Sign in
 
HomeLibraryWikiLearnGalleryDownloadsSupportForumsBlogs
Resources for IT Professionals >
LocalGPO problem on Windows Server 2003 R2 SP2

Answered LocalGPO problem on Windows Server 2003 R2 SP2

  • Sunday, May 13, 2012 10:14 PM
     
     
    Sign In to Vote
    0

    Applying SCM 2.5 LocalGPO / GPOPack to Windows Server 2003 R2 SP2 results in this error when viewing policy via gpedit.msc...

    After restarting the computer, it appears as if no policy changes were applied. Why?

    To recreate this, install LocalGPO on a non-domain Windows Server 2003 R2 SP2 computer. Using gpedit.msc, make a change to local policy (password length, for example). Using LocalGPO, backup the policy (to a GPOPack, for example). Using gpedit.msc, change the password length for example) back to a different setting. Then, attempt to apply the policy. The above error will appear, and upon reboot, the policy has not been applied.

     

All Replies

  • Monday, May 14, 2012 3:21 PM
     
     
    Sign In to Vote
    0
    To clarify the steps necessary to recreate this error:

    1. Install LocalGPO on a non-domain Windows Server 2003 R2 SP2 computer.

    2. Using gpedit.msc, make a change to local policy (password length set to 14, for example).

    3. Using LocalGPO, backup the policy (to a GPOPack, for example).

    4. Using gpedit.msc, make a change to local policy (password length set to 7, for example).

    5.  Using LocalGPO, apply the policy backed up in step 3.

    6. Using gpedit.msc, attempt to view local policy. You will see the "Security Templates" error message.

    7. Notice that the policy you backed up has not been applied. For example, password length is set to 7 (instead of 14 as specified in your LocalGPO policy.)
     
  • Monday, May 14, 2012 4:54 PM
    Owner
     
     
    Sign In to Vote
    0

    Aerospace,

    I'll ask Jose to take a look at this thread, but I don't think we ever tested LocalGPO on 2003 R2, only 2003 SP2.

    Kurt

    Kurt Dillard http://www.kurtdillard.com

     
  • Wednesday, May 16, 2012 12:17 AM
     
     
    Sign In to Vote
    0

    Hi Kurt,

    We're seeing the same error on Windows Server 2003 SP2 (not R2).

    Thanks.

     
  • Wednesday, May 16, 2012 5:58 PM
    Owner
     
     
    Sign In to Vote
    0

    I cannot replicate this on Windows Server 2003 SP2. I followed your steps and everything works as expected.

    I downloaded the ISO for Windows Server 2003 R2 with SP2 last night and have started setting up a machine for testing, I plan to post my results later today.

    Kurt Dillard http://www.kurtdillard.com

     
  • Wednesday, May 16, 2012 6:35 PM
    Owner
     
     
    Sign In to Vote
    0

    Aero.space,

    I installed Windows Server 2003 R2 with SP2 and then installed LocalGPO from SCM 2.5, I am unable to duplicate the problems you describe. I changed a setting using gpedit.msc, exported the GPO, made another change using GPedit, imported the GPO bacakup I had just made and the setting reverted as expected. I see no error messages opening and closing gpedit.msc. I rebooted and opened gpedit, no errors.

    What version of LocalGPO are you using? What happens if you attempt these procedures on a clean install of Windows Server?

    Kurt Dillard http://www.kurtdillard.com

     
  • Thursday, May 17, 2012 12:15 AM
     
     
    Sign In to Vote
    0

    We've narrowed it down to the GPOPack option. You are correct... using "native" LocalGPO export and "import" features works fine on Windows Server 2003.

    However, if you attempt to use the GPOPack feature, you will encounter the "Security Templates" error described above.

    Sample commands to reproduce the issue:

    1. Export the policy as a GPOPack: cscript LocalGPO.wsf /path:c:\x2 /Export /gpopack

    2. Apply the policy as a GPOPack: C:\x2\{6214C33C-4DAD-4873-966F-114D07024F88}>cscript GPOPack.wsf

    3. Run gpedit.msc and observe the error.


    • Edited by aero.space Thursday, May 17, 2012 12:15 AM
    •  
     
  • Thursday, May 17, 2012 6:06 PM
    Owner
     
     
    Sign In to Vote
    0

    Aerospace,

    Thanks for your persistence in this issue! I can reproduce it, there appears to be something wrong with either the GPOpack script or one of the datafiles it uses. I'll talk to Jose, its probably an easy fix but we don't plan to publish another release of SCM and LocalGPO for a while.

    Kurt

    Kurt Dillard http://www.kurtdillard.com

     
  • Thursday, May 17, 2012 10:06 PM
     
     
    Sign In to Vote
    0
    We've come to rely on the GPOPack feature. It's very efficient and convenient, of course, since LocalGPO.msi doesn't need to be installed. A (non-supported/undocumented) workaround using LocalGPO.wsf can be cobbled together, but we definitely look forward to a GPOPack fix for Windows Server 2003. We have a lot of Windows Server 2003 computers, and they aren't going anywhere for a long, long time. Thanks again for your outstanding support.
     
  • Friday, May 18, 2012 4:30 PM
    Owner
     
     Answered
    Sign In to Vote
    0

    We appreciate your kind words:) Jose confirmed that he knows how to fix this and that it should be in the next release. No date set for that release.

    Kurt Dillard http://www.kurtdillard.com