trying to run GPEDIT.msc? Or are you using Active Directory Users and Computers to manipulate the Active Directory Group Policies on the Domain Controller?

Editing the Local Policies is usually not a good idea as it does not allow you to centrally manage the policies.
0
 
GUEENCommented:
more info: download adminpak http://www.petri.co.il/administer_w2k_ad_from_xp.htm
You also have to have local administrator rights on the XP workstation to install the adminpak.
http://www.jsifaq.com/SUBJ/tip4800/rh4831.htm
0
 
GUEENCommented:
domain policy will override local policy and you can add the domain policy snapin in the mmc to control from an xp workstation (I have had 0 problems with controlling a 2K domain from an XP workstation...)
0
 
jmiller47Commented:
2 other articles with some info:

How to Administer a Windows 2000 Domain from a Windows XP workstation
http://www.pc-pipeline.com/print.php?sid=28

How to add Remote Control features to AD Users and Computers
http://www.pc-pipeline.com/print.php?sid=21
0
 
GUEENCommented:
slateblu here is my comment to your request.
PAQ and give the points to miller - I am going to work in a more collaberative environment.

Ciao~
0
 
jmiller47Commented:
shekerra, I don't undertand. Can you please explain?
0
 
GUEENCommented:
I was answering slateblu's request and asked that the moderator who finalizes this thread give the points to you.
0
 
HrdwareGuyAuthor Commented:
Since posting this question, all servers have been reinstalled and reconfigured.  

Every time I tried to post a comment, I could not.  Sorry for the delay.  Points to jmiller47.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 5
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now