Group Policy - Red X: Error 50: The request is not supported RRS feed

  • Question

  • Team,

    I have a Windows 2008 member server that I attempt to apply Group Policies to that were generated from the M/S Security Compliance Manager to a Windows 2003 domain controller.  The policies are applied using the cscript localgpo.wsf method.  When I review the settings from the local Security Policy tool not all settings are applied. I've also blocked inheritance to isolate cascading policies.  The failed settings are the same settings that were previously defined using the Windows 2003 settings for Group Policy that were successful with a Windows 2003 server.  Also, when I review the settings in RSOP those settings that did not get correctly applied have a red "X" next to them.  I've reviewed the Group Policy Log and it indicates that there are a number of "Error 50: The request is not supported" throughout the log and "No mapping between account names and security IDs was done."  So, the question is how to generate a Windows 2008 GPO using the SCM and correctly apply it to a Windows 2003 domain controller?  BTW, we are running native 2003 functional level for the domain mode .

    Thank you for your assistance.


    Thursday, May 5, 2011 4:22 PM

All replies

  • Your message describes several conflicting\unrelated issues... I will try to sort them out.

    RSoP will not show settings applied using LocalGPO... it only displays settings applied via AD-Group Policy. So if you are using LocalGPO, you must use GPEdit.msc to see if the settings applied.

    Also, RSoP will not display *all* settings that can be applied using GPO to newer server versions (e.g. Firewall & Audit settings are not displayed... message that appears when lauching RSoP mentions this limitation). If you apply a GPO designed for WS03 to a WS08 computer, you might see some settings with the red x. This just indicates the OS receiving that policy is not able to resolved the setting that has been applied.

    If you export a GPO backup for WS08 from SCM, and import it into a WS03 domain controller, some of the settings will not be visible in GPMC running in GPMC on WS03. You need to view the GPO using the correct version of GPMC (i.e. run GPMC from a WS08 server, or install it on Win7)

    It also sounds like you might be "restoring" a GPO backup created from SCM... you need to export a GPO backup from SCM, and use GPMC to create a GPO in AD, and "import settings" into the newly created GPO.

    If you are using LocalGPO instead of AD-GPOs, then the version of domain controllers or the domain functional level of your domain has no effect on applying SCM generated GPO Backups using LocalGPO... you just need to make sure you apply a GPO Backup that is designed for the operating system you are working with. (i.e. LocalGPO will apply any GPO backup to any OS).

    hope this helps! 


    Wednesday, September 21, 2011 7:58 PM