gazasc78
asked on
Windows cannot open template file
I am trying to apply auditing to the default domain controllers GPO on my Windows 2000 server machine.
When I expand Computer Configuration, Windows Settings, Security Templates I get an error saying:
"Windows cannot open template file"
I then go on to expand Security Settings, Local Policy, Audit Policy and if I make a change to a setting, for example 'Audit Account Logon Events' I get the following error message twice after clicking ok:
Failed to Save Fail to Save
l\SysVol\mydomain.local\Po licies\{6E 4B5C53-F6F C-4D1B-BFA 3-39F91C58 290B}\Mach ine\Micros oft\Window s NT\SecEdit\GptTmpl.inf
It then appears that the changes have been made, but if I exit the Group Policy Editor, and go in again to edit the policy, when I expand Computer Configuration, Windows Settings, Security Settings only the 'Public Key Policies' and 'IP Security Policies on Active Directory' folders are present. i.e. 'Account Policies' and 'Local Policies' etc are all missing.
When I expand Computer Configuration, Windows Settings, Security Templates I get an error saying:
"Windows cannot open template file"
I then go on to expand Security Settings, Local Policy, Audit Policy and if I make a change to a setting, for example 'Audit Account Logon Events' I get the following error message twice after clicking ok:
Failed to Save Fail to Save
l\SysVol\mydomain.local\Po
It then appears that the changes have been made, but if I exit the Group Policy Editor, and go in again to edit the policy, when I expand Computer Configuration, Windows Settings, Security Settings only the 'Public Key Policies' and 'IP Security Policies on Active Directory' folders are present. i.e. 'Account Policies' and 'Local Policies' etc are all missing.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've checked the Gptmpl.inf under the following path ....{6AC1786C-016F-11D2-94 5F-00C04fB 984F9}\Com puter\Micr osoft\Wind ows NT\SecEdit as recommended in MS KB Article 936483 and SeNetworkLogonRight = *S-1-5-11,*S-1-5-32-544,*S -1-1-0 which seem correct.
However the error message I'm receiving is indicating the following path C:\WINNT\sysvol\sysvol\myd omain.loca l\Policies \{6E4B5C53 -F6FC-4D1B -BFA3-39F9 1C58290B}\ Machine\Mi crosoft\Wi ndows NT\SecEdit
Is this the correct path? I checked the Gpttmpl.inf file there and it only has the following entries:
[Unicode]
Unicode=yes
[Version]
signature="$CHICAGO$"
Revision=1
I've checked what services are running and I do not see an entry for DCOM, however the COM+ Event System is running.
However the error message I'm receiving is indicating the following path C:\WINNT\sysvol\sysvol\myd
Is this the correct path? I checked the Gpttmpl.inf file there and it only has the following entries:
[Unicode]
Unicode=yes
[Version]
signature="$CHICAGO$"
Revision=1
I've checked what services are running and I do not see an entry for DCOM, however the COM+ Event System is running.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The only errors I have in my Application Log are:
Source: SclgNtfy
Default group policy object cannot be created. Error 80070020 to save GPO Domain EFS Recovery Policy.
Source: SceSrv
Policy change from LSA/SAM can't be saved in the policy storage. Error 5 to save policy change for account S-1-5-21-1645522239-362288 127-839522 115-1680 in the default GPOs. For more debugging information, please look security\logs\scepol.log under Windows root.
Source: SclgNtfy
Default group policy object cannot be created. Error 80070020 to save GPO Domain EFS Recovery Policy.
Source: SceSrv
Policy change from LSA/SAM can't be saved in the policy storage. Error 5 to save policy change for account S-1-5-21-1645522239-362288
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks guys for all your help on this.
ASKER
Thanks guys for all your help
ASKER
I have also noticed that the shortcut to 'Domain Controller Security Policy' under administrative tools is invalid and does not work. Not sure if this is relevant?
A point I forgot to mention previously is that I have a second domain controller configured on the network which also has the same symptoms.
If I were to demote one domain controller at a time and then use DCPROMO to reinstall AD do you think this would correct my problem?