JSI Tip 2059. Security Policies Are Propagated with Warning. 0x534?

Jerold Schulman

February 21, 2000

1 Min Read
ITPro Today logo in a gray background | ITPro Today


When I looked in the Application log on my server, I discovered numerous entries, every 5 minutes:

Event Type: WarningEvent Source: SceCliEvent Category: NoneEvent ID: 1202Date: 10/16/1999Time: 10:13:10 amUser: N/AComputer: COMPUTERNAMEDescription: Security policies are propagated with warning. 0x534 : No mapping between account names and security IDs             was done. Please look for more details in TroubleShooting section in Security Help.

and

Event Type: ErrorEvent Source: UserenvEvent Category: NoneEvent ID: 1000Date: 10/16/1999Time: 10:13:11 amUser: NT AUTHORITYSYSTEMComputer: COMPUTERNAMEDescription: The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (1332).

To find the problem:

1. I navigated to HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonGPExtension\{827...} and Added Value name ExtensionDebugLevel as a type REG_DWORD, setting it to 2. This turned on logging for Winlogon.

2. At a CMD prompt, I typed:

    secedit /refreshpolicy machine_policy /enforce to create %SystemRoot%SecuritylogsWinlogon.log.

3. After inspecting Winlogon.log, I discovered that someone at Microsoft failed to learn the basics of database design, and did not implement referential integrity.

I had recently uninstalled IIS on my Windows 2000 Server. The initial install created the IUSR_... and IWAM_... accounts and assigned users rights. The uninstall removed these accounts, but failed to remove them from User Rights Assignment.

The fix was to manually remove the accounts from the from User Rights Assignment at Administrative Tools / Local Security Policy / Local Policies.


Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like