Ben Conner
asked on
Is 'enterprise' a reserved name in Windows Server 2008?
Hi,
I'm tracking down an Event Viewer warning in SceCli with the 'Security policies were propagated with warning. 0x534: No mapping between account names and security IDs was done'. I found an issue with an account 'Enterprise' having been assigned the Policy 'Enable computer and user accounts to be trusted for delegation'. This server lives in a very simple world: there are only 2 accounts defined on it--Administrator and guest. So I'm not sure where the Enterprise came from. This is on a 2008 R2 Enterprise installation.
In the winlogon security log, I see the following:
Process GP template gpt00000.dom.
This is not the last GPO.
-------------------------- ---------- -------
Sunday, February 26, 2017 9:17:28 AM
Copy undo values to the merged policy.
----Un-initialize configuration engine...
Process GP template gpt00001.dom.
-------------------------- ---------- -------
Sunday, February 26, 2017 9:17:28 AM
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
----Configure User Rights...
Configure enterprise.
Error 1332: No mapping between account names and security IDs was done.
Cannot find enterprise.
Configure S-1-5-32-544.
User Rights configuration was completed with one or more errors.
along with a lot of:
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
type of messages.
I've tried searching for the Enterprise account using the gpmc console but see 3 groups with 'Enterprise' in them but no actual user accounts called 'Enterprise'.
Am probably not approaching this the right way. I have little experience with this and don't use it enough to be proficient. Any suggestions would be most appreciated.
Thanks!
--Ben
I'm tracking down an Event Viewer warning in SceCli with the 'Security policies were propagated with warning. 0x534: No mapping between account names and security IDs was done'. I found an issue with an account 'Enterprise' having been assigned the Policy 'Enable computer and user accounts to be trusted for delegation'. This server lives in a very simple world: there are only 2 accounts defined on it--Administrator and guest. So I'm not sure where the Enterprise came from. This is on a 2008 R2 Enterprise installation.
In the winlogon security log, I see the following:
Process GP template gpt00000.dom.
This is not the last GPO.
--------------------------
Sunday, February 26, 2017 9:17:28 AM
Copy undo values to the merged policy.
----Un-initialize configuration engine...
Process GP template gpt00001.dom.
--------------------------
Sunday, February 26, 2017 9:17:28 AM
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
----Configure User Rights...
Configure enterprise.
Error 1332: No mapping between account names and security IDs was done.
Cannot find enterprise.
Configure S-1-5-32-544.
User Rights configuration was completed with one or more errors.
along with a lot of:
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
type of messages.
I've tried searching for the Enterprise account using the gpmc console but see 3 groups with 'Enterprise' in them but no actual user accounts called 'Enterprise'.
Am probably not approaching this the right way. I have little experience with this and don't use it enough to be proficient. Any suggestions would be most appreciated.
Thanks!
--Ben
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You should be able to just rename it back to Administrators from ADUC
ASKER
Sorry...ADUC...?
Active Directory Users and Computers :)
ASKER
Ah. Would this have been an AD entry or specific to this local machine?
Can be either
ASKER
--Ben