Solved

Win2000 Group Polocies and XP Pro

Posted on 2002-07-10
18
292 Views
Last Modified: 2013-11-14
I have a Windows 2000 network with some WinXP Pro machines.  I am trying to set up group polocies.  I have followed the instructions from MicroSofts website, the ones where you edit the GPO from a Win XP machine.  However when trying to edit the Security Settings under Computer Configuration I get a message that says, "Failed to open IPSec Policy Storage.  The following error occured: The parameter is incorrect. (80070057)"

I can make changes to the policy, but they never take effect.  Any ideas how I can make these changes to my XP Pro machines besides editing each machines local policies?
0
Comment
Question by:HrdwareGuy
  • 7
  • 5
  • 4
  • +2
18 Comments
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
It would help greatly if you let us know which article you are following.

Is this the one?

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q307900
0
 

Author Comment

by:HrdwareGuy
Comment Utility
Sorry about that, yes that is the article.

Do I need to have the GPO created in Win2000, then edit it with XP?
0
 
LVL 7

Accepted Solution

by:
jmiller47 earned 100 total points
Comment Utility
My suggestion is that you use a windows XP workstation for Administering you Windows 2000 Server. You will need the Adminpak.msi file installed to give you all the administrative Domain tools. Using Active Directory Users and COmputers, open Group Policy from your XP computer and it will have the same effect as mentioned in the article mentioned earlier.

It would be best for you to have an XP computer to administer things from yourself. You will learn XP better and you can do any Windows 2000 Aminstrative function. If you find one that you can't let me know... I've found a way... :)

You can get the newest version of Adminpak.msi for WINDOWS XP here. Notice it is a Beta still but has worked stable for quite some months now.

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q304718
0
 
LVL 10

Expert Comment

by:LRI41
Comment Utility
I kept the following excerpt from one of the
recent LockerGnome E-zine's

http://www.gnometomes.com/

Even X-Setup may not give us enough control (despite its unrivaled power). Where, then, can we turn? To the operating system. Enter "GPEDIT.MSC" in the Run command field. Now you'll be staring the Group Policy editor straight in the face. From here, you can perform a myriad of tasks. Change password policies for yourself and other users, edit user-specific permissions, control Windows components like Netmeeting, Task Scheduler, and the Windows Messenger. Heck, you can even change IE's Title Bar from here, too! Click User Configuration | Windows Settings | Internet Explorer Maintenance | Browser User Interface | Browser Title. Dude, I'm just scratching the surface here. Check it out for yourself!



0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
This only edits the local group policy is is VERY bad to use in a Corporate Environment since it is not centrally managed like AD is...
0
 

Author Comment

by:HrdwareGuy
Comment Utility
Jmiller47,

I'll try the new msi tomarrow and let you know how it works.
0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
OK, let me know if you have any questions about adapting the article to work using the new MSI. It's easy, you'll just administer GP from AD Users and computers and use the local Administrative Templates. Good Luck!
0
 
LVL 16

Expert Comment

by:GUEEN
Comment Utility
Search here for your events: http://www.jsiinc.com/

I just had the same problem (for 3 weeks) - http://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=winntnet&qid=20319780
What I ended up having to do was remove the logs and secedit db out of the security folder. Then I had to create a new db on the server.  I had to do the same on all the workstations and point the sec db back to the server.
then run secedit /refreshpolicy machine_policy /enforce
at the server and run  gpupdate /force from the xp boxes



0
 

Author Comment

by:HrdwareGuy
Comment Utility
Jmiller47,

Tried the new adminpak, but still get the same error
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Expert Comment

by:slateblu
Comment Utility
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

- You should try shekerra's suggestion of deleting/recreating the secedit db and then pointing the workstations to the server db. Input from jmiller47 and shekerra appreciated here.

Please leave any comments here within the
next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Warm Regards

SB
0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
Are you trying to run GPEDIT.msc? Or are you using Active Directory Users and Computers to manipulate the Active Directory Group Policies on the Domain Controller?

Editing the Local Policies is usually not a good idea as it does not allow you to centrally manage the policies.
0
 
LVL 16

Expert Comment

by:GUEEN
Comment Utility
more info: download adminpak http://www.petri.co.il/administer_w2k_ad_from_xp.htm
You also have to have local administrator rights on the XP workstation to install the adminpak.
http://www.jsifaq.com/SUBJ/tip4800/rh4831.htm
0
 
LVL 16

Expert Comment

by:GUEEN
Comment Utility
domain policy will override local policy and you can add the domain policy snapin in the mmc to control from an xp workstation (I have had 0 problems with controlling a 2K domain from an XP workstation...)
0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
2 other articles with some info:

How to Administer a Windows 2000 Domain from a Windows XP workstation
http://www.pc-pipeline.com/print.php?sid=28

How to add Remote Control features to AD Users and Computers
http://www.pc-pipeline.com/print.php?sid=21
0
 
LVL 16

Expert Comment

by:GUEEN
Comment Utility
slateblu here is my comment to your request.
PAQ and give the points to miller - I am going to work in a more collaberative environment.

Ciao~
0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
shekerra, I don't undertand. Can you please explain?
0
 
LVL 16

Expert Comment

by:GUEEN
Comment Utility
I was answering slateblu's request and asked that the moderator who finalizes this thread give the points to you.
0
 

Author Comment

by:HrdwareGuy
Comment Utility
Since posting this question, all servers have been reinstalled and reconfigured.  

Every time I tried to post a comment, I could not.  Sorry for the delay.  Points to jmiller47.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now