JSI Tip 3567. After setting security on NtFrs using Group Policy, you receive Events 1000 and 1002?

Ater configuring the Startup mode and security settings on the File Replication service (NtFrs) via Group Policy, your Application event log contains:

Event Type: WarningEvent Source: SceCliEvent Category: NoneEvent ID: 1202Date: 1/4/2001Time: 1:01:30 PMUser: N/AComputer: ServerDescription: Security policies are propagated with warning. 0x5 : Access is denied.             Please look for more details in Troubleshooting section in Security Help. Event Type: ErrorEvent Source: UserenvEvent Category: NoneEvent ID: 1000Date: 1/4/2001Time: 1:01:30 PMUser: NT AUTHORITYSYSTEMComputer: ServerDescription: The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (5).

If you turned on Security Configuration Client logging, the %SystemRoot%SecuritylogsWinlogon.log contains:

Configure NtFrs.Warning 5: Access is denied.Error opening NtFrs.General Service configuration completed with error.

The policy engine no longer has the permissions it requires to set security. to fix the problem:

1. Use Group Policy to navigate to Computer ConfigurationWindows SettingsSecurity SettingsSystem Services.

2. Right-click File Replication Service and press Security.

3. Grant the System and Administrators groups Full Control.

4. Force replication with SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE.

5. Use Regedt32 to navigate to HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNTFRS.

6. Delete the Security sub-key.

7. Restart the computer.

8. To verify that the fix has worked, look for consecutive Event ID 1704 messages in the Application event log.

NOTE: This problem is NOT unique to NtFrs and can happen to other services you configure.