Group Policy Error: the file.. not a valid format

Posted on 2007-04-10
Last Modified: 2011-10-03
Hello Experts. Here’s a doosey
I have a Group Policy in which I cannot access via Group Policy Management.
when I attempt to edit the GP in question, I get an error message saying "Failed to open the group policy Object.  you may not have the appropriate rights.... Details: Unspecified Error"
After examining the Group Policy Management (admin tools) I noticed under the [Settings] tab of the problematic GP that under User configuration/administrative templates/   there is a message indicating:

An Error has occurred while collecting data for Administrative Templates

The following errors were encountered:
The file "\\\SysVol\\Policies\{99A9DE20-358D-49EC-8576-65E91777ECCB}\User\registry.pol" is not in a valid format.
The file might be corrupt.
Use Group Policy Object Editor to reconfigure the settings in this extension.

I anticipate the problem stemmed from my attempting to do a GP modification.. the MMC hung up, so I quit the app. After which the problems started happening.
I googled the problem and found some information that indicated looking at ADSIEDIT.MSC path of <doman>/CN=system,CN=Policies    but I cannot tell where the error is coming from. I suspect (not that I know anything regarding) that the registry.pol file is the problem. If this is the case, can it be repaired w/out having to reconfigure my Group Policy all over again? This GP is not a default domain policy. It s is for particular OU located under Domain/Users in AD.

Infrast:   Workstations: WinXP,sp2      PDC: Server 2003, SP1 (I only have one Domain Controller.. however its also doing file servicing)

Question by:computerguy79
  • 5
  • 2
LVL 30

Expert Comment

ID: 18886162
I don't wish to rain on your parade, but the only way I'm aware of to recover from that error is to restore the GPO from backup.

Though it'll be shutting the barn door after the horse has already gone out if you're not already doing backups, here's a tutorial on backing up and restoring GPOs using the Group Policy Management Console:
LVL 48

Expert Comment

ID: 18886174

agreed, sounds like your policy has kicked the bucket...though i wonder if the permissions problem may be coming from the actual policy file in the SYSVOL folder.....bit of a long shot but hey



Author Comment

ID: 18886302
If i have to resort to a back up, that won't be too bad. problem is remembering where I saved it.
Also, I notice that if I remove the registry.pol file from the policies user folder, then open up GPMC the policy is editable. It seems the only affected policy settings are the ones under administrative templates. If thats the case, I'll just restore the settings as I've had them. I've been smart enough to make printouts of the GP modifications as I've been doing them for the last month. Wheeew. that would have sucked. Just for verification from the experts, If I remove the registry.pol file and do a modification to the GP in question, AD will create a new registry.pol file and put it in its (the old one's) place, right?
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

LVL 30

Expert Comment

ID: 18886326
I -believe- that the GP Editor will just create a blank registry.pol, yes.  Never tried it, though, so I can't speak to a 100% certainty.  (And if it doesn't work, your worst-case is that you're back to restoring from backup, which you have the means to do anyway.)

Author Comment

ID: 18886378
absolutely. In fact, I just rolled back the 'bad' GP just before my last post. Funny thing it that the GP is active and enforcing policies.. I just can't edit it.
I'll do the modification on Thurs. If it works, I'll comment on it.

Author Comment

ID: 18936414
update: I have recently completed MANUALLY creating a new GP modeled off the old.
Plan on Deploying on Monday. One I do so, I 'm going to copy the registry.pol to the old GP and see if it works. Keep your toes X'd!

Author Comment

ID: 18962605
Good news.. IT WORKS!
I finally got around to finishing and deploying my newly created GP. It is identical if not better than the original one I created. The good news of course is that a direct copy of the SYSVOl/<domain>/Policies/{GUID}/User/Registry.pol file fixed the corruption of the old GPO
Apparently everything else ties in seamlessly, yet  while this method worked for me and at this point is usless seeing as how I've configure a whole new GPO that can just be renamed to that of the old one, I just wanted to give an update of my success.

Accepted Solution

computerguy79 earned 0 total points
ID: 18989577
Vee Mod:
As I stated in my last comment, the solution was to create a new Group Policy Object, configure it as desired, then I copied the registry.pol file to the directory: SYSVOl/<domain>/Policies/{GUID}/User/
My comment to all who participated was that, apparently everything else associated with the new GP ties in seamlessly(folders of templates, adms, etc).
If all is well and there are no discrepancies, I'd like to change this post to a "PAQ and Refund"

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question