• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1360
  • Last Modified:

Event ID 1704 on Member Server

Hi,

We are using Windows server 2003 Domain controllers. Our member server also running on Windows server 2003. On our member servers I found event id 1704 frequently stating that Security Policy in the Gpo has been applied.

What exactly this event mean? Even though I have not updated any group policy newly on these servers, but still why the servers are getting these events?

I know there is a automatic Gpo refresh for every 90 minutes for member servers, If it is the case then for every 90 minutes there should be an event 1704 needs to be logged on the servers. But I am not able to find any events consecutively for 90 minutes.

How to prevent these events? What is the Impact on the servers by this event id?
Please find the attachment of the event id.

Thanks in advance Event-ID-1704.doc
0
gaddam01
Asked:
gaddam01
1 Solution
 
Chris PattersonSenior Systems EngineerCommented:
This events is recorded after each succesful refresh of a Windows 2000 security policy. It can also be generated at regular intervals, depending on the settings of the Security Policy Refresh (for example, on the operational master domain controller, the default refresh interval is 5 minutes). The Group Policy Refresh interval can be set by accessing the "computer Configuration\Administrative Templates\System\Group" node in the group policy.

A stand-alone server is updated every approx. 17 hours. The security policy update can be initiated manually using the commands:

secedit /refreshpolicy machine_policy
or
secedit /refreshpolicy user_policy
depending on what part of the security policy you want to update.
The policies are automatically applied at startup (the machine policy) or when during the user logon (user policy).


If you notice excessive amounts of 1704 eventlog entries it might be because the system was set up with sysprep. Sysprep erroneously sets the data value of MaxNoGPOListChangesInterval to 1, causing the GPO to reload on every startup.

To workaround this issue, reset HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}\MaxNoGPOListChangesInterval to decimal 960 (0x3c0), 16 hours, the default for this REG_DWORD data type.

0
 
Thomas_RoesCommented:
I found this on windows 2000:
http://support.microsoft.com/kb/884559

Please check the logfile mentioned in there.

Thomas Roes
0
 
OveCommented:
Hi!

Normally this will be shown every 5 minutes:
http://www.eventid.net/display.asp?eventid=1704&eventno=134&source=SceCli&phase=1

That is NO problem !

Ove
0
 
Pete LongTechnical ConsultantCommented:
1704 events are completely normal? they just tell you that policies have been applied - dont believe me?

run gpupdate /force {enter} and you will see it again :)

0
 
SandeshdubeySenior Server EngineerCommented:
Well, this is informational, so I don't see much of a reason to sweat it to be honest with you. It's telling you life is good, not that you have anything to worry about.

Note:That event will appear on any domain member or domain controller that receives security policy through group policy. By default, on DCs it will appear every 5 minutes and on domain members every 16 hours.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now