Solved

Event ID 1704 on Member Server

Posted on 2011-09-12
5
1,130 Views
Last Modified: 2012-05-12
Hi,

We are using Windows server 2003 Domain controllers. Our member server also running on Windows server 2003. On our member servers I found event id 1704 frequently stating that Security Policy in the Gpo has been applied.

What exactly this event mean? Even though I have not updated any group policy newly on these servers, but still why the servers are getting these events?

I know there is a automatic Gpo refresh for every 90 minutes for member servers, If it is the case then for every 90 minutes there should be an event 1704 needs to be logged on the servers. But I am not able to find any events consecutively for 90 minutes.

How to prevent these events? What is the Impact on the servers by this event id?
Please find the attachment of the event id.

Thanks in advance Event-ID-1704.doc
0
Comment
Question by:gaddam01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 7

Expert Comment

by:Chris Patterson
ID: 36525133
This events is recorded after each succesful refresh of a Windows 2000 security policy. It can also be generated at regular intervals, depending on the settings of the Security Policy Refresh (for example, on the operational master domain controller, the default refresh interval is 5 minutes). The Group Policy Refresh interval can be set by accessing the "computer Configuration\Administrative Templates\System\Group" node in the group policy.

A stand-alone server is updated every approx. 17 hours. The security policy update can be initiated manually using the commands:

secedit /refreshpolicy machine_policy
or
secedit /refreshpolicy user_policy
depending on what part of the security policy you want to update.
The policies are automatically applied at startup (the machine policy) or when during the user logon (user policy).


If you notice excessive amounts of 1704 eventlog entries it might be because the system was set up with sysprep. Sysprep erroneously sets the data value of MaxNoGPOListChangesInterval to 1, causing the GPO to reload on every startup.

To workaround this issue, reset HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}\MaxNoGPOListChangesInterval to decimal 960 (0x3c0), 16 hours, the default for this REG_DWORD data type.

0
 
LVL 3

Accepted Solution

by:
Thomas_Roes earned 500 total points
ID: 36525139
I found this on windows 2000:
http://support.microsoft.com/kb/884559

Please check the logfile mentioned in there.

Thomas Roes
0
 
LVL 11

Expert Comment

by:Ove
ID: 36525151
Hi!

Normally this will be shown every 5 minutes:
http://www.eventid.net/display.asp?eventid=1704&eventno=134&source=SceCli&phase=1

That is NO problem !

Ove
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 36525166
1704 events are completely normal? they just tell you that policies have been applied - dont believe me?

run gpupdate /force {enter} and you will see it again :)

0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36527539
Well, this is informational, so I don't see much of a reason to sweat it to be honest with you. It's telling you life is good, not that you have anything to worry about.

Note:That event will appear on any domain member or domain controller that receives security policy through group policy. By default, on DCs it will appear every 5 minutes and on domain members every 16 hours.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Domain .local to .co.uk 2 54
Migrating existing OnPremise servers to Azure ? 1 74
List of Active Users in AD 5 63
List all groups and nested groups in AD with powershell 4 33
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
A hard and fast method for reducing Active Directory Administrators members.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question