Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Event ID 1704 on Member Server

Posted on 2011-09-12
5
Medium Priority
?
1,238 Views
Last Modified: 2012-05-12
Hi,

We are using Windows server 2003 Domain controllers. Our member server also running on Windows server 2003. On our member servers I found event id 1704 frequently stating that Security Policy in the Gpo has been applied.

What exactly this event mean? Even though I have not updated any group policy newly on these servers, but still why the servers are getting these events?

I know there is a automatic Gpo refresh for every 90 minutes for member servers, If it is the case then for every 90 minutes there should be an event 1704 needs to be logged on the servers. But I am not able to find any events consecutively for 90 minutes.

How to prevent these events? What is the Impact on the servers by this event id?
Please find the attachment of the event id.

Thanks in advance Event-ID-1704.doc
0
Comment
Question by:gaddam01
5 Comments
 
LVL 7

Expert Comment

by:Chris Patterson
ID: 36525133
This events is recorded after each succesful refresh of a Windows 2000 security policy. It can also be generated at regular intervals, depending on the settings of the Security Policy Refresh (for example, on the operational master domain controller, the default refresh interval is 5 minutes). The Group Policy Refresh interval can be set by accessing the "computer Configuration\Administrative Templates\System\Group" node in the group policy.

A stand-alone server is updated every approx. 17 hours. The security policy update can be initiated manually using the commands:

secedit /refreshpolicy machine_policy
or
secedit /refreshpolicy user_policy
depending on what part of the security policy you want to update.
The policies are automatically applied at startup (the machine policy) or when during the user logon (user policy).


If you notice excessive amounts of 1704 eventlog entries it might be because the system was set up with sysprep. Sysprep erroneously sets the data value of MaxNoGPOListChangesInterval to 1, causing the GPO to reload on every startup.

To workaround this issue, reset HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}\MaxNoGPOListChangesInterval to decimal 960 (0x3c0), 16 hours, the default for this REG_DWORD data type.

0
 
LVL 3

Accepted Solution

by:
Thomas_Roes earned 2000 total points
ID: 36525139
I found this on windows 2000:
http://support.microsoft.com/kb/884559

Please check the logfile mentioned in there.

Thomas Roes
0
 
LVL 11

Expert Comment

by:Ove
ID: 36525151
Hi!

Normally this will be shown every 5 minutes:
http://www.eventid.net/display.asp?eventid=1704&eventno=134&source=SceCli&phase=1

That is NO problem !

Ove
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 36525166
1704 events are completely normal? they just tell you that policies have been applied - dont believe me?

run gpupdate /force {enter} and you will see it again :)

0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36527539
Well, this is informational, so I don't see much of a reason to sweat it to be honest with you. It's telling you life is good, not that you have anything to worry about.

Note:That event will appear on any domain member or domain controller that receives security policy through group policy. By default, on DCs it will appear every 5 minutes and on domain members every 16 hours.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question