Group Policy Error: the file.. not a valid format

Posted on 2007-04-10
Last Modified: 2011-10-03
Hello Experts. Here’s a doosey
I have a Group Policy in which I cannot access via Group Policy Management.
when I attempt to edit the GP in question, I get an error message saying "Failed to open the group policy Object.  you may not have the appropriate rights.... Details: Unspecified Error"
After examining the Group Policy Management (admin tools) I noticed under the [Settings] tab of the problematic GP that under User configuration/administrative templates/   there is a message indicating:

An Error has occurred while collecting data for Administrative Templates

The following errors were encountered:
The file "\\\SysVol\\Policies\{99A9DE20-358D-49EC-8576-65E91777ECCB}\User\registry.pol" is not in a valid format.
The file might be corrupt.
Use Group Policy Object Editor to reconfigure the settings in this extension.

I anticipate the problem stemmed from my attempting to do a GP modification.. the MMC hung up, so I quit the app. After which the problems started happening.
I googled the problem and found some information that indicated looking at ADSIEDIT.MSC path of <doman>/CN=system,CN=Policies    but I cannot tell where the error is coming from. I suspect (not that I know anything regarding) that the registry.pol file is the problem. If this is the case, can it be repaired w/out having to reconfigure my Group Policy all over again? This GP is not a default domain policy. It s is for particular OU located under Domain/Users in AD.

Infrast:   Workstations: WinXP,sp2      PDC: Server 2003, SP1 (I only have one Domain Controller.. however its also doing file servicing)

Question by:computerguy79
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
LVL 30

Expert Comment

ID: 18886162
I don't wish to rain on your parade, but the only way I'm aware of to recover from that error is to restore the GPO from backup.

Though it'll be shutting the barn door after the horse has already gone out if you're not already doing backups, here's a tutorial on backing up and restoring GPOs using the Group Policy Management Console:
LVL 48

Expert Comment

ID: 18886174

agreed, sounds like your policy has kicked the bucket...though i wonder if the permissions problem may be coming from the actual policy file in the SYSVOL folder.....bit of a long shot but hey



Author Comment

ID: 18886302
If i have to resort to a back up, that won't be too bad. problem is remembering where I saved it.
Also, I notice that if I remove the registry.pol file from the policies user folder, then open up GPMC the policy is editable. It seems the only affected policy settings are the ones under administrative templates. If thats the case, I'll just restore the settings as I've had them. I've been smart enough to make printouts of the GP modifications as I've been doing them for the last month. Wheeew. that would have sucked. Just for verification from the experts, If I remove the registry.pol file and do a modification to the GP in question, AD will create a new registry.pol file and put it in its (the old one's) place, right?
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

LVL 30

Expert Comment

ID: 18886326
I -believe- that the GP Editor will just create a blank registry.pol, yes.  Never tried it, though, so I can't speak to a 100% certainty.  (And if it doesn't work, your worst-case is that you're back to restoring from backup, which you have the means to do anyway.)

Author Comment

ID: 18886378
absolutely. In fact, I just rolled back the 'bad' GP just before my last post. Funny thing it that the GP is active and enforcing policies.. I just can't edit it.
I'll do the modification on Thurs. If it works, I'll comment on it.

Author Comment

ID: 18936414
update: I have recently completed MANUALLY creating a new GP modeled off the old.
Plan on Deploying on Monday. One I do so, I 'm going to copy the registry.pol to the old GP and see if it works. Keep your toes X'd!

Author Comment

ID: 18962605
Good news.. IT WORKS!
I finally got around to finishing and deploying my newly created GP. It is identical if not better than the original one I created. The good news of course is that a direct copy of the SYSVOl/<domain>/Policies/{GUID}/User/Registry.pol file fixed the corruption of the old GPO
Apparently everything else ties in seamlessly, yet  while this method worked for me and at this point is usless seeing as how I've configure a whole new GPO that can just be renamed to that of the old one, I just wanted to give an update of my success.

Accepted Solution

computerguy79 earned 0 total points
ID: 18989577
Vee Mod:
As I stated in my last comment, the solution was to create a new Group Policy Object, configure it as desired, then I copied the registry.pol file to the directory: SYSVOl/<domain>/Policies/{GUID}/User/
My comment to all who participated was that, apparently everything else associated with the new GP ties in seamlessly(folders of templates, adms, etc).
If all is well and there are no discrepancies, I'd like to change this post to a "PAQ and Refund"

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question