Group Policy Error: the file.. not a valid format

Posted on 2007-04-10
Last Modified: 2011-10-03
Hello Experts. Here’s a doosey
I have a Group Policy in which I cannot access via Group Policy Management.
when I attempt to edit the GP in question, I get an error message saying "Failed to open the group policy Object.  you may not have the appropriate rights.... Details: Unspecified Error"
After examining the Group Policy Management (admin tools) I noticed under the [Settings] tab of the problematic GP that under User configuration/administrative templates/   there is a message indicating:

An Error has occurred while collecting data for Administrative Templates

The following errors were encountered:
The file "\\\SysVol\\Policies\{99A9DE20-358D-49EC-8576-65E91777ECCB}\User\registry.pol" is not in a valid format.
The file might be corrupt.
Use Group Policy Object Editor to reconfigure the settings in this extension.

I anticipate the problem stemmed from my attempting to do a GP modification.. the MMC hung up, so I quit the app. After which the problems started happening.
I googled the problem and found some information that indicated looking at ADSIEDIT.MSC path of <doman>/CN=system,CN=Policies    but I cannot tell where the error is coming from. I suspect (not that I know anything regarding) that the registry.pol file is the problem. If this is the case, can it be repaired w/out having to reconfigure my Group Policy all over again? This GP is not a default domain policy. It s is for particular OU located under Domain/Users in AD.

Infrast:   Workstations: WinXP,sp2      PDC: Server 2003, SP1 (I only have one Domain Controller.. however its also doing file servicing)

Question by:computerguy79
  • 5
  • 2
LVL 30

Expert Comment

ID: 18886162
I don't wish to rain on your parade, but the only way I'm aware of to recover from that error is to restore the GPO from backup.

Though it'll be shutting the barn door after the horse has already gone out if you're not already doing backups, here's a tutorial on backing up and restoring GPOs using the Group Policy Management Console:
LVL 48

Expert Comment

ID: 18886174

agreed, sounds like your policy has kicked the bucket...though i wonder if the permissions problem may be coming from the actual policy file in the SYSVOL folder.....bit of a long shot but hey



Author Comment

ID: 18886302
If i have to resort to a back up, that won't be too bad. problem is remembering where I saved it.
Also, I notice that if I remove the registry.pol file from the policies user folder, then open up GPMC the policy is editable. It seems the only affected policy settings are the ones under administrative templates. If thats the case, I'll just restore the settings as I've had them. I've been smart enough to make printouts of the GP modifications as I've been doing them for the last month. Wheeew. that would have sucked. Just for verification from the experts, If I remove the registry.pol file and do a modification to the GP in question, AD will create a new registry.pol file and put it in its (the old one's) place, right?
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

LVL 30

Expert Comment

ID: 18886326
I -believe- that the GP Editor will just create a blank registry.pol, yes.  Never tried it, though, so I can't speak to a 100% certainty.  (And if it doesn't work, your worst-case is that you're back to restoring from backup, which you have the means to do anyway.)

Author Comment

ID: 18886378
absolutely. In fact, I just rolled back the 'bad' GP just before my last post. Funny thing it that the GP is active and enforcing policies.. I just can't edit it.
I'll do the modification on Thurs. If it works, I'll comment on it.

Author Comment

ID: 18936414
update: I have recently completed MANUALLY creating a new GP modeled off the old.
Plan on Deploying on Monday. One I do so, I 'm going to copy the registry.pol to the old GP and see if it works. Keep your toes X'd!

Author Comment

ID: 18962605
Good news.. IT WORKS!
I finally got around to finishing and deploying my newly created GP. It is identical if not better than the original one I created. The good news of course is that a direct copy of the SYSVOl/<domain>/Policies/{GUID}/User/Registry.pol file fixed the corruption of the old GPO
Apparently everything else ties in seamlessly, yet  while this method worked for me and at this point is usless seeing as how I've configure a whole new GPO that can just be renamed to that of the old one, I just wanted to give an update of my success.

Accepted Solution

computerguy79 earned 0 total points
ID: 18989577
Vee Mod:
As I stated in my last comment, the solution was to create a new Group Policy Object, configure it as desired, then I copied the registry.pol file to the directory: SYSVOl/<domain>/Policies/{GUID}/User/
My comment to all who participated was that, apparently everything else associated with the new GP ties in seamlessly(folders of templates, adms, etc).
If all is well and there are no discrepancies, I'd like to change this post to a "PAQ and Refund"

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Robocopy Doesn't Retain Shared Folders After Copying 5 67
Windows 2012 PKI in a hybrid org 3 49
Bind Mac To Azure AD 1 35
Locating a GPO setting 3 31
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question