Solved

Event ID 1704 on Member Server

Posted on 2011-09-12
5
1,080 Views
Last Modified: 2012-05-12
Hi,

We are using Windows server 2003 Domain controllers. Our member server also running on Windows server 2003. On our member servers I found event id 1704 frequently stating that Security Policy in the Gpo has been applied.

What exactly this event mean? Even though I have not updated any group policy newly on these servers, but still why the servers are getting these events?

I know there is a automatic Gpo refresh for every 90 minutes for member servers, If it is the case then for every 90 minutes there should be an event 1704 needs to be logged on the servers. But I am not able to find any events consecutively for 90 minutes.

How to prevent these events? What is the Impact on the servers by this event id?
Please find the attachment of the event id.

Thanks in advance Event-ID-1704.doc
0
Comment
Question by:gaddam01
5 Comments
 
LVL 7

Expert Comment

by:Chris Patterson
ID: 36525133
This events is recorded after each succesful refresh of a Windows 2000 security policy. It can also be generated at regular intervals, depending on the settings of the Security Policy Refresh (for example, on the operational master domain controller, the default refresh interval is 5 minutes). The Group Policy Refresh interval can be set by accessing the "computer Configuration\Administrative Templates\System\Group" node in the group policy.

A stand-alone server is updated every approx. 17 hours. The security policy update can be initiated manually using the commands:

secedit /refreshpolicy machine_policy
or
secedit /refreshpolicy user_policy
depending on what part of the security policy you want to update.
The policies are automatically applied at startup (the machine policy) or when during the user logon (user policy).


If you notice excessive amounts of 1704 eventlog entries it might be because the system was set up with sysprep. Sysprep erroneously sets the data value of MaxNoGPOListChangesInterval to 1, causing the GPO to reload on every startup.

To workaround this issue, reset HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}\MaxNoGPOListChangesInterval to decimal 960 (0x3c0), 16 hours, the default for this REG_DWORD data type.

0
 
LVL 3

Accepted Solution

by:
Thomas_Roes earned 500 total points
ID: 36525139
I found this on windows 2000:
http://support.microsoft.com/kb/884559

Please check the logfile mentioned in there.

Thomas Roes
0
 
LVL 11

Expert Comment

by:Ove
ID: 36525151
Hi!

Normally this will be shown every 5 minutes:
http://www.eventid.net/display.asp?eventid=1704&eventno=134&source=SceCli&phase=1

That is NO problem !

Ove
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 36525166
1704 events are completely normal? they just tell you that policies have been applied - dont believe me?

run gpupdate /force {enter} and you will see it again :)

0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36527539
Well, this is informational, so I don't see much of a reason to sweat it to be honest with you. It's telling you life is good, not that you have anything to worry about.

Note:That event will appear on any domain member or domain controller that receives security policy through group policy. By default, on DCs it will appear every 5 minutes and on domain members every 16 hours.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now