event ID: 1202 RRS feed

  • 問題


    Hi MVP Sir,

    I got the event id 1202 in my event viewer in Windows 2000 AD Server. then I followed the 1202 event code instruction to solve the problem. the step:

    1. open %windir%\Security\Logs\Winlogon.log, then show this follow error message.

    Error 0 to send control flag 1 over to server.
    GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

    [Mapping] gpt00000.dom = Default Domain Policy
    ----Un-initialize configuration engine...

    [Mapping] gpt00001.inf = Default Domain Controllers Policy
    09/14/2007 06:04:21

    ----Un-initialize configuration engine...
    09/14/2007 06:04:21
    ----Configuration engine is initialized successfully.----

    ----Reading Configuration template info...

    ----Configure User Rights...
     Configure S-1-5-32-544.
     Configure S-1-5-32-551.
     Configure S-1-5-21-531969533-277817386-569397357-500.
     Configure S-1-5-21-531969533-277817386-569397357-6435.
     Configure S-1-5-21-531969533-277817386-569397357-3205.
     Configure S-1-5-21-531969533-277817386-569397357-6434.
     Configure S-1-5-21-531969533-277817386-569397357-3206.
     Configure Power Users.
    Error 1332: No mapping between account names and security IDs was done.
      Cannot find Power Users.
     Configure S-1-5-32-545.
     Configure S-1-1-0.
     Configure S-1-5-6.
     Configure S-1-5-21-531969533-277817386-569397357-3204.
     Configure S-1-5-11.

     User Rights configuration completed with error.


    2. I go to group policy>computer configuation>security settings>Local Polices>User Rights Assignment, then deleted these unmatch account.

    3. But the Event ID also shows in the event viewer.

    4. Then I check the gpt00001.inf file. I found out some unmatch SID in the file.

    SeBackupPrivilege = Backup Operators,Administrators
    SeBatchLogonRight = *S-1-5-21-531969533-277817386-569397357-500,*S-1-5-21-531969533-277817386-569397357-6435,*S-1-5-21-531969533-277817386-569397357-3205,*S-1-5-21-531969533-277817386-569397357-6434,*S-1-5-21-531969533-277817386-569397357-3206,Backup Operators
    SeCreatePagefilePrivilege = Administrators
    SeIncreaseBasePriorityPrivilege = Administrators
    SeIncreaseQuotaPrivilege = Administrators
    SeInteractiveLogonRight = Backup Operators,*S-1-5-21-531969533-277817386-569397357-3204,*S-1-5-21-531969533-277817386-569397357-3205,*S-1-5-21-531969533-277817386-569397357-6435,Administrators
    SeLoadDriverPrivilege = Administrators
    SeNetworkLogonRight = Administrators,*S-1-5-21-531969533-277817386-569397357-6435,*S-1-5-21-531969533-277817386-569397357-3205,*S-1-5-21-531969533-277817386-569397357-6434,*S-1-5-21-531969533-277817386-569397357-3206,*S-1-5-11,Backup Operators
    SeProfileSingleProcessPrivilege = Administrators
    SeRemoteShutdownPrivilege = Administrators
    SeRestorePrivilege = Backup Operators,Administrators
    SeSecurityPrivilege = Administrators
    SeServiceLogonRight = Backup Operators
    SeShutdownPrivilege = Backup Operators,Administrators
    SeSystemEnvironmentPrivilege = Administrators
    SeSystemProfilePrivilege = Administrators
    SeSystemTimePrivilege = Administrators
    SeTakeOwnershipPrivilege = Administrators
    SeTcbPrivilege = Backup Operators
    SeEnableDelegationPrivilege = Administrators
    SeMachineAccountPrivilege = *S-1-5-21-531969533-277817386-569397357-500,*S-1-5-11
    SeUndockPrivilege = Administrators

    I want to try to delete these unmatch SID. But I worried affect the AD performance or can not run AD in my office. That I do not delete these. 


    How can I solve this problem.

    Why the winlogon file will show the "Cannot find Power Users"? . Because I never config security permission to Power Users.

    I had two DC in my office. If I delete unmatch SID, Does two DC Server need to be deleted simultaneity?


    Thank for your help appreciatively.
    2007年9月14日 上午 03:12