Solved

Event ID 1704 on Member Server

Posted on 2011-09-12
5
1,102 Views
Last Modified: 2012-05-12
Hi,

We are using Windows server 2003 Domain controllers. Our member server also running on Windows server 2003. On our member servers I found event id 1704 frequently stating that Security Policy in the Gpo has been applied.

What exactly this event mean? Even though I have not updated any group policy newly on these servers, but still why the servers are getting these events?

I know there is a automatic Gpo refresh for every 90 minutes for member servers, If it is the case then for every 90 minutes there should be an event 1704 needs to be logged on the servers. But I am not able to find any events consecutively for 90 minutes.

How to prevent these events? What is the Impact on the servers by this event id?
Please find the attachment of the event id.

Thanks in advance Event-ID-1704.doc
0
Comment
Question by:gaddam01
5 Comments
 
LVL 7

Expert Comment

by:Chris Patterson
ID: 36525133
This events is recorded after each succesful refresh of a Windows 2000 security policy. It can also be generated at regular intervals, depending on the settings of the Security Policy Refresh (for example, on the operational master domain controller, the default refresh interval is 5 minutes). The Group Policy Refresh interval can be set by accessing the "computer Configuration\Administrative Templates\System\Group" node in the group policy.

A stand-alone server is updated every approx. 17 hours. The security policy update can be initiated manually using the commands:

secedit /refreshpolicy machine_policy
or
secedit /refreshpolicy user_policy
depending on what part of the security policy you want to update.
The policies are automatically applied at startup (the machine policy) or when during the user logon (user policy).


If you notice excessive amounts of 1704 eventlog entries it might be because the system was set up with sysprep. Sysprep erroneously sets the data value of MaxNoGPOListChangesInterval to 1, causing the GPO to reload on every startup.

To workaround this issue, reset HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}\MaxNoGPOListChangesInterval to decimal 960 (0x3c0), 16 hours, the default for this REG_DWORD data type.

0
 
LVL 3

Accepted Solution

by:
Thomas_Roes earned 500 total points
ID: 36525139
I found this on windows 2000:
http://support.microsoft.com/kb/884559

Please check the logfile mentioned in there.

Thomas Roes
0
 
LVL 11

Expert Comment

by:Ove
ID: 36525151
Hi!

Normally this will be shown every 5 minutes:
http://www.eventid.net/display.asp?eventid=1704&eventno=134&source=SceCli&phase=1

That is NO problem !

Ove
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 36525166
1704 events are completely normal? they just tell you that policies have been applied - dont believe me?

run gpupdate /force {enter} and you will see it again :)

0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36527539
Well, this is informational, so I don't see much of a reason to sweat it to be honest with you. It's telling you life is good, not that you have anything to worry about.

Note:That event will appear on any domain member or domain controller that receives security policy through group policy. By default, on DCs it will appear every 5 minutes and on domain members every 16 hours.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question