Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Win2000 Group Polocies and XP Pro

Posted on 2002-07-10
18
Medium Priority
?
304 Views
Last Modified: 2013-11-14
I have a Windows 2000 network with some WinXP Pro machines.  I am trying to set up group polocies.  I have followed the instructions from MicroSofts website, the ones where you edit the GPO from a Win XP machine.  However when trying to edit the Security Settings under Computer Configuration I get a message that says, "Failed to open IPSec Policy Storage.  The following error occured: The parameter is incorrect. (80070057)"

I can make changes to the policy, but they never take effect.  Any ideas how I can make these changes to my XP Pro machines besides editing each machines local policies?
0
Comment
Question by:HrdwareGuy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 4
  • +2
18 Comments
 
LVL 7

Expert Comment

by:jmiller47
ID: 7144499
It would help greatly if you let us know which article you are following.

Is this the one?

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q307900
0
 

Author Comment

by:HrdwareGuy
ID: 7144557
Sorry about that, yes that is the article.

Do I need to have the GPO created in Win2000, then edit it with XP?
0
 
LVL 7

Accepted Solution

by:
jmiller47 earned 300 total points
ID: 7144574
My suggestion is that you use a windows XP workstation for Administering you Windows 2000 Server. You will need the Adminpak.msi file installed to give you all the administrative Domain tools. Using Active Directory Users and COmputers, open Group Policy from your XP computer and it will have the same effect as mentioned in the article mentioned earlier.

It would be best for you to have an XP computer to administer things from yourself. You will learn XP better and you can do any Windows 2000 Aminstrative function. If you find one that you can't let me know... I've found a way... :)

You can get the newest version of Adminpak.msi for WINDOWS XP here. Notice it is a Beta still but has worked stable for quite some months now.

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q304718
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 10

Expert Comment

by:LRI41
ID: 7144610
I kept the following excerpt from one of the
recent LockerGnome E-zine's

http://www.gnometomes.com/

Even X-Setup may not give us enough control (despite its unrivaled power). Where, then, can we turn? To the operating system. Enter "GPEDIT.MSC" in the Run command field. Now you'll be staring the Group Policy editor straight in the face. From here, you can perform a myriad of tasks. Change password policies for yourself and other users, edit user-specific permissions, control Windows components like Netmeeting, Task Scheduler, and the Windows Messenger. Heck, you can even change IE's Title Bar from here, too! Click User Configuration | Windows Settings | Internet Explorer Maintenance | Browser User Interface | Browser Title. Dude, I'm just scratching the surface here. Check it out for yourself!



0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7144659
This only edits the local group policy is is VERY bad to use in a Corporate Environment since it is not centrally managed like AD is...
0
 

Author Comment

by:HrdwareGuy
ID: 7144692
Jmiller47,

I'll try the new msi tomarrow and let you know how it works.
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7144815
OK, let me know if you have any questions about adapting the article to work using the new MSI. It's easy, you'll just administer GP from AD Users and computers and use the local Administrative Templates. Good Luck!
0
 
LVL 16

Expert Comment

by:GUEEN
ID: 7145249
Search here for your events: http://www.jsiinc.com/

I just had the same problem (for 3 weeks) - http://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=winntnet&qid=20319780
What I ended up having to do was remove the logs and secedit db out of the security folder. Then I had to create a new db on the server.  I had to do the same on all the workstations and point the sec db back to the server.
then run secedit /refreshpolicy machine_policy /enforce
at the server and run  gpupdate /force from the xp boxes



0
 

Author Comment

by:HrdwareGuy
ID: 7146272
Jmiller47,

Tried the new adminpak, but still get the same error
0
 

Expert Comment

by:slateblu
ID: 7864151
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

- You should try shekerra's suggestion of deleting/recreating the secedit db and then pointing the workstations to the server db. Input from jmiller47 and shekerra appreciated here.

Please leave any comments here within the
next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Warm Regards

SB
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7864722
Are you trying to run GPEDIT.msc? Or are you using Active Directory Users and Computers to manipulate the Active Directory Group Policies on the Domain Controller?

Editing the Local Policies is usually not a good idea as it does not allow you to centrally manage the policies.
0
 
LVL 16

Expert Comment

by:GUEEN
ID: 7865016
more info: download adminpak http://www.petri.co.il/administer_w2k_ad_from_xp.htm
You also have to have local administrator rights on the XP workstation to install the adminpak.
http://www.jsifaq.com/SUBJ/tip4800/rh4831.htm
0
 
LVL 16

Expert Comment

by:GUEEN
ID: 7865050
domain policy will override local policy and you can add the domain policy snapin in the mmc to control from an xp workstation (I have had 0 problems with controlling a 2K domain from an XP workstation...)
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7865163
2 other articles with some info:

How to Administer a Windows 2000 Domain from a Windows XP workstation
http://www.pc-pipeline.com/print.php?sid=28

How to add Remote Control features to AD Users and Computers
http://www.pc-pipeline.com/print.php?sid=21
0
 
LVL 16

Expert Comment

by:GUEEN
ID: 7865183
slateblu here is my comment to your request.
PAQ and give the points to miller - I am going to work in a more collaberative environment.

Ciao~
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7865224
shekerra, I don't undertand. Can you please explain?
0
 
LVL 16

Expert Comment

by:GUEEN
ID: 7865236
I was answering slateblu's request and asked that the moderator who finalizes this thread give the points to you.
0
 

Author Comment

by:HrdwareGuy
ID: 7895808
Since posting this question, all servers have been reinstalled and reconfigured.  

Every time I tried to post a comment, I could not.  Sorry for the delay.  Points to jmiller47.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been scripting applications way too long and can never remember how to create an ISS file.  So I decided to write this article to act as my own knowledge base for future reference, and hope you will also benefit. An ISS file is a response …
Create a Windows 10 custom Image with custom task bar and custom start menu using XML for deployment.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question