Avatar of jonhagger
 asked on

Group Policy error

Anyone comes across the following error message when trying to view the settings tab on a Group Policy object:

An error occurred while generating report:
An unknown error occurred while the HTML report was being created.

I've tested from the PDC and a few other DC's and get the same error. Other GPO's are displaying fine withing the same Domain!

Couldn't seem to find any known articles from MS.

Operating Systems

Avatar of undefined
Last Comment

8/22/2022 - Mon

Use Gpotool.exe from the resource kit and see if it gives any errors for that GPO.

Restart IIS Services, see if that helps.

Thanks for the update, Ran that from my machine and got the same error for just this GPO. IIS isn't installed on my PC or on the PDC

I dont know if this will help at all but it entails enabling logging to further investigate a problem. Might be worth a look.


I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

if the report runs fine from another machine, then i would update the particular machine with the latest GPMC, OS, and browser updates,

Good Luck,


The first step is to ensure your AD is replicating properly, do this:
Close out the group policy editor and AD Users/Groups.  Replicate your AD domain controllers using AD Sites & Services.  Try to open your AD Users/Groups and check the policy again.

Ensure that the GPO you are trying to edit actually exists on all of your domain controllers.  GPO files replicate using FRS between domain controllers in the sysvol folder.  See this article explaining the location of GPO files. http://support.microsoft.com/kb/228460/

If that doesn't work, tryin running GPO tool again and try it on different domain controllers

I also forgot to mention, check your event log for FRS errors!
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

How very strange! Thanks shekerra.

I have noticed that on my windows XP machine I receive this error, however, when I switch to my vista console which is running the GPO manager with the admx features enabled I'm able to open this report without any errors. If you downloaded this script or received elsewhere be sure its not an admx type script that you can only view and open in Vista's version of GPO manager

When I set the policy to not import Internet Explorer Security Zone and Content Ratings, the report runs fine. Is there a work around?
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes

I have a similar error:
An error occurred while generating report:
Could not load file or assembly 'System, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' or one of its dependencies. The system cannot find the file specified.

Anyone have any ideas ?

Does anyone have a solution for this i've turned the net upside down for resolution and can't find any and what's mentioned thus far in this article hasn't been useful

You should probably open a new question since jonhagger's Q. is closed and he has accepted an answer.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

This worked for me as per accepted solution

If you have a section of the policy that has "import security zones" - switch from 1 to 0 and run report again - this was a little known bug that you can't have both reporting and zone import or the report fails


What exactly do you mean?  Where do we switch from 1 to 0?  I have imported security zone information as part of the Internet Explorer Maintenence section as I need to add some sites to various zones.  I don't understand where switching from 1 to 0 is applicable.

Please advise!  TIA

I have successfully re-produced this symptom on our side with your backup GPO and determined the root cause. The error is caused by an invalid value of level for IE zones in the seczones.inf file that is under %systemroot%\sysvol\domain\Policies\{3F83BF46-F4DE-4CB6-B8D3-63B2C9A16386}\User\microsoft\IEAK\BRANDING\ZONES folder. The file contains the settings in the security zone. Please see the file below:




HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",CurrentLevel,0x10001,00,15,01,00


HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",CurrentLevel,0x10001,00,15,01,00




The 00011500 (read it from right to left) is the invalid value. If we change it to a valid value, the issue is resolved. You can change it to the one of the following valid value:


·         0x00010000 Low Security

·         0x00010500 Medium Low Security

·         0x00011000 Medium Security

·         0x00012000 High Security


For instance, if you want to change it to 0x00010500, you should write 00,05,01,00. For more information about security zones registry entries, please access the following Kb article:


Description of Internet Explorer security zones registry entries



The detailed steps are provided as follows:


1. On your PDC, browse to the folder %systemroot%\sysvol\domain\Policies\{3F83BF46-F4DE-4CB6-B8D3-63B2C9A16386}\User\microsoft\IEAK\BRANDING\ZONES


2. Use Notepad to edit the seczones.inf file.

3. Locate and make sure to modify the following two fines


HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",CurrentLevel,0x10001,00,15,01,00

HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",CurrentLevel,0x10001,00,15,01,00


The correct lines should look like:


HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",CurrentLevel,0x10001,00,05,01,00

HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",CurrentLevel,0x10001,00,05,01,00


4. Save the file. Run the GPMC on PDC to check the issue again.

All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck

My new hero!

Just ran into this. The solution about changing values in the seczones.inf file from patadair is the correct one.

I had a similar problem, but the solution was different. Somehow I had three settings that were defined, but not with any settings.  In my case, it was the three Event Log Retention method settings.  The 'Define Policy Setting' was selected, but none of the three buttons were highlighted.  I suspect something got messed up while building the policy using inf files, etc.  Anyway, once I undefined them, all was well and I could view the settings in GPMC.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Ned Ramsay


Thanks dude! Very useful! Worked a treat!

I tried to go with the patadair recommendations, but my domain has plenty of policies and couldn't locate the one I needed;

This is the best SOLUTION:


If you ever run across the following error in Group Policy Management:
An error occurred while generating report:
 An unknown error occurred while the HTML report was being created.
The follow these steps to fix it.

1. Open the Group Policy Management
 2. Go to the Group Policy Object in question, and confirm you have the issue by selecting the “Settings” tab
 3. At this point, if you have the issue, the left hand side should read the above mention error
 4. Edit the GPO, and browse to User Configuration > Windows Settings > Internet Explorer Maintenance > Security > Security Zones and Content Ratings
 5. Change the setting from “Import the current security zones and privacy settings” to “Do not customize security zones and privacy”, then exit out of the GPO editor
 6. Close Group Policy Management MMC, then reopen it
 7. Go back to the GPO in question and click the “Settings” tab
This time your GPO Settings Report should run properly.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! VERY IMPORTANT !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
      After you are done with exporting that report, make sure you UNDO the above changes - otherwise, you won't be able to deploy trusted IE websites, intranet IE websites to users
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! VERY IMPORTANT !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Source: Source:  http://blogs.egroup-us.com/?p=1833: