Solved

Group Policy Error: the file.. not a valid format

Posted on 2007-04-10
11
4,384 Views
Last Modified: 2011-10-03
Hello Experts. Here’s a doosey
I have a Group Policy in which I cannot access via Group Policy Management.
when I attempt to edit the GP in question, I get an error message saying "Failed to open the group policy Object.  you may not have the appropriate rights.... Details: Unspecified Error"
After examining the Group Policy Management (admin tools) I noticed under the [Settings] tab of the problematic GP that under User configuration/administrative templates/   there is a message indicating:

An Error has occurred while collecting data for Administrative Templates

The following errors were encountered:
The file "\\jordanNTHS.jdnnths.lausd.net\SysVol\jdnnths.lausd.net\Policies\{99A9DE20-358D-49EC-8576-65E91777ECCB}\User\registry.pol" is not in a valid format.
The file might be corrupt.
Use Group Policy Object Editor to reconfigure the settings in this extension.


I anticipate the problem stemmed from my attempting to do a GP modification.. the MMC hung up, so I quit the app. After which the problems started happening.
I googled the problem and found some information that indicated looking at ADSIEDIT.MSC path of <doman>/CN=system,CN=Policies    but I cannot tell where the error is coming from. I suspect (not that I know anything regarding) that the registry.pol file is the problem. If this is the case, can it be repaired w/out having to reconfigure my Group Policy all over again? This GP is not a default domain policy. It s is for particular OU located under Domain/Users in AD.

Infrast:   Workstations: WinXP,sp2      PDC: Server 2003, SP1 (I only have one Domain Controller.. however its also doing file servicing)

Thanks!
0
Comment
Question by:computerguy79
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
11 Comments
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18886162
I don't wish to rain on your parade, but the only way I'm aware of to recover from that error is to restore the GPO from backup.

Though it'll be shutting the barn door after the horse has already gone out if you're not already doing backups, here's a tutorial on backing up and restoring GPOs using the Group Policy Management Console: http://www.windowsecurity.com/articles/Backing-up-Restoring-GPOs-using-GPMC.html
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18886174
computerguy79,

agreed, sounds like your policy has kicked the bucket...though i wonder if the permissions problem may be coming from the actual policy file in the SYSVOL folder.....bit of a long shot but hey

Regards,

James
0
 
LVL 1

Author Comment

by:computerguy79
ID: 18886302
If i have to resort to a back up, that won't be too bad. problem is remembering where I saved it.
Also, I notice that if I remove the registry.pol file from the policies user folder, then open up GPMC the policy is editable. It seems the only affected policy settings are the ones under administrative templates. If thats the case, I'll just restore the settings as I've had them. I've been smart enough to make printouts of the GP modifications as I've been doing them for the last month. Wheeew. that would have sucked. Just for verification from the experts, If I remove the registry.pol file and do a modification to the GP in question, AD will create a new registry.pol file and put it in its (the old one's) place, right?
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18886326
I -believe- that the GP Editor will just create a blank registry.pol, yes.  Never tried it, though, so I can't speak to a 100% certainty.  (And if it doesn't work, your worst-case is that you're back to restoring from backup, which you have the means to do anyway.)
0
 
LVL 1

Author Comment

by:computerguy79
ID: 18886378
absolutely. In fact, I just rolled back the 'bad' GP just before my last post. Funny thing it that the GP is active and enforcing policies.. I just can't edit it.
I'll do the modification on Thurs. If it works, I'll comment on it.
0
 
LVL 1

Author Comment

by:computerguy79
ID: 18936414
update: I have recently completed MANUALLY creating a new GP modeled off the old.
Plan on Deploying on Monday. One I do so, I 'm going to copy the registry.pol to the old GP and see if it works. Keep your toes X'd!
0
 
LVL 1

Author Comment

by:computerguy79
ID: 18962605
Good news.. IT WORKS!
I finally got around to finishing and deploying my newly created GP. It is identical if not better than the original one I created. The good news of course is that a direct copy of the SYSVOl/<domain>/Policies/{GUID}/User/Registry.pol file fixed the corruption of the old GPO
Apparently everything else ties in seamlessly, yet  while this method worked for me and at this point is usless seeing as how I've configure a whole new GPO that can just be renamed to that of the old one, I just wanted to give an update of my success.
0
 
LVL 1

Accepted Solution

by:
computerguy79 earned 0 total points
ID: 18989577
Vee Mod:
As I stated in my last comment, the solution was to create a new Group Policy Object, configure it as desired, then I copied the registry.pol file to the directory: SYSVOl/<domain>/Policies/{GUID}/User/
My comment to all who participated was that, apparently everything else associated with the new GP ties in seamlessly(folders of templates, adms, etc).
If all is well and there are no discrepancies, I'd like to change this post to a "PAQ and Refund"
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question