|
Posted by Will on November 14, 2005, 3:45 pm
Please log in for more thread options Is there a utility to help read through the userenv.log file? It is nearly
impossible to read it since every character is separated by a null character
(0). I've noticed that all of the log files have this same bizarre
unreadable format. Strange that Microsoft did it this way.
How do I get the date out of each line? I only see hours, minutes,
seconds, followed by a colon and a code. There are lots of errors in this
file. If there is a document on how to interpret the errors there I would
appreciate a reference.
NetDiag /V passes all of the tests.
The question for me is very specific:
1) Is it correct behavior for a domain controller to have a
%SYSTEMROOT%\SYSVOL\SYSVOL where the share is on the second SYSVOL under
the first one?
2) Shouldn't the clients be accessing the SYSVOL on the DC through a share?
If yes, how do I explain this bizarre result that none of the computers is
accessing SYSVOL through its share. All of the SYSVOLs appear to be trying
to retrieve files right off the file system of the DC, using a path
something similar to
\domain-server1\c$\winnt\sysvol\policies\xxxxx\gptxxx.inf
The problem is the error messages don't show me the actual path the client
was trying to use. I guess I may need to resort to a sniffer and hope it
is not encrypted data.
I'm just perplexed at this point.
--
Will
> Is there anything in the userenv.log that would indicate a problem finding
> or accessing a domain controller, sysvol share, folder path or otherwise
> indicate GP processing is not working right? If you change a setting in
GP
> does the change show for the computer/user once the GP settings have
> refreshed? Any problems shown in netdiag output from the domain client or
> domain controller used as shown in the gpresult report? --- Steve
>
>
> >I see errors in the Application Log with details:
> >
> > Event ID 1000: The Group Policy client-side extension Security was
> > passed flags (17) and returned a failure status code of (3).
> >
> > gpresult reports no errors, but it's quite clear looking at the output
for
> > computers that it is not grabbing most of the group policy.
> >
> > --
> > Will
> >
> >
> >> I have never actually tried to audit that directory but are those
client
> >> computers failing to have Group Policy applied to them which among
other
> >> things would be evidenced by errors/warnings for userenv in the
> > application
> >> log and errors when running gpresult?? You also might want to enable
> >> debug
> >> logging of userenv to see what is going on with GP processing by
looking
> > at
> >> the userenv.log file. --- Steve
> >>
> >>
> >> > I'm getting an EventID 560 from machines on our network trying to
> >> > access
> >> > SYSVOL, and in examining the detail of the message I'm confused by
what
> > is
> >> > happening. On our domain controller, the sysvol *share* is located
> >> > at
> >> > %SYSTEMROOT%\sysvol\sysvol. I've never understood why there is a
> > sysvol
> >> > share under the directory named sysvol. Maybe someone can explain
> >> > that
> >> > one
> >> > to me as well.
> >> >
> >> > What I am seeing in the security section of eventviewer is that
> >> > machines
> >> > are
> >> > trying to apply group policy by directory accessing the
> >> > %SYSTEMROOT%\sysvol
> >> > directory and NOT using the sysvol share. A typical event 560 error
> >> > is
> >> > as
> >> > follows:
> >> >
> >> > Object Open:
> >> > Object Server: Security
> >> > Object Type: File
> >> > Object Name:
> >> >
> >
\Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume2\WINNT\SYSVOL\DOMAIN
> >> > \POLICIES\\MACHINE\MICROSOFT\WINDOWS NT\SECEDIT\GPTTMPL.INF
> >> > New Handle ID: -
> >> > Operation ID:
> >> > Process ID: 8
> >> > Primary User Name: DOMAIN-CONTROLLERA$
> >> > Primary Domain: CORPORATE
> >> > Primary Logon ID: (0x0,0x3E7)
> >> > Client User Name: CLIENT-WORKSTATIONC$
> >> > Client Domain: CORPORATE
> >> > Client Logon ID: (0x0,0x55B231A)
> >> > Accesses READ_CONTROL
> >> > ReadData (or ListDirectory)
> >> > ReadEA
> >> > ReadAttributes
> >> >
> >> > Privileges -
> >> >
> >> >
> >> > I'm confused by a number of things here:
> >> >
> >> > 1) Why are machines attempting to apply group policy through a
location
> >> > that
> >> > does not travel through the SYSVOL share?
> >> >
> >> > 2) Even once I explicitly give Read and Read & Execute permission to
> >> > all
> >> > Domain Users and Domain Computers to access the specific path they
are
> >> > traversing, I still get the event id 560.
> >> >
> >> > Any help understanding this is appreciated.
> >> >
> >> > --
> >> > Will
> >> >
> >> >
> >>
> >>
> >
> >
>
>
| 
XML Sitemap