Group Policy Software Uninstalls on XP PCs

Guest · Jul 10, 2006

We are experiencing a problem where all the group policy software uninstalls
and then reinstalls on reboot. So far, this problem is limited to XP -- Pro
and Tablet. It seems to occur most often when changing between network cards
or when installing software.

For example, we have a tablet PC that typically uses a Cisco wireless card
to access the network. I plugged in to the onboard card and rebooted. The
group policy software uninstalled. I rebooted again and the group policy
software installed. I removed the cable from the onboard card and rebooted
.... software uninstalled and reinstalled on reboot.

As for software installs causing the reboot, this typically occurs for
software requiring a reboot, for example, WonderWare, Visual Studio, and
PCAnywhere, to name a few. Again, a second reboot will cause the software to
reinstall.

Any ideas?

Thanks in advance.

Kim

Harj · Jul 11, 2006

Hi,

Could you please enable userenv debugging and post the results here.

How to enable user environment debug logging
http://support.microsoft.com/kb/221833/

You can also look at the following article

Group Policy application fails on a computer that is running Windows
2000, Windows XP Service Pack 1, or Windows XP Service Pack 2
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669#XSLTH3163121123120121120120

What I think is happening here is that the group policy processing
options are passing GPO_INFO_FLAG_LINKTRANSITION which means,
A change in the link speed was detected between policy applications.
This seems to look like what is happening here.

Harj Singh
Power Your Active Directory Investment
www.specopssoft.com

Guest · Jul 21, 2006

Thank you for your help. I've posted the userenv log below. I also took a
look at the KB article, but didn't find the same errors in the event log or
userenv log.

Userenv Part 1 (see additional posts for rest of log):
(ac0.ac4) 08:42:50:792 LibMain: Process Name: C:\WINDOWS\system32\wuauclt.exe
(3c0.7fc) 08:43:05:553 GetUserDNSDomainName: Local user account. No DNS
domain name available.
(f60.f64) 08:43:05:633 LibMain: Process Name: C:\WINDOWS\system32\wuauclt.exe
(b00.b04) 08:43:17:841 LibMain: Process Name:
C:\WINDOWS\system32\userinit.exe
(844.890) 08:43:18:922 EnumerateUserNameSpace: AllocateAndInitSidFromString
- ms-409 is not a valid Sid
(844.884) 08:43:23:489 EnterCriticalPolicySectionEx: Entering with timeout
40000 and flags 0x1
(844.884) 08:43:23:489 EnterCriticalPolicySectionEx: Machine critical
section has been claimed. Handle = 0x300
(844.884) 08:43:23:489 EnterCriticalPolicySectionEx: Leaving successfully.
(844.884) 08:43:23:489 EnterCriticalPolicySectionEx: Entering with timeout
40000 and flags 0x1
(844.884) 08:43:23:489 EnterCriticalPolicySectionEx: User critical section
has been claimed. Handle = 0x340
(844.884) 08:43:23:489 EnterCriticalPolicySectionEx: Leaving successfully.
(844.884) 08:43:24:390 UpdateGPCoreStatus: updating status from <Computer>
registry for gp core
(844.884) 08:43:24:410 LeaveCriticalPolicySection: Critical section 0x340
has been released.
(844.884) 08:43:24:410 LeaveCriticalPolicySection: Critical section 0x300
has been released.
(5f0.734) 08:43:35:436 LibMain: Process Name: C:\Program Files\Common
Files\Microsoft Shared\Ink\TCServer.exe
(b14.b18) 08:43:42:186 LibMain: Process Name:
C:\WINDOWS\system32\gpupdate.exe
(b14.b20) 08:43:42:226 RefreshPolicyEx: Entering with force refresh 1
(b14.b20) 08:43:42:226 RefreshPolicyEx: Leaving.
(b14.b24) 08:43:42:226 RefreshPolicyEx: Entering with force refresh 0
(b14.b24) 08:43:42:226 RefreshPolicyEx: Leaving.
(28c.6e0) 08:43:42:226 ProcessGPOs:
(28c.6e0) 08:43:42:226 ProcessGPOs:
(28c.6e0) 08:43:42:226 ProcessGPOs: Starting computer Group Policy
(Background) processing...
(28c.6e0) 08:43:42:226 ProcessGPOs:
(28c.6e0) 08:43:42:226 ProcessGPOs:
(28c.6e0) 08:43:42:226 EnterCriticalPolicySectionEx: Entering with timeout
600000 and flags 0x0
(28c.6e0) 08:43:42:226 EnterCriticalPolicySectionEx: Machine critical
section has been claimed. Handle = 0x1d4
(28c.6e0) 08:43:42:226 EnterCriticalPolicySectionEx: Leaving successfully.
(28c.6e0) 08:43:42:226 ProcessGPOs: Machine role is 2.
(28c.6f0) 08:43:42:226 ProcessGPOs:
(28c.6f0) 08:43:42:236 ProcessGPOs:
(28c.6f0) 08:43:42:236 ProcessGPOs: Starting user Group Policy (Background)
processing...
(28c.6f0) 08:43:42:236 ProcessGPOs:
(28c.6f0) 08:43:42:236 ProcessGPOs:
(28c.6f0) 08:43:42:236 EnterCriticalPolicySectionEx: Entering with timeout
600000 and flags 0x0
(28c.6f0) 08:43:42:236 EnterCriticalPolicySectionEx: User critical section
has been claimed. Handle = 0x8bc
(28c.6f0) 08:43:42:236 EnterCriticalPolicySectionEx: Leaving successfully.
(28c.6f0) 08:43:42:236 ProcessGPOs: Machine role is 2.
(28c.6f0) 08:43:42:236 ReadGPExtensions: Rsop entry point not found for
gptext.dll.
(28c.6f0) 08:43:42:236 ReadGPExtensions: Rsop entry point not found for
dskquota.dll.
(28c.6f0) 08:43:42:236 ReadGPExtensions: Rsop entry point not found for
gptext.dll.
(28c.6f0) 08:43:42:236 ReadGPExtensions: Rsop entry point not found for
iedkcs32.dll.
(28c.6f0) 08:43:42:236 ReadGPExtensions: Rsop entry point not found for
scecli.dll.
(28c.6f0) 08:43:42:236 ReadGPExtensions: Rsop entry point not found for
gptext.dll.
(28c.6f0) 08:43:42:236 ReadExtStatus: Reading Previous Status for extension
{35378EAC-683F-11D2-A89A-00C04FBBCFA2}
(28c.6f0) 08:43:42:236 ReadExtStatus: Reading Previous Status for extension
{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}
(28c.6f0) 08:43:42:236 ReadExtStatus: Reading Previous Status for extension
{25537BA6-77A8-11D2-9B6C-0000F8080861}
(28c.6f0) 08:43:42:236 ReadExtStatus: Reading Previous Status for extension
{3610eda5-77ef-11d2-8dc5-00c04fa31a66}
(28c.6f0) 08:43:42:236 ReadExtStatus: Reading Previous Status for extension
{426031c0-0b47-4852-b0ca-ac3d37bfcb39}
(28c.6f0) 08:43:42:236 ReadExtStatus: Reading Previous Status for extension
{42B5FAAE-6536-11d2-AE5A-0000F87571E3}
(28c.6f0) 08:43:42:236 ReadExtStatus: Reading Previous Status for extension
{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
(28c.6f0) 08:43:42:236 ReadExtStatus: Reading Previous Status for extension
{827D319E-6EAC-11D2-A4EA-00C04F79F83A}
(28c.6f0) 08:43:42:236 ReadExtStatus: Reading Previous Status for extension
{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
(28c.6f0) 08:43:42:236 ReadExtStatus: Reading Previous Status for extension
{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
(28c.6f0) 08:43:42:236 ReadExtStatus: Reading Previous Status for extension
{c6dc5466-785a-11d2-84d0-00c04fb169f7}
(28c.6f0) 08:43:42:236 ReadExtStatus: Reading Previous Status for extension
{e437bc1c-aa7d-11d2-a382-00c04f991e27}
(28c.6f0) 08:43:42:236 ProcessGPOs: Calling GetGPOInfo for normal policy mode
(28c.6f0) 08:43:42:236 GetGPOInfo: ********************************
(28c.6f0) 08:43:42:236 GetGPOInfo: Entering...
(28c.6f0) 08:43:42:236 GetGPOInfo: lpHostName or lpDNName is NULL.
Skipping DS stuff.
(28c.6f0) 08:43:42:236 GetGPOInfo: Local GPO's gpt.ini is not accessible,
assuming default state.
(28c.6f0) 08:43:42:236 GetGPOInfo: Leaving with 1
(28c.6f0) 08:43:42:236 GetGPOInfo: ********************************
(28c.6f0) 08:43:42:236 ProcessGPOs: Logging Data for Target <Administrator>.
(28c.6f0) 08:43:42:246 GetWbemServices: CoCreateInstance succeeded
(28c.6f0) 08:43:42:256 ConnectToNameSpace: ConnectServer returned 0x0
(28c.6e0) 08:43:42:256 PingComputer: Adapter speed 54000000 bps
(28c.6e0) 08:43:42:256 PingComputer: First time: 2
(28c.6e0) 08:43:42:266 PingComputer: Fast link. Exiting.
(28c.6f0) 08:43:45:741 ConnectToNameSpace: Minor schema upg happened.
copying classes.
(28c.6e0) 08:43:45:741 ProcessGPOs: network name is 162.141.84.0
(28c.6e0) 08:43:45:741 ProcessGPOs: User name is:
CN=COMPUTERNAME,OU=Computers,OU=SITENAME,OU=ConsumerProducts,DC=DOMAINNAME,DC=DOMAIN,DC=com, Domain name is: DOMAINNAME
(28c.6e0) 08:43:45:741 ProcessGPOs: Domain controller is:
\\CPSITEDC.DOMAINNAME.DOMAIN.com Domain DN is DOMAINNAME.DOMAIN.com
(28c.6e0) 08:43:45:741 ReadGPExtensions: Rsop entry point not found for
gptext.dll.
(28c.6e0) 08:43:45:741 ReadGPExtensions: Rsop entry point not found for
dskquota.dll.
(28c.6e0) 08:43:45:741 ReadGPExtensions: Rsop entry point not found for
gptext.dll.
(28c.6e0) 08:43:45:741 ReadGPExtensions: Rsop entry point not found for
iedkcs32.dll.
(28c.6e0) 08:43:45:741 ReadGPExtensions: Rsop entry point not found for
scecli.dll.
(28c.6e0) 08:43:45:741 ReadGPExtensions: Rsop entry point not found for
gptext.dll.
(28c.6e0) 08:43:45:741 ReadExtStatus: Reading Previous Status for extension
{35378EAC-683F-11D2-A89A-00C04FBBCFA2}
(28c.6e0) 08:43:45:741 ReadStatus: Read Extension's Previous status
successfully.
(28c.6e0) 08:43:45:741 ReadExtStatus: Reading Previous Status for extension
{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}
(28c.6e0) 08:43:45:741 ReadExtStatus: Reading Previous Status for extension
{25537BA6-77A8-11D2-9B6C-0000F8080861}
(28c.6e0) 08:43:45:741 ReadExtStatus: Reading Previous Status for extension
{3610eda5-77ef-11d2-8dc5-00c04fa31a66}
(28c.6e0) 08:43:45:741 ReadExtStatus: Reading Previous Status for extension
{426031c0-0b47-4852-b0ca-ac3d37bfcb39}
(28c.6e0) 08:43:45:741 ReadExtStatus: Reading Previous Status for extension
{42B5FAAE-6536-11d2-AE5A-0000F87571E3}
(28c.6e0) 08:43:45:741 ReadStatus: Read Extension's Previous status
successfully.
(28c.6e0) 08:43:45:741 ReadExtStatus: Reading Previous Status for extension
{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
(28c.6e0) 08:43:45:741 ReadExtStatus: Reading Previous Status for extension
{827D319E-6EAC-11D2-A4EA-00C04F79F83A}
(28c.6e0) 08:43:45:741 ReadStatus: Read Extension's Previous status
successfully.
(28c.6e0) 08:43:45:741 ReadExtStatus: Reading Previous Status for extension
{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
(28c.6e0) 08:43:45:741 ReadExtStatus: Reading Previous Status for extension
{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
(28c.6e0) 08:43:45:741 ReadStatus: Read Extension's Previous status
successfully.
(28c.6e0) 08:43:45:741 ReadExtStatus: Reading Previous Status for extension
{c6dc5466-785a-11d2-84d0-00c04fb169f7}
(28c.6e0) 08:43:45:741 ReadStatus: Read Extension's Previous status
successfully.
(28c.6e0) 08:43:45:741 ReadExtStatus: Reading Previous Status for extension
{e437bc1c-aa7d-11d2-a382-00c04f991e27}
(28c.6e0) 08:43:45:751 ProcessGPOs: Calling GetGPOInfo for normal policy mode
(28c.6e0) 08:43:45:751 GetGPOInfo: ********************************
(28c.6e0) 08:43:45:751 GetGPOInfo: Entering...
(28c.6e0) 08:43:45:791 GetGPOInfo: Server connection established.
(28c.6e0) 08:43:45:801 GetGPOInfo: Bound successfully.
(28c.6e0) 08:43:45:811 SearchDSObject: Searching
<OU=Computers,OU=SITENAME,OU=ConsumerProducts,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:811 SearchDSObject: Found GPO(s):
<[LDAP://CN={4B357FA2-FFFF-4CC4-AA72-46CE8934E04C},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com;0][LDAP://CN={BC96B96F-086B-413F-865D-949D9D9A8F07},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com;0][LDAP://cn={E3386C85-9DA9-4D18-A07F-B8E697A62070},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com;0][LDAP://cn={F5E519ED-4FA4-4D10-9069-F09BF68FF110},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com;0][LDAP://cn={4AF05E73-E1B4-44C3-B4BA-D62E62C0F161},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com;0]>
(28c.6e0) 08:43:45:811 ProcessGPO: ==============================
(28c.6e0) 08:43:45:811 ProcessGPO: Deferring search for
<LDAP://CN={4B357FA2-FFFF-4CC4-AA72-46CE8934E04C},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:811 ProcessGPO: ==============================
(28c.6e0) 08:43:45:811 ProcessGPO: Deferring search for
<LDAP://CN={BC96B96F-086B-413F-865D-949D9D9A8F07},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:811 ProcessGPO: ==============================
(28c.6e0) 08:43:45:811 ProcessGPO: Deferring search for
<LDAP://cn={E3386C85-9DA9-4D18-A07F-B8E697A62070},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:811 ProcessGPO: ==============================
(28c.6e0) 08:43:45:811 ProcessGPO: Deferring search for
<LDAP://cn={F5E519ED-4FA4-4D10-9069-F09BF68FF110},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:811 ProcessGPO: ==============================
(28c.6e0) 08:43:45:811 ProcessGPO: Deferring search for
<LDAP://cn={4AF05E73-E1B4-44C3-B4BA-D62E62C0F161},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:811 SearchDSObject:
<OU=Computers,OU=SITENAME,OU=ConsumerProducts,DC=DOMAINNAME,DC=DOMAIN,DC=com>
has the Block From Above attribute set
(28c.6e0) 08:43:45:811 SearchDSObject: Searching
<OU=SITENAME,OU=ConsumerProducts,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:811 SearchDSObject: Found GPO(s): < >
(28c.6e0) 08:43:45:811 SearchDSObject: Searching
<OU=ConsumerProducts,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:811 SearchDSObject: Found GPO(s):
<[LDAP://CN={A932C3BE-CBC4-4DF1-A797-F996EA858252},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com;0][LDAP://CN={D979A465-11EB-4110-940B-C32C64D76B24},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com;2][LDAP://CN={81EA0E27-207E-4DA5-98E8-AA74D0331C68},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com;0]>
(28c.6e0) 08:43:45:811 ProcessGPO: ==============================
(28c.6e0) 08:43:45:811 AddGPO: GPO will not be added to the list since the
Block flag is set and this GPO is not in enforce mode.
(28c.6e0) 08:43:45:811 ProcessGPO: Deferring search for
<LDAP://CN={A932C3BE-CBC4-4DF1-A797-F996EA858252},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:811 ProcessGPO: ==============================
(28c.6e0) 08:43:45:811 ProcessGPO: Deferring search for
<LDAP://CN={D979A465-11EB-4110-940B-C32C64D76B24},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:811 ProcessGPO: ==============================
(28c.6e0) 08:43:45:811 AddGPO: GPO will not be added to the list since the
Block flag is set and this GPO is not in enforce mode.
(28c.6e0) 08:43:45:821 ProcessGPO: Deferring search for
<LDAP://CN={81EA0E27-207E-4DA5-98E8-AA74D0331C68},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:821 SearchDSObject: Searching
<DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:821 SearchDSObject: Found GPO(s):
<[LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com;2][LDAP://CN={BB78A1C1-0594-4759-A961-592C04DA7B57},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com;2]>
(28c.6e0) 08:43:45:821 ProcessGPO: ==============================
(28c.6e0) 08:43:45:821 ProcessGPO: Deferring search for
<LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:821 ProcessGPO: ==============================
(28c.6e0) 08:43:45:821 ProcessGPO: Deferring search for
<LDAP://CN={BB78A1C1-0594-4759-A961-592C04DA7B57},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:831 SearchDSObject: Searching
<CN=SITENAME,CN=Sites,CN=Configuration,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:831 SearchDSObject: No GPO(s) for this object.
(28c.6e0) 08:43:45:831 EvaluateDeferredGPOs: Searching for GPOs in
cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com
(28c.6e0) 08:43:45:861 ProcessGPO: ==============================
(28c.6e0) 08:43:45:861 ProcessGPO: Searching
<CN={D979A465-11EB-4110-940B-C32C64D76B24},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:861 ProcessGPO: Machine has access to this GPO.
(28c.6e0) 08:43:45:861 ProcessGPO: GPO passes the filter check.
(28c.6e0) 08:43:45:861 ProcessGPO: Found functionality version of: 2
(28c.6e0) 08:43:45:861 ProcessGPO: Found file system path of:
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{D979A465-11EB-4110-940B-C32C64D76B24}>
(28c.6e0) 08:43:45:931 ProcessGPO: Found common name of:
<{D979A465-11EB-4110-940B-C32C64D76B24}>
(28c.6e0) 08:43:45:931 ProcessGPO: Found display name of: <CP-Default
Policy (Mandatory)>
(28c.6e0) 08:43:45:931 ProcessGPO: Found machine version of: GPC is 21,
GPT is 21
(28c.6e0) 08:43:45:931 ProcessGPO: Found flags of: 0
(28c.6e0) 08:43:45:931 ProcessGPO: Found extensions:
[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
(28c.6e0) 08:43:45:931 ProcessGPO: ==============================
(28c.6e0) 08:43:45:931 ProcessGPO: ==============================
(28c.6e0) 08:43:45:931 ProcessGPO: Searching
<CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:931 ProcessGPO: Machine has access to this GPO.
(28c.6e0) 08:43:45:931 ProcessGPO: GPO passes the filter check.
(28c.6e0) 08:43:45:931 ProcessGPO: Found functionality version of: 2
(28c.6e0) 08:43:45:931 ProcessGPO: Found file system path of:
<\\DOMAINNAME.DOMAIN.com\sysvol\DOMAINNAME.DOMAIN.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}>
(28c.6e0) 08:43:45:961 ProcessGPO: Found common name of:
<{31B2F340-016D-11D2-945F-00C04FB984F9}>
(28c.6e0) 08:43:45:961 ProcessGPO: Found display name of: <Default Domain
Policy>
(28c.6e0) 08:43:45:961 ProcessGPO: Found machine version of: GPC is 1703,
GPT is 1703
(28c.6e0) 08:43:45:961 ProcessGPO: Found flags of: 0
(28c.6e0) 08:43:45:961 ProcessGPO: Found extensions:
[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
(28c.6e0) 08:43:45:961 ProcessGPO: ==============================
(28c.6e0) 08:43:45:961 ProcessGPO: ==============================
(28c.6e0) 08:43:45:961 ProcessGPO: Searching
<CN={BB78A1C1-0594-4759-A961-592C04DA7B57},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:45:961 ProcessGPO: Machine has access to this GPO.
(28c.6e0) 08:43:45:961 ProcessGPO: GPO passes the filter check.
(28c.6e0) 08:43:45:961 ProcessGPO: Found functionality version of: 2
(28c.6e0) 08:43:45:961 ProcessGPO: Found file system path of:
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{BB78A1C1-0594-4759-A961-592C04DA7B57}>
(28c.6f0) 08:43:45:961 LogExtSessionStatus: Successfully logged Extension
Session data
(28c.6f0) 08:43:45:961 CSessionLogger::Log: restoring old security grps
(28c.6f0) 08:43:45:991 LogRsopData: Successfully logged Rsop data
(28c.6f0) 08:43:45:991 ProcessGPOs: Logged Rsop Data successfully.
(28c.6f0) 08:43:46:001 ProcessGPOs: OpenThreadToken failed with error 1008,
assuming thread is not impersonating
(28c.6f0) 08:43:46:001 ProcessGPOs: -----------------------
(28c.6f0) 08:43:46:001 ProcessGPOs: Processing extension Registry
(28c.6f0) 08:43:46:001 CompareGPOLists: The lists are the same.
(28c.6f0) 08:43:46:001 CheckGPOs: No GPO changes but couldn't read extension
Registry's status or policy time.
(28c.6f0) 08:43:46:001 ProcessGPOs: Extension Registry skipped because both
deleted and changed GPO lists are empty.
(28c.6f0) 08:43:46:001 ProcessGPOs: -----------------------
(28c.6f0) 08:43:46:001 ProcessGPOs: Processing extension Wireless
(28c.6f0) 08:43:46:001 CompareGPOLists: The lists are the same.
(28c.6f0) 08:43:46:001 CheckGPOs: No GPO changes but couldn't read extension
Wireless's status or policy time.
(28c.6f0) 08:43:46:001 ProcessGPOs: Extension Wireless skipped with flags
0x110002.
(28c.6f0) 08:43:46:001 ProcessGPOs: -----------------------
(28c.6f0) 08:43:46:001 ProcessGPOs: Processing extension Folder Redirection
(28c.6f0) 08:43:46:001 CompareGPOLists: The lists are the same.
(28c.6f0) 08:43:46:001 CompareGPOLists: The lists are the same.
(28c.6f0) 08:43:46:001 CheckGPOs: No GPO changes but couldn't read extension
Folder Redirection's status or policy time.
(28c.6f0) 08:43:46:001 ProcessGPOs: Extension Folder Redirection skipped
because both deleted and changed GPO lists are empty.
(28c.6f0) 08:43:46:001 ProcessGPOs: -----------------------
(28c.6f0) 08:43:46:001 ProcessGPOs: Processing extension Microsoft Disk Quota
(28c.6f0) 08:43:46:001 CompareGPOLists: The lists are the same.
(28c.6f0) 08:43:46:001 CheckGPOs: No GPO changes but couldn't read extension
Microsoft Disk Quota's status or policy time.
(28c.6f0) 08:43:46:001 ProcessGPOs: Extension Microsoft Disk Quota skipped
with flags 0x110002.
(28c.6f0) 08:43:46:001 ProcessGPOs: -----------------------
(28c.6f0) 08:43:46:001 ProcessGPOs: Processing extension QoS Packet Scheduler
(28c.6f0) 08:43:46:001 CompareGPOLists: The lists are the same.
(28c.6f0) 08:43:46:001 CheckGPOs: No GPO changes but couldn't read extension
QoS Packet Scheduler's status or policy time.
(28c.6f0) 08:43:46:001 ProcessGPOs: Extension QoS Packet Scheduler skipped
with flags 0x110002.
(28c.6f0) 08:43:46:001 ProcessGPOs: -----------------------
(28c.6f0) 08:43:46:001 ProcessGPOs: Processing extension Scripts
(28c.6f0) 08:43:46:001 CompareGPOLists: The lists are the same.
(28c.6f0) 08:43:46:001 CheckGPOs: No GPO changes but couldn't read extension
Scripts's status or policy time.
(28c.6f0) 08:43:46:001 ProcessGPOs: Extension Scripts skipped because both
deleted and changed GPO lists are empty.
(28c.6f0) 08:43:46:001 ProcessGPOs: -----------------------
(28c.6f0) 08:43:46:001 ProcessGPOs: Processing extension Internet Explorer
Zonemapping
(28c.6f0) 08:43:46:001 CompareGPOLists: The lists are the same.
(28c.6f0) 08:43:46:001 CheckGPOs: No GPO changes but couldn't read extension
Internet Explorer Zonemapping's status or policy time.
(28c.6f0) 08:43:46:001 ProcessGPOs: Extension Internet Explorer Zonemapping
skipped because both deleted and changed GPO lists are empty.
(28c.6f0) 08:43:46:001 ProcessGPOs: -----------------------
(28c.6f0) 08:43:46:001 ProcessGPOs: Processing extension Security
(28c.6f0) 08:43:46:001 CompareGPOLists: The lists are the same.
(28c.6f0) 08:43:46:001 CheckGPOs: No GPO changes but couldn't read extension
Security's status or policy time.
(28c.6f0) 08:43:46:001 ProcessGPOs: Extension Security skipped with flags
0x110002.
(28c.6f0) 08:43:46:001 ProcessGPOs: -----------------------
(28c.6f0) 08:43:46:001 ProcessGPOs: Processing extension Internet Explorer
Branding
(28c.6f0) 08:43:46:001 CompareGPOLists: The lists are the same.
(28c.6f0) 08:43:46:001 CheckGPOs: No GPO changes but couldn't read extension
Internet Explorer Branding's status or policy time.
(28c.6f0) 08:43:46:001 ProcessGPOs: Extension Internet Explorer Branding
skipped because both deleted and changed GPO lists are empty.
(28c.6f0) 08:43:46:001 ProcessGPOs: -----------------------
(28c.6f0) 08:43:46:001 ProcessGPOs: Processing extension EFS recovery
(28c.6f0) 08:43:46:001 CompareGPOLists: The lists are the same.
(28c.6f0) 08:43:46:011 CheckGPOs: No GPO changes but couldn't read extension
EFS recovery's status or policy time.
(28c.6f0) 08:43:46:011 ProcessGPOs: Extension EFS recovery skipped with
flags 0x110002.
(28c.6f0) 08:43:46:011 ProcessGPOs: -----------------------
(28c.6f0) 08:43:46:011 ProcessGPOs: Processing extension Software Installation
(28c.6f0) 08:43:46:011 CompareGPOLists: The lists are the same.
(28c.6f0) 08:43:46:011 CompareGPOLists: The lists are the same.
(28c.6f0) 08:43:46:011 CheckGPOs: No GPO changes but couldn't read extension
Software Installation's status or policy time.
(28c.6f0) 08:43:46:011 ProcessGPOs: Extension Software Installation skipped
because both deleted and changed GPO lists are empty.
(28c.6f0) 08:43:46:011 ProcessGPOs: -----------------------
(28c.6f0) 08:43:46:011 ProcessGPOs: Processing extension IP Security
(28c.6f0) 08:43:46:011 CompareGPOLists: The lists are the same.
(28c.6f0) 08:43:46:011 CheckGPOs: No GPO changes but couldn't read extension
IP Security's status or policy time.
(28c.6f0) 08:43:46:011 ProcessGPOs: Extension IP Security skipped with flags
0x110002.
(28c.6f0) 08:43:46:011 LeaveCriticalPolicySection: Critical section 0x8bc
has been released.
(28c.6f0) 08:43:46:011 ProcessGPOs: User Group Policy has been applied.
(28c.6f0) 08:43:46:011 ProcessGPOs: Leaving with 1.
(28c.6f0) 08:43:46:011 GPOThread: Next refresh will happen in 102 minutes
(28c.6e0) 08:43:46:011 ProcessGPO: Found common name of:
<{BB78A1C1-0594-4759-A961-592C04DA7B57}>
(28c.6e0) 08:43:46:011 ProcessGPO: Found display name of: <PasswordPolicy>
(28c.6e0) 08:43:46:011 ProcessGPO: Found machine version of: GPC is 30,
GPT is 30
(28c.6e0) 08:43:46:011 ProcessGPO: Found flags of: 0
(28c.6e0) 08:43:46:011 ProcessGPO: Found extensions:
[{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
(28c.6e0) 08:43:46:011 ProcessGPO: ==============================
(28c.6e0) 08:43:46:011 ProcessGPO: ==============================
(28c.6e0) 08:43:46:011 ProcessGPO: Searching
<CN={4B357FA2-FFFF-4CC4-AA72-46CE8934E04C},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:46:011 ProcessGPO: Machine has access to this GPO.
(28c.6e0) 08:43:46:011 ProcessGPO: GPO passes the filter check.
(28c.6e0) 08:43:46:021 ProcessGPO: Found functionality version of: 2
(28c.6e0) 08:43:46:021 ProcessGPO: Found file system path of:
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}>
(28c.6e0) 08:43:46:031 ProcessGPO: Found common name of:
<{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}>
(28c.6e0) 08:43:46:031 ProcessGPO: Found display name of: <CP-SITE-PI
Installation>
(28c.6e0) 08:43:46:031 ProcessGPO: Found machine version of: GPC is 23,
GPT is 23
(28c.6e0) 08:43:46:031 ProcessGPO: Found flags of: 0
(28c.6e0) 08:43:46:031 ProcessGPO: Found extensions:
[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B6664F-4972-11D1-A7CA-0000F87571E3}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{C6DC5466-785A-11D2-84D0-00C04FB169F7}{942A8E4F-A261-11D1-A760-00C04FB9603F}]
(28c.6e0) 08:43:46:031 ProcessGPO: ==============================
(28c.6e0) 08:43:46:031 ProcessGPO: ==============================
(28c.6e0) 08:43:46:031 ProcessGPO: Searching
<CN={BC96B96F-086B-413F-865D-949D9D9A8F07},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:46:031 ProcessGPO: Machine has access to this GPO.
(28c.6e0) 08:43:46:031 ProcessGPO: GPO passes the filter check.
(28c.6e0) 08:43:46:031 ProcessGPO: Found functionality version of: 2
(28c.6e0) 08:43:46:031 ProcessGPO: Found file system path of:
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{BC96B96F-086B-413F-865D-949D9D9A8F07}>
(28c.6e0) 08:43:46:051 ProcessGPO: Found common name of:
<{BC96B96F-086B-413F-865D-949D9D9A8F07}>
(28c.6e0) 08:43:46:051 ProcessGPO: Found display name of: <CP-SITE-Software>
(28c.6e0) 08:43:46:051 ProcessGPO: Found machine version of: GPC is 1022,
GPT is 1022
(28c.6e0) 08:43:46:051 ProcessGPO: Found flags of: 1
(28c.6e0) 08:43:46:051 ProcessGPO: Found extensions:
[{C6DC5466-785A-11D2-84D0-00C04FB169F7}{942A8E4F-A261-11D1-A760-00C04FB9603F}]
(28c.6e0) 08:43:46:051 ProcessGPO: ==============================
(28c.6e0) 08:43:46:051 ProcessGPO: ==============================
(28c.6e0) 08:43:46:051 ProcessGPO: Searching
<cn={E3386C85-9DA9-4D18-A07F-B8E697A62070},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.6e0) 08:43:46:051 ProcessGPO: Machine has access to this GPO.
(28c.6e0) 08:43:46:051 ProcessGPO: GPO passes the filter check.
(28c.6e0) 08:43:46:051 ProcessGPO: Found functionality version of: 2
(28c.6e0) 08:43:46:051 ProcessGPO: Found file system path of:
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}>
(28c.6e0) 08:43:46:061 ProcessGPO: Found common name of:
<{E3386C85-9DA9-4D18-A07F-B8E697A62070}>
(28c.6e0) 08:43:46:061 ProcessGPO: Found display name of:
<CP-SITE-Computers>
(28c.6e0) 08:43:46:061 ProcessGPO: Found machine version of: GPC is 70,
GPT is 70
(28c.6e0) 08:43:46:061 ProcessGPO: Found flags of: 0
(28c.6e0) 08:43:46:061 ProcessGPO: Found extensions:
[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}][{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B6664F-4972-11D1-A7CA-0000F87571E3}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}]
(28c.6e0) 08:43:46:061 ProcessGPO: ==============================
(28c.6e0) 08:43:46:061 EvalList: Object
<cn={F5E519ED-4FA4-4D10-9069-F09BF68FF110},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com> cannot be accessed
(28c.6e0) 08:43:46:061 EvalList: Object
<cn={4AF05E73-E1B4-44C3-B4BA-D62E62C0F161},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com> cannot be accessed
(28c.6e0) 08:43:46:061 GetGPOInfo: Local GPO's gpt.ini is not accessible,
assuming default state.
(28c.6e0) 08:43:46:061 GetGPOInfo: Leaving with 1
(28c.6e0) 08:43:46:061 GetGPOInfo: ********************************

Guest · Jul 21, 2006

Userenv Part 2 (see additonal posts for rest of log):
(28c.6e0) 08:43:46:883 ProcessGPOs: -----------------------
(28c.6e0) 08:43:46:883 ProcessGPOs: Processing extension Wireless
(28c.6e0) 08:43:46:883 CompareGPOLists: The lists are the same.
(28c.6e0) 08:43:46:883 CheckGPOs: No GPO changes but couldn't read extension
Wireless's status or policy time.
(28c.6e0) 08:43:46:883 ProcessGPOs: Extension Wireless skipped because both
deleted and changed GPO lists are empty.
(28c.6e0) 08:43:46:883 ProcessGPOs: -----------------------
(28c.6e0) 08:43:46:883 ProcessGPOs: Processing extension Folder Redirection
(28c.6e0) 08:43:46:883 CompareGPOLists: The lists are the same.
(28c.6e0) 08:43:46:883 CheckGPOs: No GPO changes but couldn't read extension
Folder Redirection's status or policy time.
(28c.6e0) 08:43:46:883 ProcessGPOs: Extension Folder Redirection skipped
with flags 0x110007.
(28c.6e0) 08:43:46:883 ProcessGPOs: -----------------------
(28c.6e0) 08:43:46:883 ProcessGPOs: Processing extension Microsoft Disk Quota
(28c.6e0) 08:43:46:883 CompareGPOLists: The lists are the same.
(28c.6e0) 08:43:46:883 CheckGPOs: No GPO changes but couldn't read extension
Microsoft Disk Quota's status or policy time.
(28c.6e0) 08:43:46:883 ProcessGPOs: Extension Microsoft Disk Quota skipped
because both deleted and changed GPO lists are empty.
(28c.6e0) 08:43:46:883 ProcessGPOs: -----------------------
(28c.6e0) 08:43:46:883 ProcessGPOs: Processing extension QoS Packet Scheduler
(28c.6e0) 08:43:46:883 CompareGPOLists: The lists are the same.
(28c.6e0) 08:43:46:883 CheckGPOs: No GPO changes but couldn't read extension
QoS Packet Scheduler's status or policy time.
(28c.6e0) 08:43:46:061 ProcessGPOs: Logging Data for Target <COMPUTERNAME>.
(28c.6e0) 08:43:46:061 GetWbemServices: CoCreateInstance succeeded
(28c.6e0) 08:43:46:072 ConnectToNameSpace: ConnectServer returned 0x0
(28c.6e0) 08:43:46:082 LogExtSessionStatus: Successfully logged Extension
Session data
(28c.6e0) 08:43:46:082 CSessionLogger::Log: restoring old security grps
(28c.6e0) 08:43:46:152 LogRsopData: Successfully logged Rsop data
(28c.6e0) 08:43:46:152 ProcessGPOs: Logged Rsop Data successfully.
(28c.6e0) 08:43:46:242 ProcessGPOs: OpenThreadToken failed with error 1008,
assuming thread is not impersonating
(28c.6e0) 08:43:46:242 ProcessGPOs: -----------------------
(28c.6e0) 08:43:46:242 ProcessGPOs: Processing extension Registry
(28c.6e0) 08:43:46:242 ReadStatus: Read Extension's Previous status
successfully.
(28c.6e0) 08:43:46:242 CompareGPOLists: One list is empty
(28c.6e0) 08:43:46:242 ProcessGPOList: Entering for extension Registry
(28c.6e0) 08:43:46:242 ProcessGPOList: Passing in the force refresh flag to
Extension Registry
(28c.6e0) 08:43:46:252 LogExtSessionStatus: Successfully logged Extension
Session data
(28c.6e0) 08:43:46:252 EnterCriticalPolicySectionEx: Entering with timeout
60000 and flags 0x2
(28c.6e0) 08:43:46:252 EnterCriticalPolicySectionEx: Machine critical
section has been claimed. Handle = 0xb24
(28c.6e0) 08:43:46:252 EnterCriticalPolicySectionEx: Leaving successfully.
(28c.6e0) 08:43:46:252 ResetPolicies: Entering.
(28c.6e0) 08:43:46:252 ParseRegistryFile: Entering with <C:\Documents and
Settings\All Users\ntuser.pol>.
(28c.6e0) 08:43:46:252 ParseRegistryFile: Leaving.
(28c.6e0) 08:43:46:252 ResetPolicies: Leaving.
(28c.6e0) 08:43:46:252 ParseRegistryFile: Entering with
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Machine\registry.pol>.
(28c.6e0) 08:43:46:272 SetRegistryValue: AlwaysInstallElevated => 1 [OK]
(28c.6e0) 08:43:46:272 ParseRegistryFile: Leaving.
(28c.6e0) 08:43:46:302 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\conf.adm> to the Adm list.
(28c.6e0) 08:43:46:302 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\inetres.adm> to the Adm list.
(28c.6e0) 08:43:46:322 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\system.adm> to the Adm list.
(28c.6e0) 08:43:46:332 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\wmplayer.adm> to the Adm list.
(28c.6e0) 08:43:46:342 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\wuau.adm> to the Adm list.
(28c.6e0) 08:43:46:342 ParseRegistryFile: Entering with
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Machine\registry.pol>.
(28c.6e0) 08:43:46:392 SetRegistryValue: NoUpdateCheck => 1 [OK]
(28c.6e0) 08:43:46:402 SetRegistryValue: PreventAutoRun => 1 [OK]
(28c.6e0) 08:43:46:412 SetRegistryValue: NoConfigCache => 1 [OK]
(28c.6e0) 08:43:46:412 SetRegistryValue: Enabled => 0 [OK]
(28c.6e0) 08:43:46:412 SetRegistryValue: DefaultLevel => 262144 [OK]
(28c.6e0) 08:43:46:412 SetRegistryValue: TransparentEnabled => 1 [OK]
(28c.6e0) 08:43:46:412 SetRegistryValue: PolicyScope => 1 [OK]
(28c.6e0) 08:43:46:412 SetRegistryValue: ExecutableTypes was set successfully
(28c.6e0) 08:43:46:432 SetRegistryValue: LastModified was set successfully
(28c.6e0) 08:43:46:432 SetRegistryValue: Description => [OK]
(28c.6e0) 08:43:46:432 SetRegistryValue: SaferFlags => 0 [OK]
(28c.6e0) 08:43:46:442 SetRegistryValue: ItemData =>
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
[OK]
(28c.6e0) 08:43:46:442 SetRegistryValue: LastModified was set successfully
(28c.6e0) 08:43:46:442 SetRegistryValue: Description => [OK]
(28c.6e0) 08:43:46:442 SetRegistryValue: SaferFlags => 0 [OK]
(28c.6e0) 08:43:46:442 SetRegistryValue: ItemData =>
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SystemRoot%*.exe [OK]
(28c.6e0) 08:43:46:452 SetRegistryValue: LastModified was set successfully
(28c.6e0) 08:43:46:452 SetRegistryValue: Description => [OK]
(28c.6e0) 08:43:46:452 SetRegistryValue: SaferFlags => 0 [OK]
(28c.6e0) 08:43:46:452 SetRegistryValue: ItemData =>
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SystemRoot%System32\*.exe [OK]
(28c.6e0) 08:43:46:452 SetRegistryValue: LastModified was set successfully
(28c.6e0) 08:43:46:462 SetRegistryValue: Description => [OK]
(28c.6e0) 08:43:46:472 SetRegistryValue: SaferFlags => 0 [OK]
(28c.6e0) 08:43:46:472 SetRegistryValue: ItemData =>
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% [OK]
(28c.6e0) 08:43:46:472 SetRegistryValue: DeleteRoamingCache => 1 [OK]
(28c.6e0) 08:43:46:472 SetRegistryValue: NoAUShutdownOption => 1 [OK]
(28c.6e0) 08:43:46:472 SetRegistryValue: NoAutoUpdate => 1 [OK]
(28c.6e0) 08:43:46:472 SetRegistryValue: Deleted value <AUOptions>.
(28c.6e0) 08:43:46:472 SetRegistryValue: Deleted value <ScheduledInstallDay>.
(28c.6e0) 08:43:46:472 SetRegistryValue: Deleted value <ScheduledInstallTime>.
(28c.6e0) 08:43:46:482 SetRegistryValue: SyncForegroundPolicy => 1 [OK]
(28c.6e0) 08:43:46:482 SetRegistryValue: SearchList =>
DOMAINNAME.DOMAIN.com,DOMAIN.com,intranet.DOMAIN.com,srv.DOMAIN.com,pp.DOMAIN.com [OK]
(28c.6e0) 08:43:46:482 SetRegistryValue: SupportLink =>
\\DOMAINNAME\SITENAME\Printer [OK]
(28c.6e0) 08:43:46:482 SetRegistryValue: fAllowToGetHelp => 1 [OK]
(28c.6e0) 08:43:46:482 SetRegistryValue: fAllowFullControl => 1 [OK]
(28c.6e0) 08:43:46:492 SetRegistryValue: MaxTicketExpiry => 1 [OK]
(28c.6e0) 08:43:46:492 SetRegistryValue: MaxTicketExpiryUnits => 1 [OK]
(28c.6e0) 08:43:46:492 SetRegistryValue: fUseMailto => 1 [OK]
(28c.6e0) 08:43:46:492 SetRegistryValue: fAllowUnsolicited => 1 [OK]
(28c.6e0) 08:43:46:492 SetRegistryValue: fAllowUnsolicitedFullControl => 1
[OK]
(28c.6e0) 08:43:46:492 SetRegistryValue: DOMAINNAME\cp-SITE-ouadmins =>
DOMAINNAME\cp-SITE-ouadmins [OK]
(28c.6e0) 08:43:46:502 SetRegistryValue: EnableFirewall => 0 [OK]
(28c.6e0) 08:43:46:502 SetRegistryValue: EnableFirewall => 0 [OK]
(28c.6e0) 08:43:46:502 ParseRegistryFile: Leaving.
(28c.6e0) 08:43:46:532 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\conf.adm> to the Adm list.
(28c.6e0) 08:43:46:542 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\inetres.adm> to the Adm list.
(28c.6e0) 08:43:46:552 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\system.adm> to the Adm list.
(28c.6e0) 08:43:46:572 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\wmplayer.adm> to the Adm list.
(28c.6e0) 08:43:46:572 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\wuau.adm> to the Adm list.
(28c.6e0) 08:43:46:572 ParseRegistryFile: Entering with
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{D979A465-11EB-4110-940B-C32C64D76B24}\Machine\registry.pol>.
(28c.6e0) 08:43:46:592 SetRegistryValue: NV PrimaryDnsSuffix =>
DOMAINNAME.DOMAIN.com [OK]
(28c.6e0) 08:43:46:602 SetRegistryValue: AlwaysInstallElevated => 1 [OK]
(28c.6e0) 08:43:46:602 ParseRegistryFile: Leaving.
(28c.6e0) 08:43:46:612 ParseRegistryFile: Entering with
<\\DOMAINNAME.DOMAIN.com\sysvol\DOMAINNAME.DOMAIN.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol>.
(28c.6e0) 08:43:46:642 SetRegistryValue: EFSBlob was set successfully
(28c.6e0) 08:43:46:642 SetRegistryValue: Blob was set successfully
(28c.6e0) 08:43:46:652 SetRegistryValue: PhysicalLocationSupport => 1 [OK]
(28c.6e0) 08:43:46:652 ParseRegistryFile: Leaving.
(28c.6e0) 08:43:46:823 LogRegistry RsopData: Successfully logged registry
Rsop data
(28c.6e0) 08:43:46:823 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\wuau.adm
(28c.6e0) 08:43:46:823 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\wmplayer.adm
(28c.6e0) 08:43:46:823 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\system.adm
(28c.6e0) 08:43:46:823 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\inetres.adm
(28c.6e0) 08:43:46:823 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\conf.adm
(28c.6e0) 08:43:46:833 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\wuau.adm
(28c.6e0) 08:43:46:833 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\wmplayer.adm
(28c.6e0) 08:43:46:833 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\system.adm
(28c.6e0) 08:43:46:833 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\inetres.adm
(28c.6e0) 08:43:46:833 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\conf.adm
(28c.6e0) 08:43:46:833 LogAdmRsopData: Successfully logged Adm data
(28c.6e0) 08:43:46:833 LeaveCriticalPolicySection: Critical section 0xb24
has been released.
(28c.6e0) 08:43:46:833 ProcessGPOList: Extension Registry was able to log
data. RsopStatus = 0x0, dwRet = 0, Clearing the dirty bit
(28c.6e0) 08:43:46:883 ProcessGPOs: -----------------------(28c.6e0)
08:43:46:883 ProcessGPOs: Extension QoS Packet Scheduler skipped because both
deleted and changed GPO lists are empty.
(28c.6e0) 08:43:46:883 ProcessGPOs: -----------------------
(28c.6e0) 08:43:46:883 ProcessGPOs: Processing extension Scripts
(28c.6e0) 08:43:46:883 ReadStatus: Read Extension's Previous status
successfully.
(28c.6e0) 08:43:46:883 CompareGPOLists: One list is empty
(28c.6e0) 08:43:46:883 ProcessGPOList: Entering for extension Scripts
(28c.6e0) 08:43:46:883 ProcessGPOList: Passing in the force refresh flag to
Extension Scripts
(28c.6e0) 08:43:46:893 LogExtSessionStatus: Successfully logged Extension
Session data
(28c.6e0) 08:43:47:043 ProcessGPOList: Extension Scripts returned 0x0.
(28c.6e0) 08:43:47:043 ProcessGPOList: Extension Scripts was able to log
data. RsopStatus = 0x0, dwRet = 0, Clearing the dirty bit
(28c.6e0) 08:43:47:073 ProcessGPOs: -----------------------
(28c.6e0) 08:43:47:073 ProcessGPOs: -----------------------
(28c.6e0) 08:43:47:073 ProcessGPOs: Processing extension Internet Explorer
Zonemapping
(28c.6e0) 08:43:47:073 CompareGPOLists: The lists are the same.
(28c.6e0) 08:43:47:073 CheckGPOs: No GPO changes but couldn't read extension
Internet Explorer Zonemapping's status or policy time.
(28c.6e0) 08:43:47:073 ProcessGPOs: Extension Internet Explorer Zonemapping
skipped because both deleted and changed GPO lists are empty.
(28c.6e0) 08:43:47:073 ProcessGPOs: -----------------------
(28c.6e0) 08:43:47:073 ProcessGPOs: Processing extension Security
(28c.6e0) 08:43:47:073 ReadStatus: Read Extension's Previous status
successfully.
(28c.6e0) 08:43:47:073 CompareGPOLists: One list is empty
(28c.6e0) 08:43:47:123 ProcessGPOList: Entering for extension Security
(28c.6e0) 08:43:47:123 ProcessGPOList: Passing in the force refresh flag to
Extension Security
(28c.6e0) 08:43:47:143 LogExtSessionStatus: Successfully logged Extension
Session data
(28c.6e0) 08:43:51:640 ProcessGPOList: Extension Security returned 0x0.
(28c.6e0) 08:43:51:640 ProcessGPOList: Extension Security was able to log
data. RsopStatus = 0x0, dwRet = 0, Clearing the dirty bit
(28c.6e0) 08:43:51:740 ProcessGPOs: -----------------------(28c.6e0)
08:43:51:740 ProcessGPOs: -----------------------
(28c.6e0) 08:43:51:740 ProcessGPOs: Processing extension Internet Explorer
Branding
(28c.6e0) 08:43:51:740 CompareGPOLists: The lists are the same.
(28c.6e0) 08:43:51:740 CheckGPOs: No GPO changes but couldn't read extension
Internet Explorer Branding's status or policy time.
(28c.6e0) 08:43:51:740 ProcessGPOs: Extension Internet Explorer Branding
skipped with flags 0x110007.
(28c.6e0) 08:43:51:740 ProcessGPOs: -----------------------
(28c.6e0) 08:43:51:740 ProcessGPOs: Processing extension EFS recovery
(28c.6e0) 08:43:51:740 ReadStatus: Read Extension's Previous status
successfully.
(28c.6e0) 08:43:51:740 CompareGPOLists: One list is empty
(28c.6e0) 08:43:51:740 ProcessGPOList: Entering for extension EFS recovery
(28c.6e0) 08:43:51:740 ProcessGPOList: Passing in the force refresh flag to
Extension EFS recovery
(28c.6e0) 08:43:51:740 ReadStatus: Read Extension's Previous status
successfully.
(28c.6e0) 08:43:51:760 LogExtSessionStatus: Successfully logged Extension
Session data
(28c.6e0) 08:43:51:980 ProcessGPOList: Extension EFS recovery returned 0x0.
(28c.6e0) 08:43:51:990 ProcessGPOList: Extension EFS recovery doesn't
support rsop logging
(28c.6e0) 08:43:52:010 ProcessGPOs: -----------------------
(28c.6e0) 08:43:52:010 ProcessGPOs: -----------------------
(28c.6e0) 08:43:52:010 ProcessGPOs: Processing extension Software Installation
(28c.6e0) 08:43:52:010 ReadStatus: Read Extension's Previous status
successfully.
(28c.6e0) 08:43:52:010 CompareGPOLists: One list is empty
(28c.6e0) 08:43:52:010 ProcessGPOList: Entering for extension Software
Installation
(28c.6e0) 08:43:52:010 ProcessGPOList: Passing in the force refresh flag to
Extension Software Installation
(28c.6e0) 08:43:52:030 LogExtSessionStatus: Successfully logged Extension
Session data
(28c.6e0) 08:43:52:030 ProcessGPOList: Extension Software Installation
returned 0x4fa.
(28c.6e0) 08:43:52:030 ProcessGPOList: Extension Software Installation was
able to log data. RsopStatus = 0x0, dwRet = 1274, Clearing the dirty bit
(28c.6e0) 08:43:52:030 ProcessGPOs: Extension Software Installation
ProcessGroupPolicy returned sync_foreground.
(28c.6e0) 08:43:52:030 ProcessGPOs: -----------------------
(28c.6e0) 08:43:52:030 ProcessGPOs: -----------------------
(28c.6e0) 08:43:52:030 ProcessGPOs: Processing extension IP Security
(28c.6e0) 08:43:52:030 CompareGPOLists: The lists are the same.
(28c.6e0) 08:43:52:030 CheckGPOs: No GPO changes but couldn't read extension
IP Security's status or policy time.
(28c.6e0) 08:43:52:030 ProcessGPOs: Extension IP Security skipped because
both deleted and changed GPO lists are empty.
(28c.6e0) 08:43:52:030 SetFgRefreshInfo: Next Machine Fg policy Synchronous,
Reason: SyncPolicy.
(28c.6e0) 08:43:52:030 LeaveCriticalPolicySection: Critical section 0x1d4
has been released.
(28c.6e0) 08:43:52:030 SetFgRefreshInfo: Next Machine Fg policy Synchronous,
Reason: ForcedSyncRefresh.
(28c.6e0) 08:43:52:030 ProcessGPOs: Forced option changed policy mode.
(28c.6e0) 08:43:52:060 ProcessGPOs: Computer Group Policy has been applied.
(28c.6e0) 08:43:52:060 ProcessGPOs: Leaving with 1.
(28c.960) 08:43:52:060 PolicyChangedThread: Calling UpdateUser with 1.
(28c.960) 08:43:52:060 PolicyChangedThread: Broadcast message for 1.
(e84.95c) 08:43:52:160 LibMain: Process Name:
C:\WINDOWS\system32\userinit.exe
(28c.6e0) 08:43:52:280 EnterCriticalPolicySectionEx: Entering with timeout
600000 and flags 0x0
(28c.6e0) 08:43:52:280 EnterCriticalPolicySectionEx: Machine critical
section has been claimed. Handle = 0xb3c
(28c.6e0) 08:43:52:280 EnterCriticalPolicySectionEx: Leaving successfully.
(3c0.988) 08:43:52:371 GetUserDNSDomainName: Local user account. No DNS
domain name available.
(28c.6e0) 08:43:52:431 LeaveCriticalPolicySection: Critical section 0xb3c
has been released.
(28c.6e0) 08:43:52:431 GPOThread: Next refresh will happen in 101 minutes
(28c.960) 08:44:02:755 PolicyChangedThread: Leaving
(28c.290) 08:44:02:766 UnloadUserProfile: Entering, hProfile = <0x8d0>
(28c.290) 08:44:02:766 UnloadUserProfile: In console winlogon process
(28c.290) 08:44:02:766 UnloadUserProfileP: Entering, hProfile = <0x8d0>
(28c.290) 08:44:02:766 GetExclusionListFromRegistry: Policy list is empty,
returning user list = <Local Settings;Temporary Internet Files;History;Temp>
(28c.290) 08:44:02:776 CSyncManager::EnterLock
<S-1-5-21-1808403146-1582306782-918159001-500>
(28c.290) 08:44:02:776 CSyncManager::EnterLock: No existing entry found
(28c.290) 08:44:02:776 CSyncManager::EnterLock: New entry created
(28c.290) 08:44:02:776 CHashTable::HashAdd:
S-1-5-21-1808403146-1582306782-918159001-500 added in bucket 20
(28c.290) 08:44:02:776 UnloadUserProfileP: Wait succeeded. In critical
section.
(28c.290) 08:44:03:196 MyRegUnLoadKey: Returning 1.
(28c.290) 08:44:03:196 UnloadUserProfileP: Succesfully unloaded profile
(28c.290) 08:44:03:196 MyRegUnLoadKey: Returning 1.
(28c.290) 08:44:03:196 UnLoadClassHive: Successfully unmounted
S-1-5-21-1808403146-1582306782-918159001-500_Classes
(28c.290) 08:44:03:196 UnloadUserProfileP: Successfully unloaded user classes
(28c.290) 08:44:03:196 UnloadUserProfileP: Impersonated user
(28c.290) 08:44:03:196 UnloadUserProfileP: Writing local ini file
(28c.290) 08:44:03:226 UnloadUserProfileP: Reverting to Self
(28c.290) 08:44:03:226 UnloadUserProfileP: exitting and cleaning up
(28c.290) 08:44:03:226 CSyncManager::LeaveLock
<S-1-5-21-1808403146-1582306782-918159001-500>
(28c.290) 08:44:03:226 CSyncManager::LeaveLock: Lock released
(28c.290) 08:44:03:226 CHashTable::HashDelete:
S-1-5-21-1808403146-1582306782-918159001-500 deleted
(28c.290) 08:44:03:226 CSyncManager::LeaveLock: Lock deleted
(28c.290) 08:44:03:226 UnloadUserProfileP: Leave critical section.
(28c.290) 08:44:03:226 UnloadUserProfileP: Leaving with a return value of 1
(28c.290) 08:44:03:226 UnloadUserProfile: UnloadUserProfileP succeeded
(28c.290) 08:44:03:226 UnloadUserProfile: returning 1
(28c.290) 08:44:56:475 InitializePolicyProcessing: Initialised Machine
Mutex/Events
(28c.290) 08:44:56:485 InitializePolicyProcessing: Initialised User
Mutex/Events
(28c.290) 08:44:56:485 LibMain: Process Name:
\??\C:\WINDOWS\system32\winlogon.exe
(28c.290) 08:44:57:637 Entering CUserProfile::Initialize ...
(28c.290) 08:44:57:637 CUserProfile::Initialize called by winlogon
(28c.290) 08:44:57:637 CUserProfile::Initialize: critical section initialized
(28c.290) 08:44:57:637 CSyncManager::Initialize: critical section initialized
(28c.290) 08:44:57:637 CUserProfile::Initialize: registry key
Software\Microsoft\Windows NT\CurrentVersion\ProfileList opened
(28c.290) 08:44:57:637 CUserProfile::Initialize: Proccessing
S-1-5-21-1808403146-1582306782-918159001-500
(28c.290) 08:44:57:637 CSyncManager::EnterLock
<S-1-5-21-1808403146-1582306782-918159001-500>
(28c.290) 08:44:57:637 CSyncManager::EnterLock: No existing entry found
(28c.290) 08:44:57:637 CSyncManager::EnterLock: New entry created
(28c.290) 08:44:57:637 CHashTable::HashAdd:
S-1-5-21-1808403146-1582306782-918159001-500 added in bucket 20
(28c.290) 08:44:57:637 CUserProfile::CleanupUserProfile: Enter critical
section.
(28c.290) 08:44:57:637 CUserProfile::GetRefCountAndFlags: Ref count is 0,
state is 00000100
(28c.290) 08:44:57:637 CSyncManager::LeaveLock
<S-1-5-21-1808403146-1582306782-918159001-500>
(28c.290) 08:44:57:637 CSyncManager::LeaveLock: Lock released
(28c.290) 08:44:57:637 CHashTable::HashDelete:
S-1-5-21-1808403146-1582306782-918159001-500 deleted
(28c.290) 08:44:57:637 CSyncManager::LeaveLock: Lock deleted
(28c.290) 08:44:57:637 CUserProfile::CleanupUserProfile: Leave critical
section
(28c.290) 08:44:57:637 CUserProfile::Initialize: Proccessing
S-1-5-21-1808403146-1582306782-918159001-1003
(28c.290) 08:44:57:637 CSyncManager::EnterLock
<S-1-5-21-1808403146-1582306782-918159001-1003>
(28c.290) 08:44:57:637 CSyncManager::EnterLock: No existing entry found
(28c.290) 08:44:57:637 CSyncManager::EnterLock: New entry created
(28c.290) 08:44:57:637 CHashTable::HashAdd:
S-1-5-21-1808403146-1582306782-918159001-1003 added in bucket 21
(28c.290) 08:44:57:637 CUserProfile::CleanupUserProfile: Enter critical
section.
(28c.290) 08:44:57:637 CUserProfile::GetRefCountAndFlags: Ref count is 0,
state is 00000100
(28c.290) 08:44:57:637 CSyncManager::LeaveLock
<S-1-5-21-1808403146-1582306782-918159001-1003>
(28c.290) 08:44:57:637 CSyncManager::LeaveLock: Lock released
(28c.290) 08:44:57:637 CHashTable::HashDelete:
S-1-5-21-1808403146-1582306782-918159001-1003 deleted
(28c.290) 08:44:57:637 CSyncManager::LeaveLock: Lock deleted
(28c.290) 08:44:57:637 CUserProfile::CleanupUserProfile: Leave critical
section
(28c.290) 08:44:57:637 CUserProfile::Initialize: Proccessing
S-1-5-21-1547161642-606747145-725345543-73957
(28c.290) 08:44:57:637 CSyncManager::EnterLock
<S-1-5-21-1547161642-606747145-725345543-73957>
(28c.290) 08:44:57:637 CSyncManager::EnterLock: No existing entry found
(28c.290) 08:44:57:637 CSyncManager::EnterLock: New entry created
(28c.290) 08:44:57:637 CHashTable::HashAdd:
S-1-5-21-1547161642-606747145-725345543-73957 added in bucket 6
(28c.290) 08:44:57:637 CUserProfile::CleanupUserProfile: Enter critical
section.
(28c.290) 08:44:57:637 CUserProfile::GetRefCountAndFlags: Ref count is 0,
state is 00000010
(28c.290) 08:44:57:637 CSyncManager::LeaveLock
<S-1-5-21-1547161642-606747145-725345543-73957>
(28c.290) 08:44:57:637 CSyncManager::LeaveLock: Lock released
(28c.290) 08:44:57:637 CHashTable::HashDelete:
S-1-5-21-1547161642-606747145-725345543-73957 deleted
(28c.290) 08:44:57:637 CSyncManager::LeaveLock: Lock deleted
(28c.290) 08:44:57:637 CUserProfile::CleanupUserProfile: Leave critical
section
(28c.290) 08:44:57:637 CUserProfile::Initialize: Proccessing
S-1-5-21-1547161642-606747145-725345543-73956
(28c.290) 08:44:57:637 CSyncManager::EnterLock
<S-1-5-21-1547161642-606747145-725345543-73956>
(28c.290) 08:44:57:637 CSyncManager::EnterLock: No existing entry found
(28c.290) 08:44:57:637 CSyncManager::EnterLock: New entry created
(28c.290) 08:44:57:637 CHashTable::HashAdd:
S-1-5-21-1547161642-606747145-725345543-73956 added in bucket 5
(28c.290) 08:44:57:637 CUserProfile::CleanupUserProfile: Enter critical
section.
(28c.290) 08:44:57:637 CUserProfile::GetRefCountAndFlags: Ref count is 0,
state is 00000100
(28c.290) 08:44:57:637 CSyncManager::LeaveLock
<S-1-5-21-1547161642-606747145-725345543-73956>
(28c.290) 08:44:57:637 CSyncManager::LeaveLock: Lock released
(28c.290) 08:44:57:637 CHashTable::HashDelete:
S-1-5-21-1547161642-606747145-725345543-73956 deleted
(28c.290) 08:44:57:637 CSyncManager::LeaveLock: Lock deleted
(28c.290) 08:44:57:637 CUserProfile::CleanupUserProfile: Leave critical
section
(28c.290) 08:44:57:637 CUserProfile::Initialize: Proccessing
S-1-5-21-1547161642-606747145-725345543-73907
(28c.290) 08:44:57:637 CSyncManager::EnterLock
<S-1-5-21-1547161642-606747145-725345543-73907>
(28c.290) 08:44:57:637 CSyncManager::EnterLock: No existing entry found
(28c.290) 08:44:57:637 CSyncManager::EnterLock: New entry created
(28c.290) 08:44:57:637 CHashTable::HashAdd:
S-1-5-21-1547161642-606747145-725345543-73907 added in bucket 1
(28c.290) 08:44:57:637 CUserProfile::CleanupUserProfile: Enter critical
section.
(28c.290) 08:44:57:637 CUserProfile::GetRefCountAndFlags: Ref count is 1,
state is 00000110
(28c.290) 08:44:57:637 CUserProfile::CleanupUserProfile: Ref Count is not 0
(28c.290) 08:44:57:637 CSyncManager::LeaveLock
<S-1-5-21-1547161642-606747145-725345543-73907>
(28c.290) 08:44:57:637 CSyncManager::LeaveLock: Lock released
(28c.290) 08:44:57:637 CHashTable::HashDelete:
S-1-5-21-1547161642-606747145-725345543-73907 deleted
(28c.290) 08:44:57:637 CSyncManager::LeaveLock: Lock deleted
(28c.290) 08:44:57:637 CUserProfile::CleanupUserProfile: Leave critical
section
(28c.290) 08:44:57:637 CUserProfile::Initialize: Proccessing
S-1-5-21-1547161642-606747145-725345543-370199
(28c.290) 08:44:57:637 CSyncManager::EnterLock
<S-1-5-21-1547161642-606747145-725345543-370199>
(28c.290) 08:44:57:637 CSyncManager::EnterLock: No existing entry found
(28c.290) 08:44:57:637 CSyncManager::EnterLock: New entry created
(28c.290) 08:44:57:637 CHashTable::HashAdd:
S-1-5-21-1547161642-606747145-725345543-370199 added in bucket 6
(28c.290) 08:44:57:637 CUserProfile::CleanupUserProfile: Enter critical
section.
(28c.290) 08:44:57:637 CUserProfile::GetRefCountAndFlags: Ref count is 0,
state is 00000204
(28c.290) 08:44:57:637 CSyncManager::LeaveLock
<S-1-5-21-1547161642-606747145-725345543-370199>
(28c.290) 08:44:57:637 CSyncManager::LeaveLock: Lock released
(28c.290) 08:44:57:637 CHashTable::HashDelete:
S-1-5-21-1547161642-606747145-725345543-370199 deleted
(28c.290) 08:44:57:637 CSyncManager::LeaveLock: Lock deleted
(28c.290) 08:44:57:637 CUserProfile::CleanupUserProfile: Leave critical
section
(28c.290) 08:44:57:637 CUserProfile::Initialize: Proccessing
S-1-5-21-1547161642-606747145-725345543-224159
(28c.290) 08:44:57:637 CSyncManager::EnterLock
<S-1-5-21-1547161642-606747145-725345543-224159>
(28c.290) 08:44:57:637 CSyncManager::EnterLock: No existing entry found
(28c.290) 08:44:57:637 CSyncManager::EnterLock: New entry created
(28c.290) 08:44:57:637 CHashTable::HashAdd:
S-1-5-21-1547161642-606747145-725345543-224159 added in bucket 0
(28c.290) 08:44:57:637 CUserProfile::CleanupUserProfile: Enter critical
section.
(28c.290) 08:44:57:637 CUserProfile::GetRefCountAndFlags: Ref count is 0,
state is 00000000
(28c.290) 08:44:57:637 CSyncManager::LeaveLock
<S-1-5-21-1547161642-606747145-725345543-224159>
(28c.290) 08:44:57:637 CSyncManager::LeaveLock: Lock released
(28c.290) 08:44:57:637 CHashTable::HashDelete:
S-1-5-21-1547161642-606747145-725345543-224159 deleted
(28c.290) 08:44:57:637 CSyncManager::LeaveLock: Lock deleted
(28c.290) 08:44:57:637 CUserProfile::CleanupUserProfile: Leave critical
section
(28c.290) 08:44:57:637 CUserProfile::Initialize: Proccessing
S-1-5-21-1547161642-606747145-725345543-172277
(28c.290) 08:44:57:637 CSyncManager::EnterLock
<S-1-5-21-1547161642-606747145-725345543-172277>
(28c.290) 08:44:57:637 CSyncManager::EnterLock: No existing entry found
(28c.290) 08:44:57:637 CSyncManager::EnterLock: New entry created
(28c.290) 08:44:57:637 CHashTable::HashAdd:
S-1-5-21-1547161642-606747145-725345543-172277 added in bucket 3
(28c.290) 08:44:57:637 CUserProfile::CleanupUserProfile: Enter critical
section.
(28c.290) 08:44:57:637 CUserProfile::GetRefCountAndFlags: Ref count is 0,
state is 00000000
(28c.290) 08:44:57:637 CSyncManager::LeaveLock
<S-1-5-21-1547161642-606747145-725345543-172277>
(28c.290) 08:44:57:637 CSyncManager::LeaveLock: Lock released
(28c.290) 08:44:57:637 CHashTable::HashDelete:
S-1-5-21-1547161642-606747145-725345543-172277 deleted
(28c.290) 08:44:57:647 CSyncManager::LeaveLock: Lock deleted
(28c.290) 08:44:57:647 CUserProfile::CleanupUserProfile: Leave critical
section

Guest · Jul 21, 2006

Userenv Part 3 (see additonal posts for rest of log):
(28c.290) 08:44:57:647 CUserProfile::Initialize: Proccessing S-1-5-20
(28c.290) 08:44:57:647 CSyncManager::EnterLock <S-1-5-20>
(28c.290) 08:44:57:647 CSyncManager::EnterLock: No existing entry found
(28c.290) 08:44:57:647 CSyncManager::EnterLock: New entry created
(28c.290) 08:44:57:647 CHashTable::HashAdd: S-1-5-20 added in bucket 4
(28c.290) 08:44:57:647 CUserProfile::CleanupUserProfile: Enter critical
section.
(28c.290) 08:44:57:647 CUserProfile::GetRefCountAndFlags: Ref count is 2,
state is 00000000
(28c.290) 08:44:57:647 CUserProfile::CleanupUserProfile: Ref Count is not 0
(28c.290) 08:44:57:647 CSyncManager::LeaveLock <S-1-5-20>
(28c.290) 08:44:57:647 CSyncManager::LeaveLock: Lock released
(28c.290) 08:44:57:647 CHashTable::HashDelete: S-1-5-20 deleted
(28c.290) 08:44:57:647 CSyncManager::LeaveLock: Lock deleted
(28c.290) 08:44:57:647 CUserProfile::CleanupUserProfile: Leave critical
section
(28c.290) 08:44:57:647 CUserProfile::Initialize: Proccessing S-1-5-19
(28c.290) 08:44:57:647 CSyncManager::EnterLock <S-1-5-19>
(28c.290) 08:44:57:647 CSyncManager::EnterLock: No existing entry found
(28c.290) 08:44:57:647 CSyncManager::EnterLock: New entry created
(28c.290) 08:44:57:647 CHashTable::HashAdd: S-1-5-19 added in bucket 12
(28c.290) 08:44:57:647 CUserProfile::CleanupUserProfile: Enter critical
section.
(28c.290) 08:44:57:647 CUserProfile::GetRefCountAndFlags: Ref count is 2,
state is 00000000
(28c.290) 08:44:57:647 CUserProfile::CleanupUserProfile: Ref Count is not 0
(28c.290) 08:44:57:647 CSyncManager::LeaveLock <S-1-5-19>
(28c.290) 08:44:57:647 CSyncManager::LeaveLock: Lock released
(28c.290) 08:44:57:647 CHashTable::HashDelete: S-1-5-19 deleted
(28c.290) 08:44:57:647 CSyncManager::LeaveLock: Lock deleted
(28c.290) 08:44:57:647 CUserProfile::CleanupUserProfile: Leave critical
section
(28c.290) 08:44:57:647 CUserProfile::Initialize: Proccessing S-1-5-18
(28c.290) 08:44:57:647 CSyncManager::EnterLock <S-1-5-18>
(28c.290) 08:44:57:647 CSyncManager::EnterLock: No existing entry found
(28c.290) 08:44:57:647 CSyncManager::EnterLock: New entry created
(28c.290) 08:44:57:647 CHashTable::HashAdd: S-1-5-18 added in bucket 11
(28c.290) 08:44:57:647 CUserProfile::CleanupUserProfile: Enter critical
section.
(28c.290) 08:44:57:647 CUserProfile::GetRefCountAndFlags: Ref count is 1,
state is 00000000
(28c.290) 08:44:57:647 CUserProfile::CleanupUserProfile: Ref Count is not 0
(28c.290) 08:44:57:647 CSyncManager::LeaveLock <S-1-5-18>
(28c.290) 08:44:57:647 CSyncManager::LeaveLock: Lock released
(28c.290) 08:44:57:647 CHashTable::HashDelete: S-1-5-18 deleted
(28c.290) 08:44:57:647 CSyncManager::LeaveLock: Lock deleted
(28c.290) 08:44:57:647 CUserProfile::CleanupUserProfile: Leave critical
section
(28c.290) 08:44:57:647 CUserProfile::Initialize: RpcServerRegisterIfEx
successful
(28c.290) 08:44:57:647 Exiting CUserProfile::Initialize, successful
(2c4.2c8) 08:44:57:717 LibMain: Process Name: C:\WINDOWS\system32\lsass.exe
(28c.290) 08:44:57:757 IsSyncForegroundPolicyRefresh: Synchronous, Reason:
policy set to SYNC
(2b8.2bc) 08:44:57:797 LibMain: Process Name:
C:\WINDOWS\system32\services.exe
(358.35c) 08:44:58:238 LibMain: Process Name: C:\WINDOWS\system32\svchost.exe
(2b8.2bc) 08:44:58:358 LoadUserProfile: Yes, we can impersonate the user.
Running as self
(2b8.2bc) 08:44:58:358
=========================================================
(2b8.2bc) 08:44:58:358 LoadUserProfile: Entering, hToken = <0x2b8>,
lpProfileInfo = 0x7fcf8
(2b8.2bc) 08:44:58:358 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
(2b8.2bc) 08:44:58:358 LoadUserProfile: lpProfileInfo->lpUserName =
<NetworkService>
(2b8.2bc) 08:44:58:358 LoadUserProfile: NULL central profile path
(2b8.2bc) 08:44:58:358 LoadUserProfile: NULL default profile path
(2b8.2bc) 08:44:58:358 LoadUserProfile: NULL server name
(2b8.2bc) 08:44:58:358 GetInterface: Returning rpc binding handle
(28c.380) 08:44:58:358 IProfileSecurityCallBack: client authenticated.
(28c.380) 08:44:58:358 DropClientContext: Got client token 000003E4, sid =
S-1-5-18
(28c.380) 08:44:58:358 MIDL_user_allocate enter
(28c.380) 08:44:58:358 DropClientContext: load profile object successfully
made
(28c.380) 08:44:58:358 DropClientContext: Returning 0
(2b8.2bc) 08:44:58:358 LoadUserProfile: Calling DropClientToken (as self)
succeeded
(28c.2a4) 08:44:58:358 IProfileSecurityCallBack: client authenticated.
(28c.2a4) 08:44:58:358 In LoadUserProfileP
(28c.2a4) 08:44:58:358 LoadUserProfile: Running as client
(28c.2a4) 08:44:58:358
=========================================================
(28c.2a4) 08:44:58:358 LoadUserProfile: Entering, hToken = <0x3e8>,
lpProfileInfo = 0xe757c0
(28c.2a4) 08:44:58:358 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
(28c.2a4) 08:44:58:358 LoadUserProfile: lpProfileInfo->lpUserName =
<NetworkService>
(28c.2a4) 08:44:58:358 LoadUserProfile: NULL central profile path
(28c.2a4) 08:44:58:358 LoadUserProfile: NULL default profile path
(28c.2a4) 08:44:58:358 LoadUserProfile: NULL server name
(28c.2a4) 08:44:58:358 LoadUserProfile: User sid: S-1-5-20
(28c.2a4) 08:44:58:358 CSyncManager::EnterLock <S-1-5-20>
(28c.2a4) 08:44:58:358 CSyncManager::EnterLock: No existing entry found
(28c.2a4) 08:44:58:358 CSyncManager::EnterLock: New entry created
(28c.2a4) 08:44:58:358 CHashTable::HashAdd: S-1-5-20 added in bucket 4
(28c.2a4) 08:44:58:358 LoadUserProfile: Wait succeeded. In critical section.
(28c.2a4) 08:44:58:358 RestoreUserProfile: Entering
(28c.2a4) 08:44:58:358 IsCentralProfileReachable: Entering
(28c.2a4) 08:44:58:358 IsCentralProfileReachable: Null path. Leaving
(28c.2a4) 08:44:58:358 RestoreUserProfile: Profile path = <>
(28c.2a4) 08:44:58:358 ExtractProfileFromBackup: A profile already exists
(28c.2a4) 08:44:58:358 PatchNewProfileIfRequred: A profile already exists
with the current sid, exitting
(28c.2a4) 08:44:58:358 CreateLocalProfileKey: Not setting additional Security
(28c.2a4) 08:44:58:358 GetExistingLocalProfileImage: Found entry in profile
list for existing local profile
(28c.2a4) 08:44:58:358 GetExistingLocalProfileImage: Local profile image
filename = <%SystemDrive%\Documents and Settings\NetworkService>
(28c.2a4) 08:44:58:358 GetExistingLocalProfileImage: Expanded local profile
image filename = <C:\Documents and Settings\NetworkService>
(28c.2a4) 08:44:58:368 GetExistingLocalProfileImage: No local mandatory
profile. Error = 2
(28c.2a4) 08:44:58:368 GetExistingLocalProfileImage: Found local profile
image file ok <C:\Documents and Settings\NetworkService\ntuser.dat>
(28c.2a4) 08:44:58:368 GetExistingLocalProfileImage: Failed to query low
profile unload time with error 2
(28c.2a4) 08:44:58:368 Local Existing Profile Image is reachable
(28c.2a4) 08:44:58:368 Local profile name is <C:\Documents and
Settings\NetworkService>
(28c.2a4) 08:44:58:368 RestoreUserProfile: No central profile. Attempting
to load local profile.
(28c.2a4) 08:44:58:368 MyRegLoadKey: Returning 00000000
(28c.2a4) 08:44:58:368 GetUserDNSDomainName: Domain name is NT Authority.
No DNS domain name available.
(28c.2a4) 08:44:58:368 MyRegLoadKey: Returning 00000000
(28c.2a4) 08:44:58:368 CreateClassHive: existing user classes hive found
(28c.2a4) 08:44:58:368 RestoreUserProfile: About to Leave. Final
Information follows:
(28c.2a4) 08:44:58:368 Profile was successfully loaded.
(28c.2a4) 08:44:58:368 lpProfile->lpRoamingProfile = <>
(28c.2a4) 08:44:58:368 lpProfile->lpLocalProfile = <C:\Documents and
Settings\NetworkService>
(28c.2a4) 08:44:58:368 lpProfile->dwInternalFlags = 0x0
(28c.2a4) 08:44:58:368 RestoreUserProfile: Leaving.
(28c.2a4) 08:44:58:368 UpgradeProfile: Entering
(28c.2a4) 08:44:58:368 UpgradeProfile: Build numbers match
(28c.2a4) 08:44:58:368 UpgradeProfile: Leaving Successfully
(28c.2a4) 08:44:58:478 Profile Ref Count is 1
(28c.2a4) 08:44:58:478 LoadUserProfile: Leaving critical Section.
(28c.2a4) 08:44:58:478 CSyncManager::LeaveLock <S-1-5-20>
(28c.2a4) 08:44:58:478 CSyncManager::LeaveLock: Lock released
(28c.2a4) 08:44:58:478 CHashTable::HashDelete: S-1-5-20 deleted
(28c.2a4) 08:44:58:478 CSyncManager::LeaveLock: Lock deleted
(28c.2a4) 08:44:58:478 LoadUserProfile: Impersonated user: 000003e8, 000003f4
(2c4.2f8) 08:44:58:478 GetUserDNSDomainName: Domain name is NT Authority.
No DNS domain name available.
(2c4.2f8) 08:44:58:488 GetUserDNSDomainName: Domain name is NT Authority.
No DNS domain name available.
(28c.2a4) 08:44:58:498 LoadUserProfile: Reverted to user: 00000000
(28c.2a4) 08:44:58:498 LoadUserProfile: Reverted back to user <00000000>
(28c.2a4) 08:44:58:498 LoadUserProfile: Leaving with a value of 1.
(28c.2a4) 08:44:58:498
=========================================================
(28c.2a4) 08:44:58:498 LoadUserProfileI: returning 0
(2b8.2bc) 08:44:58:498 LoadUserProfile: Running as self
(2b8.2bc) 08:44:58:498 LoadUserProfile: Calling LoadUserProfileI (as user)
succeeded
(2b8.2bc) 08:44:58:498 LoadUserProfile: Returning success. Final
Information follows:
(2b8.2bc) 08:44:58:498 lpProfileInfo->UserName = <NetworkService>
(2b8.2bc) 08:44:58:498 lpProfileInfo->lpProfilePath = <>
(2b8.2bc) 08:44:58:498 lpProfileInfo->dwFlags = 0x9
(28c.380) 08:44:58:498 IProfileSecurityCallBack: client authenticated.
(28c.380) 08:44:58:498 ReleaseClientContext: Releasing context
(28c.380) 08:44:58:498 ReleaseClientContext_s: Releasing context
(28c.380) 08:44:58:498 MIDL_user_free enter
(2b8.2bc) 08:44:58:498 ReleaseInterface: Releasing rpc binding handle
(2b8.2bc) 08:44:58:498 LoadUserProfile: Returning TRUE. hProfile = <0x31c>
(2b8.2bc) 08:44:58:498 GetUserDNSDomainName: Domain name is NT Authority.
No DNS domain name available.
(398.39c) 08:44:58:528 LibMain: Process Name: C:\WINDOWS\system32\svchost.exe
(3c0.3c4) 08:44:58:588 LibMain: Process Name: C:\WINDOWS\System32\svchost.exe
(2b8.2bc) 08:44:58:598 LoadUserProfile: Yes, we can impersonate the user.
Running as self
(2b8.2bc) 08:44:58:598
=========================================================
(2b8.2bc) 08:44:58:598 LoadUserProfile: Entering, hToken = <0x35c>,
lpProfileInfo = 0x7fcf8
(2b8.2bc) 08:44:58:598 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
(2b8.2bc) 08:44:58:598 LoadUserProfile: lpProfileInfo->lpUserName =
<NetworkService>
(2b8.2bc) 08:44:58:598 LoadUserProfile: NULL central profile path
(2b8.2bc) 08:44:58:598 LoadUserProfile: NULL default profile path
(2b8.2bc) 08:44:58:598 LoadUserProfile: NULL server name
(2b8.2bc) 08:44:58:598 GetInterface: Returning rpc binding handle
(28c.2a4) 08:44:58:598 IProfileSecurityCallBack: client authenticated.
(28c.2a4) 08:44:58:598 DropClientContext: Got client token 000003E4, sid =
S-1-5-18
(28c.2a4) 08:44:58:598 MIDL_user_allocate enter
(28c.2a4) 08:44:58:598 DropClientContext: load profile object successfully
made
(28c.2a4) 08:44:58:598 DropClientContext: Returning 0
(2b8.2bc) 08:44:58:598 LoadUserProfile: Calling DropClientToken (as self)
succeeded
(28c.380) 08:44:58:598 IProfileSecurityCallBack: client authenticated.
(28c.380) 08:44:58:598 In LoadUserProfileP
(28c.380) 08:44:58:598 LoadUserProfile: Running as client
(28c.380) 08:44:58:598
=========================================================
(28c.380) 08:44:58:598 LoadUserProfile: Entering, hToken = <0x3e8>,
lpProfileInfo = 0xe757c0
(28c.380) 08:44:58:598 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
(28c.380) 08:44:58:598 LoadUserProfile: lpProfileInfo->lpUserName =
<NetworkService>
(28c.380) 08:44:58:598 LoadUserProfile: NULL central profile path
(28c.380) 08:44:58:598 LoadUserProfile: NULL default profile path
(28c.380) 08:44:58:598 LoadUserProfile: NULL server name
(28c.380) 08:44:58:598 LoadUserProfile: User sid: S-1-5-20
(28c.380) 08:44:58:598 CSyncManager::EnterLock <S-1-5-20>
(28c.380) 08:44:58:598 CSyncManager::EnterLock: No existing entry found
(28c.380) 08:44:58:598 CSyncManager::EnterLock: New entry created
(28c.380) 08:44:58:598 CHashTable::HashAdd: S-1-5-20 added in bucket 4
(28c.380) 08:44:58:598 LoadUserProfile: Wait succeeded. In critical section.
(28c.380) 08:44:58:598 TestIfUserProfileLoaded: Profile already loaded.
(28c.380) 08:44:58:598 Profile Ref Count is 2
(28c.380) 08:44:58:598 LoadUserProfile: Leaving critical Section.
(28c.380) 08:44:58:598 CSyncManager::LeaveLock <S-1-5-20>
(28c.380) 08:44:58:598 CSyncManager::LeaveLock: Lock released
(28c.380) 08:44:58:598 CHashTable::HashDelete: S-1-5-20 deleted
(28c.380) 08:44:58:598 CSyncManager::LeaveLock: Lock deleted
(28c.380) 08:44:58:598 LoadUserProfile: Impersonated user: 000003e8, 000003f4
(28c.380) 08:44:58:598 LoadUserProfile: Reverted to user: 00000000
(28c.380) 08:44:58:608 LoadUserProfile: Reverted back to user <00000000>
(28c.380) 08:44:58:608 LoadUserProfile: Leaving with a value of 1.
(28c.380) 08:44:58:608
=========================================================
(28c.380) 08:44:58:608 LoadUserProfileI: returning 0
(2b8.2bc) 08:44:58:608 LoadUserProfile: Running as self
(2b8.2bc) 08:44:58:608 LoadUserProfile: Calling LoadUserProfileI (as user)
succeeded
(2b8.2bc) 08:44:58:608 LoadUserProfile: Returning success. Final
Information follows:
(2b8.2bc) 08:44:58:608 lpProfileInfo->UserName = <NetworkService>
(2b8.2bc) 08:44:58:608 lpProfileInfo->lpProfilePath = <>
(2b8.2bc) 08:44:58:608 lpProfileInfo->dwFlags = 0x9
(28c.2a4) 08:44:58:608 IProfileSecurityCallBack: client authenticated.
(28c.2a4) 08:44:58:608 ReleaseClientContext: Releasing context
(28c.2a4) 08:44:58:608 ReleaseClientContext_s: Releasing context
(28c.2a4) 08:44:58:608 MIDL_user_free enter
(2b8.2bc) 08:44:58:608 ReleaseInterface: Releasing rpc binding handle
(2b8.2bc) 08:44:58:608 LoadUserProfile: Returning TRUE. hProfile = <0x358>
(2b8.2bc) 08:44:58:608 GetUserDNSDomainName: Domain name is NT Authority.
No DNS domain name available.
(3f4.3f8) 08:44:58:638 LibMain: Process Name: C:\WINDOWS\System32\svchost.exe
(2b8.2bc) 08:44:58:638 LoadUserProfile: Yes, we can impersonate the user.
Running as self
(2b8.2bc) 08:44:58:638
=========================================================
(2b8.2bc) 08:44:58:638 LoadUserProfile: Entering, hToken = <0x37c>,
lpProfileInfo = 0x7fcf8
(2b8.2bc) 08:44:58:638 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
(2b8.2bc) 08:44:58:638 LoadUserProfile: lpProfileInfo->lpUserName =
<LocalService>
(2b8.2bc) 08:44:58:638 LoadUserProfile: NULL central profile path
(2b8.2bc) 08:44:58:638 LoadUserProfile: NULL default profile path
(2b8.2bc) 08:44:58:638 LoadUserProfile: NULL server name
(2b8.2bc) 08:44:58:638 GetInterface: Returning rpc binding handle
(28c.380) 08:44:58:638 IProfileSecurityCallBack: client authenticated.
(28c.380) 08:44:58:638 DropClientContext: Got client token 000003F0, sid =
S-1-5-18
(28c.380) 08:44:58:638 MIDL_user_allocate enter
(28c.380) 08:44:58:638 DropClientContext: load profile object successfully
made
(28c.380) 08:44:58:638 DropClientContext: Returning 0
(2b8.2bc) 08:44:58:638 LoadUserProfile: Calling DropClientToken (as self)
succeeded
(28c.2a4) 08:44:58:638 IProfileSecurityCallBack: client authenticated.
(28c.2a4) 08:44:58:638 In LoadUserProfileP
(28c.2a4) 08:44:58:638 LoadUserProfile: Running as client
(28c.2a4) 08:44:58:638
=========================================================
(28c.2a4) 08:44:58:638 LoadUserProfile: Entering, hToken = <0x3e8>,
lpProfileInfo = 0x78f28
(28c.2a4) 08:44:58:638 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
(28c.2a4) 08:44:58:638 LoadUserProfile: lpProfileInfo->lpUserName =
<LocalService>
(28c.2a4) 08:44:58:638 LoadUserProfile: NULL central profile path
(28c.2a4) 08:44:58:638 LoadUserProfile: NULL default profile path
(28c.2a4) 08:44:58:638 LoadUserProfile: NULL server name
(28c.2a4) 08:44:58:638 LoadUserProfile: User sid: S-1-5-19
(28c.2a4) 08:44:58:638 CSyncManager::EnterLock <S-1-5-19>
(28c.2a4) 08:44:58:638 CSyncManager::EnterLock: No existing entry found
(28c.2a4) 08:44:58:638 CSyncManager::EnterLock: New entry created
(28c.2a4) 08:44:58:648 CHashTable::HashAdd: S-1-5-19 added in bucket 12
(28c.2a4) 08:44:58:648 LoadUserProfile: Wait succeeded. In critical section.
(28c.2a4) 08:44:58:648 RestoreUserProfile: Entering
(28c.2a4) 08:44:58:648 IsCentralProfileReachable: Entering
(28c.2a4) 08:44:58:648 IsCentralProfileReachable: Null path. Leaving
(28c.2a4) 08:44:58:648 RestoreUserProfile: Profile path = <>
(28c.2a4) 08:44:58:648 ExtractProfileFromBackup: A profile already exists
(28c.2a4) 08:44:58:648 PatchNewProfileIfRequred: A profile already exists
with the current sid, exitting
(28c.2a4) 08:44:58:648 CreateLocalProfileKey: Not setting additional Security
(28c.2a4) 08:44:58:648 GetExistingLocalProfileImage: Found entry in profile
list for existing local profile
(28c.2a4) 08:44:58:648 GetExistingLocalProfileImage: Local profile image
filename = <%SystemDrive%\Documents and Settings\LocalService>
(28c.2a4) 08:44:58:648 GetExistingLocalProfileImage: Expanded local profile
image filename = <C:\Documents and Settings\LocalService>
(28c.2a4) 08:44:58:648 GetExistingLocalProfileImage: No local mandatory
profile. Error = 2
(28c.2a4) 08:44:58:648 GetExistingLocalProfileImage: Found local profile
image file ok <C:\Documents and Settings\LocalService\ntuser.dat>
(28c.2a4) 08:44:58:648 GetExistingLocalProfileImage: Failed to query low
profile unload time with error 2
(28c.2a4) 08:44:58:648 Local Existing Profile Image is reachable
(28c.2a4) 08:44:58:648 Local profile name is <C:\Documents and
Settings\LocalService>
(28c.2a4) 08:44:58:648 RestoreUserProfile: No central profile. Attempting
to load local profile.
(28c.2a4) 08:44:58:648 MyRegLoadKey: Returning 00000000
(28c.2a4) 08:44:58:648 GetUserDNSDomainName: Domain name is NT Authority.
No DNS domain name available.
(28c.2a4) 08:44:58:648 MyRegLoadKey: Returning 00000000
(28c.2a4) 08:44:58:648 CreateClassHive: existing user classes hive found
(28c.2a4) 08:44:58:648 RestoreUserProfile: About to Leave. Final
Information follows:
(28c.2a4) 08:44:58:648 Profile was successfully loaded.
(28c.2a4) 08:44:58:648 lpProfile->lpRoamingProfile = <>
(28c.2a4) 08:44:58:648 lpProfile->lpLocalProfile = <C:\Documents and
Settings\LocalService>
(28c.2a4) 08:44:58:648 lpProfile->dwInternalFlags = 0x0
(28c.2a4) 08:44:58:648 RestoreUserProfile: Leaving.
(28c.2a4) 08:44:58:648 UpgradeProfile: Entering
(28c.2a4) 08:44:58:648 UpgradeProfile: Build numbers match
(28c.2a4) 08:44:58:648 UpgradeProfile: Leaving Successfully
(28c.2a4) 08:44:58:999 Profile Ref Count is 1
(28c.2a4) 08:44:58:999 LoadUserProfile: Leaving critical Section.
(28c.2a4) 08:44:58:999 CSyncManager::LeaveLock <S-1-5-19>
(28c.2a4) 08:44:58:999 CSyncManager::LeaveLock: Lock released
(28c.2a4) 08:44:58:999 CHashTable::HashDelete: S-1-5-19 deleted
(28c.2a4) 08:44:58:999 CSyncManager::LeaveLock: Lock deleted
(28c.2a4) 08:44:58:999 LoadUserProfile: Impersonated user: 000003e8, 000003f8
(2c4.328) 08:44:58:999 GetUserDNSDomainName: Domain name is NT Authority.
No DNS domain name available.
(2c4.328) 08:44:59:009 GetUserDNSDomainName: Domain name is NT Authority.
No DNS domain name available.
(28c.2a4) 08:44:59:039 LoadUserProfile: Reverted to user: 00000000
(28c.2a4) 08:44:59:039 LoadUserProfile: Reverted back to user <00000000>
(28c.2a4) 08:44:59:039 LoadUserProfile: Leaving with a value of 1.
(28c.2a4) 08:44:59:039
=========================================================
(28c.2a4) 08:44:59:039 LoadUserProfileI: returning 0
(2b8.2bc) 08:44:59:039 LoadUserProfile: Running as self
(2b8.2bc) 08:44:59:039 LoadUserProfile: Calling LoadUserProfileI (as user)
succeeded
(2b8.2bc) 08:44:59:039 LoadUserProfile: Returning success. Final
Information follows:
(2b8.2bc) 08:44:59:039 lpProfileInfo->UserName = <LocalService>
(2b8.2bc) 08:44:59:039 lpProfileInfo->lpProfilePath = <>
(2b8.2bc) 08:44:59:039 lpProfileInfo->dwFlags = 0x9
(28c.380) 08:44:59:039 IProfileSecurityCallBack: client authenticated.
(28c.380) 08:44:59:039 ReleaseClientContext: Releasing context
(28c.380) 08:44:59:039 ReleaseClientContext_s: Releasing context
(28c.380) 08:44:59:039 MIDL_user_free enter
(2b8.2bc) 08:44:59:039 ReleaseInterface: Releasing rpc binding handle
(2b8.2bc) 08:44:59:039 LoadUserProfile: Returning TRUE. hProfile = <0x354>
(2b8.2bc) 08:44:59:039 GetUserDNSDomainName: Domain name is NT Authority.
No DNS domain name available.
(440.444) 08:44:59:099 LibMain: Process Name: C:\WINDOWS\System32\svchost.exe
(28c.290) 08:44:59:119 IsSyncForegroundPolicyRefresh: Synchronous, Reason:
policy set to SYNC
(5f0.5f4) 08:45:00:671 LibMain: Process Name: C:\WINDOWS\system32\spoolsv.exe
(620.624) 08:45:00:751 LibMain: Process Name: C:\WINDOWS\System32\ccs.exe
(28c.694) 08:45:00:902 IsSyncForegroundPolicyRefresh: Synchronous, Reason:
policy set to SYNC
(28c.694) 08:45:00:902 ApplyGroupPolicy: Entering. Flags = 7
(28c.694) 08:45:00:902 ProcessGPOs:
(28c.694) 08:45:00:902 ProcessGPOs:
(28c.694) 08:45:00:902 ProcessGPOs: Starting computer Group Policy
(Background) processing...
(28c.694) 08:45:00:902 ProcessGPOs:
(28c.694) 08:45:00:902 ProcessGPOs:
(28c.694) 08:45:00:902 EnterCriticalPolicySectionEx: Entering with timeout
600000 and flags 0x0
(28c.694) 08:45:00:902 EnterCriticalPolicySectionEx: Machine critical
section has been claimed. Handle = 0x784
(28c.694) 08:45:00:902 EnterCriticalPolicySectionEx: Leaving successfully.
(28c.694) 08:45:00:902 ProcessGPOs: Machine role is 2.
(28c.694) 08:45:00:912 ProcessGPOs: The DC for domain DOMAINNAME is not
available at startup. retrying
(28c.694) 08:45:00:912 RetryDCContactAtMachineStartup: Enter.
(2b8.6cc) 08:45:01:693 LoadUserProfile: Yes, we can impersonate the user.
Running as self
(2b8.6cc) 08:45:01:693
=========================================================
(2b8.6cc) 08:45:01:693 LoadUserProfile: Entering, hToken = <0x10>,
lpProfileInfo = 0xedf6ec
(2b8.6cc) 08:45:01:693 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
(2b8.6cc) 08:45:01:693 LoadUserProfile: lpProfileInfo->lpUserName =
<LocalService>
(2b8.6cc) 08:45:01:693 LoadUserProfile: NULL central profile path
(2b8.6cc) 08:45:01:693 LoadUserProfile: NULL default profile path
(2b8.6cc) 08:45:01:693 LoadUserProfile: NULL server name
(2b8.6cc) 08:45:01:693 GetInterface: Returning rpc binding handle
(28c.2a4) 08:45:01:693 IProfileSecurityCallBack: client authenticated.
(28c.2a4) 08:45:01:693 DropClientContext: Got client token 0000073C, sid =
S-1-5-18
(28c.2a4) 08:45:01:693 MIDL_user_allocate enter
(28c.2a4) 08:45:01:693 DropClientContext: load profile object successfully
made
(28c.2a4) 08:45:01:693 DropClientContext: Returning 0
(2b8.6cc) 08:45:01:693 LoadUserProfile: Calling DropClientToken (as self)
succeeded
(28c.380) 08:45:01:703 IProfileSecurityCallBack: client authenticated.
(28c.380) 08:45:01:703 In LoadUserProfileP
(28c.380) 08:45:01:703 LoadUserProfile: Running as client
(28c.380) 08:45:01:703
=========================================================
(28c.380) 08:45:01:703 LoadUserProfile: Entering, hToken = <0x740>,
lpProfileInfo = 0xe7d200
(28c.380) 08:45:01:703 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
(28c.380) 08:45:01:703 LoadUserProfile: lpProfileInfo->lpUserName =
<LocalService>
(28c.380) 08:45:01:703 LoadUserProfile: NULL central profile path
(28c.380) 08:45:01:703 LoadUserProfile: NULL default profile path
(28c.380) 08:45:01:703 LoadUserProfile: NULL server name
(28c.380) 08:45:01:703 LoadUserProfile: User sid: S-1-5-19
(28c.380) 08:45:01:703 CSyncManager::EnterLock <S-1-5-19>
(28c.380) 08:45:01:703 CSyncManager::EnterLock: No existing entry found
(28c.380) 08:45:01:703 CSyncManager::EnterLock: New entry created
(28c.380) 08:45:01:703 CHashTable::HashAdd: S-1-5-19 added in bucket 12
(28c.380) 08:45:01:703 LoadUserProfile: Wait succeeded. In critical section.
(28c.380) 08:45:01:703 TestIfUserProfileLoaded: Profile already loaded.
(28c.380) 08:45:01:703 Profile Ref Count is 2
(28c.380) 08:45:01:703 LoadUserProfile: Leaving critical Section.
(28c.380) 08:45:01:703 CSyncManager::LeaveLock <S-1-5-19>
(28c.380) 08:45:01:703 CSyncManager::LeaveLock: Lock released
(28c.380) 08:45:01:703 CHashTable::HashDelete: S-1-5-19 deleted
(28c.380) 08:45:01:703 CSyncManager::LeaveLock: Lock deleted
(28c.380) 08:45:01:703 LoadUserProfile: Impersonated user: 00000740, 00000788
(28c.380) 08:45:01:703 LoadUserProfile: Reverted to user: 00000000
(28c.380) 08:45:01:703 LoadUserProfile: Reverted back to user <00000000>
(28c.380) 08:45:01:703 LoadUserProfile: Leaving with a value of 1.
(28c.380) 08:45:01:703
=========================================================
(28c.380) 08:45:01:703 LoadUserProfileI: returning 0
(2b8.6cc) 08:45:01:703 LoadUserProfile: Running as self
(2b8.6cc) 08:45:01:703 LoadUserProfile: Calling LoadUserProfileI (as user)
succeeded
(2b8.6cc) 08:45:01:703 LoadUserProfile: Returning success. Final
Information follows:
(2b8.6cc) 08:45:01:703 lpProfileInfo->UserName = <LocalService>
(2b8.6cc) 08:45:01:703 lpProfileInfo->lpProfilePath = <>
(2b8.6cc) 08:45:01:703 lpProfileInfo->dwFlags = 0x9
(28c.2a4) 08:45:01:703 IProfileSecurityCallBack: client authenticated.
(28c.2a4) 08:45:01:703 ReleaseClientContext: Releasing context
(28c.2a4) 08:45:01:703 ReleaseClientContext_s: Releasing context
(28c.2a4) 08:45:01:703 MIDL_user_free enter
(2b8.6cc) 08:45:01:703 ReleaseInterface: Releasing rpc binding handle
(2b8.6cc) 08:45:01:703 LoadUserProfile: Returning TRUE. hProfile = <0x1e0>
(2b8.6cc) 08:45:01:703 GetUserDNSDomainName: Domain name is NT Authority.
No DNS domain name available.
(e8.e0) 08:45:01:733 LibMain: Process Name: C:\WINDOWS\System32\alg.exe
(28c.694) 08:45:45:356 PingComputer: Adapter speed 54000000 bps
(28c.694) 08:45:45:356 PingComputer: First time: 1
(28c.694) 08:45:45:366 PingComputer: Fast link. Exiting.
(28c.694) 08:45:45:366 RetryDCContactAtMachineStartup: Tried to call
GetDomainControllerInfo 22 times.
(28c.694) 08:45:45:366 RetryDCContactAtMachineStartup: Exit with status 0.
(28c.694) 08:45:45:366 ProcessGPOs: DC for domain DOMAINNAME is reachable
after retries.
(28c.694) 08:45:45:366 ProcessGPOs: network name is 162.141.84.0
(28c.694) 08:45:45:466 ProcessGPOs: User name is:
CN=COMPUTERNAME,OU=Computers,OU=SITENAME,OU=ConsumerProducts,DC=DOMAINNAME,DC=DOMAIN,DC=com, Domain name is: DOMAINNAME
(28c.694) 08:45:45:466 ProcessGPOs: Domain controller is:
\\CPSITEDC.DOMAINNAME.DOMAIN.com Domain DN is DOMAINNAME.DOMAIN.com
(28c.694) 08:45:45:466 ReadGPExtensions: Rsop entry point not found for
gptext.dll.
(28c.694) 08:45:45:466 ReadGPExtensions: Rsop entry point not found for
dskquota.dll.
(28c.694) 08:45:45:466 ReadGPExtensions: Rsop entry point not found for
gptext.dll.
(28c.694) 08:45:45:476 ReadGPExtensions: Rsop entry point not found for
iedkcs32.dll.
(28c.694) 08:45:45:476 ReadGPExtensions: Rsop entry point not found for
scecli.dll.
(28c.694) 08:45:45:476 ReadGPExtensions: Rsop entry point not found for
gptext.dll.
(28c.694) 08:45:45:476 ReadExtStatus: Reading Previous Status for extension
{35378EAC-683F-11D2-A89A-00C04FBBCFA2}
(28c.694) 08:45:45:476 ReadStatus: Read Extension's Previous status
successfully.
(28c.694) 08:45:45:476 ReadExtStatus: Reading Previous Status for extension
{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}
(28c.694) 08:45:45:476 ReadExtStatus: Reading Previous Status for extension
{25537BA6-77A8-11D2-9B6C-0000F8080861}
(28c.694) 08:45:45:476 ReadExtStatus: Reading Previous Status for extension
{3610eda5-77ef-11d2-8dc5-00c04fa31a66}
(28c.694) 08:45:45:476 ReadExtStatus: Reading Previous Status for extension
{426031c0-0b47-4852-b0ca-ac3d37bfcb39}
(28c.694) 08:45:45:476 ReadExtStatus: Reading Previous Status for extension
{42B5FAAE-6536-11d2-AE5A-0000F87571E3}
(28c.694) 08:45:45:476 ReadStatus: Read Extension's Previous status
successfully.
(28c.694) 08:45:45:476 ReadExtStatus: Reading Previous Status for extension
{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
(28c.694) 08:45:45:476 ReadExtStatus: Reading Previous Status for extension
{827D319E-6EAC-11D2-A4EA-00C04F79F83A}
(28c.694) 08:45:45:476 ReadStatus: Read Extension's Previous status
successfully.
(28c.694) 08:45:45:476 ReadExtStatus: Reading Previous Status for extension
{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
(28c.694) 08:45:45:476 ReadExtStatus: Reading Previous Status for extension
{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
(28c.694) 08:45:45:476 ReadStatus: Read Extension's Previous status
successfully.
(28c.694) 08:45:45:476 ReadExtStatus: Reading Previous Status for extension
{c6dc5466-785a-11d2-84d0-00c04fb169f7}
(28c.694) 08:45:45:476 ReadStatus: Read Extension's Previous status
successfully.
(28c.694) 08:45:45:476 ReadExtStatus: Reading Previous Status for extension
{e437bc1c-aa7d-11d2-a382-00c04f991e27}
(28c.694) 08:45:45:476 ProcessGPOs: Calling GetGPOInfo for normal policy mode
(28c.694) 08:45:45:476 GetGPOInfo: ********************************
(28c.694) 08:45:45:476 GetGPOInfo: Entering...
(28c.694) 08:45:45:656 GetGPOInfo: Server connection established.
(28c.694) 08:45:45:726 GetGPOInfo: Bound successfully.

Guest · Jul 21, 2006

Userenv Part 4 (see additonal posts for rest of log):
(28c.694) 08:45:45:736 SearchDSObject: Searching
<OU=Computers,OU=SITENAME,OU=ConsumerProducts,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:45:736 SearchDSObject: Found GPO(s):
<[LDAP://CN={4B357FA2-FFFF-4CC4-AA72-46CE8934E04C},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com;0][LDAP://CN={BC96B96F-086B-413F-865D-949D9D9A8F07},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com;0][LDAP://cn={E3386C85-9DA9-4D18-A07F-B8E697A62070},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com;0][LDAP://cn={F5E519ED-4FA4-4D10-9069-F09BF68FF110},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com;0][LDAP://cn={4AF05E73-E1B4-44C3-B4BA-D62E62C0F161},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com;0]>
(28c.694) 08:45:45:736 ProcessGPO: ==============================
(28c.694) 08:45:45:736 ProcessGPO: Deferring search for
<LDAP://CN={4B357FA2-FFFF-4CC4-AA72-46CE8934E04C},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:45:736 ProcessGPO: ==============================
(28c.694) 08:45:45:736 ProcessGPO: Deferring search for
<LDAP://CN={BC96B96F-086B-413F-865D-949D9D9A8F07},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:45:736 ProcessGPO: ==============================
(28c.694) 08:45:45:736 ProcessGPO: Deferring search for
<LDAP://cn={E3386C85-9DA9-4D18-A07F-B8E697A62070},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:45:736 ProcessGPO: ==============================
(28c.694) 08:45:45:736 ProcessGPO: Deferring search for
<LDAP://cn={F5E519ED-4FA4-4D10-9069-F09BF68FF110},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:45:736 ProcessGPO: ==============================
(28c.694) 08:45:45:736 ProcessGPO: Deferring search for
<LDAP://cn={4AF05E73-E1B4-44C3-B4BA-D62E62C0F161},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:45:736 SearchDSObject:
<OU=Computers,OU=SITENAME,OU=ConsumerProducts,DC=DOMAINNAME,DC=DOMAIN,DC=com>
has the Block From Above attribute set
(28c.694) 08:45:45:736 SearchDSObject: Searching
<OU=SITENAME,OU=ConsumerProducts,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:45:746 SearchDSObject: Found GPO(s): < >
(28c.694) 08:45:45:746 SearchDSObject: Searching
<OU=ConsumerProducts,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:45:746 SearchDSObject: Found GPO(s):
<[LDAP://CN={A932C3BE-CBC4-4DF1-A797-F996EA858252},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com;0][LDAP://CN={D979A465-11EB-4110-940B-C32C64D76B24},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com;2][LDAP://CN={81EA0E27-207E-4DA5-98E8-AA74D0331C68},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com;0]>
(28c.694) 08:45:45:746 ProcessGPO: ==============================
(28c.694) 08:45:45:746 AddGPO: GPO will not be added to the list since the
Block flag is set and this GPO is not in enforce mode.
(28c.694) 08:45:45:746 ProcessGPO: Deferring search for
<LDAP://CN={A932C3BE-CBC4-4DF1-A797-F996EA858252},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:45:746 ProcessGPO: ==============================
(28c.694) 08:45:45:746 ProcessGPO: Deferring search for
<LDAP://CN={D979A465-11EB-4110-940B-C32C64D76B24},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:45:746 ProcessGPO: ==============================
(28c.694) 08:45:45:746 AddGPO: GPO will not be added to the list since the
Block flag is set and this GPO is not in enforce mode.
(28c.694) 08:45:45:746 ProcessGPO: Deferring search for
<LDAP://CN={81EA0E27-207E-4DA5-98E8-AA74D0331C68},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:45:746 SearchDSObject: Searching
<DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:45:746 SearchDSObject: Found GPO(s):
<[LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com;2][LDAP://CN={BB78A1C1-0594-4759-A961-592C04DA7B57},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com;2]>
(28c.694) 08:45:45:746 ProcessGPO: ==============================
(28c.694) 08:45:45:746 ProcessGPO: Deferring search for
<LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:45:746 ProcessGPO: ==============================
(28c.694) 08:45:45:746 ProcessGPO: Deferring search for
<LDAP://CN={BB78A1C1-0594-4759-A961-592C04DA7B57},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:45:776 SearchDSObject: Searching
<CN=SITENAME,CN=Sites,CN=Configuration,DC=DOMAIN,DC=com>
(28c.694) 08:45:45:786 SearchDSObject: No GPO(s) for this object.
(28c.694) 08:45:45:786 EvaluateDeferredGPOs: Searching for GPOs in
cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com
(28c.694) 08:45:45:826 ProcessGPO: ==============================
(28c.694) 08:45:45:826 ProcessGPO: Searching
<CN={D979A465-11EB-4110-940B-C32C64D76B24},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:45:826 ProcessGPO: Machine has access to this GPO.
(28c.694) 08:45:45:826 ProcessGPO: GPO passes the filter check.
(28c.694) 08:45:45:826 ProcessGPO: Found functionality version of: 2
(28c.694) 08:45:45:826 ProcessGPO: Found file system path of:
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{D979A465-11EB-4110-940B-C32C64D76B24}>
(28c.694) 08:45:46:007 ProcessGPO: Found common name of:
<{D979A465-11EB-4110-940B-C32C64D76B24}>
(28c.694) 08:45:46:017 ProcessGPO: Found display name of: <CP-Default
Policy (Mandatory)>
(28c.694) 08:45:46:017 ProcessGPO: Found machine version of: GPC is 21,
GPT is 21
(28c.694) 08:45:46:017 ProcessGPO: Found flags of: 0
(28c.694) 08:45:46:017 ProcessGPO: Found extensions:
[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
(28c.694) 08:45:46:017 ProcessGPO: ==============================
(28c.694) 08:45:46:017 ProcessGPO: ==============================
(28c.694) 08:45:46:017 ProcessGPO: Searching
<CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:46:017 ProcessGPO: Machine has access to this GPO.
(28c.694) 08:45:46:017 ProcessGPO: GPO passes the filter check.
(28c.694) 08:45:46:017 ProcessGPO: Found functionality version of: 2
(28c.694) 08:45:46:017 ProcessGPO: Found file system path of:
<\\DOMAINNAME.DOMAIN.com\sysvol\DOMAINNAME.DOMAIN.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}>
(28c.694) 08:45:46:057 ProcessGPO: Found common name of:
<{31B2F340-016D-11D2-945F-00C04FB984F9}>
(28c.694) 08:45:46:057 ProcessGPO: Found display name of: <Default Domain
Policy>
(28c.694) 08:45:46:057 ProcessGPO: Found machine version of: GPC is 1703,
GPT is 1703
(28c.694) 08:45:46:057 ProcessGPO: Found flags of: 0
(28c.694) 08:45:46:057 ProcessGPO: Found extensions:
[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}]
(28c.694) 08:45:46:057 ProcessGPO: ==============================
(28c.694) 08:45:46:057 ProcessGPO: ==============================
(28c.694) 08:45:46:057 ProcessGPO: Searching
<CN={BB78A1C1-0594-4759-A961-592C04DA7B57},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:46:057 ProcessGPO: Machine has access to this GPO.
(28c.694) 08:45:46:057 ProcessGPO: GPO passes the filter check.
(28c.694) 08:45:46:057 ProcessGPO: Found functionality version of: 2
(28c.694) 08:45:46:057 ProcessGPO: Found file system path of:
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{BB78A1C1-0594-4759-A961-592C04DA7B57}>
(28c.694) 08:45:46:077 ProcessGPO: Found common name of:
<{BB78A1C1-0594-4759-A961-592C04DA7B57}>
(28c.694) 08:45:46:077 ProcessGPO: Found display name of: <PasswordPolicy>
(28c.694) 08:45:46:077 ProcessGPO: Found machine version of: GPC is 30,
GPT is 30
(28c.694) 08:45:46:077 ProcessGPO: Found flags of: 0
(28c.694) 08:45:46:077 ProcessGPO: Found extensions:
[{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
(28c.694) 08:45:46:077 ProcessGPO: ==============================
(28c.694) 08:45:46:077 ProcessGPO: ==============================
(28c.694) 08:45:46:077 ProcessGPO: Searching
<CN={4B357FA2-FFFF-4CC4-AA72-46CE8934E04C},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:46:077 ProcessGPO: Machine has access to this GPO.
(28c.694) 08:45:46:077 ProcessGPO: GPO passes the filter check.
(28c.694) 08:45:46:077 ProcessGPO: Found functionality version of: 2
(28c.694) 08:45:46:077 ProcessGPO: Found file system path of:
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}>
(28c.694) 08:45:46:097 ProcessGPO: Found common name of:
<{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}>
(28c.694) 08:45:46:097 ProcessGPO: Found display name of: <CP-SITE-PI
Installation>
(28c.694) 08:45:46:097 ProcessGPO: Found machine version of: GPC is 23,
GPT is 23
(28c.694) 08:45:46:097 ProcessGPO: Found flags of: 0
(28c.694) 08:45:46:097 ProcessGPO: Found extensions:
[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B6664F-4972-11D1-A7CA-0000F87571E3}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{C6DC5466-785A-11D2-84D0-00C04FB169F7}{942A8E4F-A261-11D1-A760-00C04FB9603F}]
(28c.694) 08:45:46:097 ProcessGPO: ==============================
(28c.694) 08:45:46:097 ProcessGPO: ==============================
(28c.694) 08:45:46:097 ProcessGPO: Searching
<CN={BC96B96F-086B-413F-865D-949D9D9A8F07},CN=Policies,CN=System,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:46:097 ProcessGPO: Machine has access to this GPO.
(28c.694) 08:45:46:097 ProcessGPO: GPO passes the filter check.
(28c.694) 08:45:46:097 ProcessGPO: Found functionality version of: 2
(28c.694) 08:45:46:097 ProcessGPO: Found file system path of:
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{BC96B96F-086B-413F-865D-949D9D9A8F07}>
(28c.694) 08:45:46:127 ProcessGPO: Found common name of:
<{BC96B96F-086B-413F-865D-949D9D9A8F07}>
(28c.694) 08:45:46:127 ProcessGPO: Found display name of: <CP-SITE-Software>
(28c.694) 08:45:46:127 ProcessGPO: Found machine version of: GPC is 1022,
GPT is 1022
(28c.694) 08:45:46:127 ProcessGPO: Found flags of: 1
(28c.694) 08:45:46:127 ProcessGPO: Found extensions:
[{C6DC5466-785A-11D2-84D0-00C04FB169F7}{942A8E4F-A261-11D1-A760-00C04FB9603F}]
(28c.694) 08:45:46:127 ProcessGPO: ==============================
(28c.694) 08:45:46:127 ProcessGPO: ==============================
(28c.694) 08:45:46:127 ProcessGPO: Searching
<cn={E3386C85-9DA9-4D18-A07F-B8E697A62070},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com>
(28c.694) 08:45:46:127 ProcessGPO: Machine has access to this GPO.
(28c.694) 08:45:46:127 ProcessGPO: GPO passes the filter check.
(28c.694) 08:45:46:127 ProcessGPO: Found functionality version of: 2
(28c.694) 08:45:46:127 ProcessGPO: Found file system path of:
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}>
(28c.694) 08:45:46:147 ProcessGPO: Found common name of:
<{E3386C85-9DA9-4D18-A07F-B8E697A62070}>
(28c.694) 08:45:46:147 ProcessGPO: Found display name of:
<CP-SITE-Computers>
(28c.694) 08:45:46:147 ProcessGPO: Found machine version of: GPC is 70,
GPT is 70
(28c.694) 08:45:46:147 ProcessGPO: Found flags of: 0
(28c.694) 08:45:46:147 ProcessGPO: Found extensions:
[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}][{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B6664F-4972-11D1-A7CA-0000F87571E3}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}]
(28c.694) 08:45:46:147 ProcessGPO: ==============================
(28c.694) 08:45:46:147 EvalList: Object
<cn={F5E519ED-4FA4-4D10-9069-F09BF68FF110},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com> cannot be accessed
(28c.694) 08:45:46:147 EvalList: Object
<cn={4AF05E73-E1B4-44C3-B4BA-D62E62C0F161},cn=policies,cn=system,DC=DOMAINNAME,DC=DOMAIN,DC=com> cannot be accessed
(28c.694) 08:45:46:147 GetGPOInfo: Local GPO's gpt.ini is not accessible,
assuming default state.
(28c.694) 08:45:46:147 GetGPOInfo: Leaving with 1
(28c.694) 08:45:46:147 GetGPOInfo: ********************************
(28c.694) 08:45:46:157 ReadMembershipList: Old count 2 is different from
current count 13
(28c.694) 08:45:46:187 ProcessGPOs: Logging Data for Target <COMPUTERNAME>.
(28c.694) 08:45:46:187 GetWbemServices: CoCreateInstance succeeded
(28c.694) 08:45:46:307 ConnectToNameSpace: ConnectServer returned 0x0
(28c.694) 08:45:46:317 CSessionLogger::Log: logging new security grps
(28c.694) 08:45:46:327 ProcessGPOs: Logged Rsop Session successfully.
(28c.694) 08:45:46:327 ProcessGPOs: OpenThreadToken failed with error 1008,
assuming thread is not impersonating
(28c.694) 08:45:46:327 ProcessGPOs: -----------------------
(28c.694) 08:45:46:327 ProcessGPOs: Processing extension Registry
(28c.694) 08:45:46:327 ReadStatus: Read Extension's Previous status
successfully.
(28c.694) 08:45:46:327 CompareGPOLists: The lists are the same.
(28c.694) 08:45:46:327 ProcessGPOList: Entering for extension Registry
(28c.694) 08:45:46:327 MachinePolicyCallback: Setting status UI to Applying
Registry policy...
(550.554) 08:45:46:417 LibMain: Process Name: C:\WINDOWS\system32\wuauclt.exe
(28c.694) 08:45:46:427 LogExtSessionStatus: Successfully logged Extension
Session data
(28c.694) 08:45:46:427 EnterCriticalPolicySectionEx: Entering with timeout
60000 and flags 0x2
(28c.694) 08:45:46:427 EnterCriticalPolicySectionEx: Machine critical
section has been claimed. Handle = 0x89c
(28c.694) 08:45:46:427 EnterCriticalPolicySectionEx: Leaving successfully.
(28c.694) 08:45:46:427 ResetPolicies: Entering.
(28c.694) 08:45:46:427 ParseRegistryFile: Entering with <C:\Documents and
Settings\All Users\ntuser.pol>.
(28c.694) 08:45:46:427 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated
(28c.694) 08:45:46:437 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoUpdateCheck
(28c.694) 08:45:46:437 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Messenger\Client\PreventAutoRun
(28c.694) 08:45:46:437 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\ACRS\Certificates\
(28c.694) 08:45:46:437 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\ACRS\CRLs\
(28c.694) 08:45:46:437 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\ACRS\CTLs\
(28c.694) 08:45:46:437 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates\
(28c.694) 08:45:46:437 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs\
(28c.694) 08:45:46:437 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs\
(28c.694) 08:45:46:437 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\Root\Certificates\
(28c.694) 08:45:46:437 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\Root\CRLs\
(28c.694) 08:45:46:437 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\Root\CTLs\
(28c.694) 08:45:46:437 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\Trust\Certificates\
(28c.694) 08:45:46:437 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\Trust\CRLs\
(28c.694) 08:45:46:437 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\Trust\CTLs\
(28c.694) 08:45:46:437 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates\
(28c.694) 08:45:46:447 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs\
(28c.694) 08:45:46:447 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs\
(28c.694) 08:45:46:447 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer\
(28c.694) 08:45:46:447 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\NetCache\NoConfigCache
(28c.694) 08:45:46:447 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\NetCache\Enabled
(28c.694) 08:45:46:447 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\DefaultLevel
(28c.694) 08:45:46:447 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled
(28c.694) 08:45:46:447 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\PolicyScope
(28c.694) 08:45:46:447 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ExecutableTypes
(28c.694) 08:45:46:447 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191cd7fa-f240-4a17-8986-94d480a6c8ca}\LastModified
(28c.694) 08:45:46:447 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191cd7fa-f240-4a17-8986-94d480a6c8ca}\Description
(28c.694) 08:45:46:447 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191cd7fa-f240-4a17-8986-94d480a6c8ca}\SaferFlags
(28c.694) 08:45:46:447 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191cd7fa-f240-4a17-8986-94d480a6c8ca}\ItemData
(28c.694) 08:45:46:447 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272edfb-af9f-4ddf-b65b-e4282f2deefc}\LastModified
(28c.694) 08:45:46:447 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272edfb-af9f-4ddf-b65b-e4282f2deefc}\Description
(28c.694) 08:45:46:447 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272edfb-af9f-4ddf-b65b-e4282f2deefc}\SaferFlags
(28c.694) 08:45:46:457 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272edfb-af9f-4ddf-b65b-e4282f2deefc}\ItemData
(28c.694) 08:45:46:457 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868b733-4b3a-48f8-9136-aa6d05d4fc83}\LastModified
(28c.694) 08:45:46:457 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868b733-4b3a-48f8-9136-aa6d05d4fc83}\Description
(28c.694) 08:45:46:457 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868b733-4b3a-48f8-9136-aa6d05d4fc83}\SaferFlags
(28c.694) 08:45:46:457 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868b733-4b3a-48f8-9136-aa6d05d4fc83}\ItemData
(28c.694) 08:45:46:457 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{d2c34ab2-529a-46b2-b293-fc853fce72ea}\LastModified
(28c.694) 08:45:46:457 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{d2c34ab2-529a-46b2-b293-fc853fce72ea}\Description
(28c.694) 08:45:46:457 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{d2c34ab2-529a-46b2-b293-fc853fce72ea}\SaferFlags
(28c.694) 08:45:46:457 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{d2c34ab2-529a-46b2-b293-fc853fce72ea}\ItemData
(28c.694) 08:45:46:457 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\System\DeleteRoamingCache
(28c.694) 08:45:46:457 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAUShutdownOption
(28c.694) 08:45:46:457 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate
(28c.694) 08:45:46:457 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows
NT\CurrentVersion\Winlogon\SyncForegroundPolicy
(28c.694) 08:45:46:457 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows NT\DNSClient\SearchList
(28c.694) 08:45:46:467 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows NT\Printers\SupportLink
(28c.694) 08:45:46:467 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp
(28c.694) 08:45:46:467 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowFullControl
(28c.694) 08:45:46:467 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiry
(28c.694) 08:45:46:467 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows NT\Terminal Services\MaxTicketExpiryUnits
(28c.694) 08:45:46:467 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows NT\Terminal Services\fUseMailto
(28c.694) 08:45:46:467 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited
(28c.694) 08:45:46:467 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows NT\Terminal
Services\fAllowUnsolicitedFullControl
(28c.694) 08:45:46:467 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows NT\Terminal
Services\RAUnsolicit\DOMAINNAME\cp-SITE-ouadmins
(28c.694) 08:45:46:467 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall
(28c.694) 08:45:46:467 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\WindowsFirewall\StandardProfile\EnableFirewall
(28c.694) 08:45:46:467 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\System\DNSclient\NV PrimaryDnsSuffix
(28c.694) 08:45:46:467 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated
(28c.694) 08:45:46:467 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\EFS\EFSBlob
(28c.694) 08:45:46:467 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\EFS\Certificates\BF6ED6FAC5D1033433B17319D2785C4A4418626F\Blob
(28c.694) 08:45:46:467 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\EFS\CRLs\
(28c.694) 08:45:46:467 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\SystemCertificates\EFS\CTLs\
(28c.694) 08:45:46:477 DeleteRegistryValue: Deleted
Software\Policies\Microsoft\Windows NT\Printers\PhysicalLocationSupport
(28c.694) 08:45:46:477 ParseRegistryFile: Leaving.
(28c.694) 08:45:46:477 ResetPolicies: Leaving.
(28c.694) 08:45:46:517 ParseRegistryFile: Entering with
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Machine\registry.pol>.
(28c.694) 08:45:46:557 SetRegistryValue: AlwaysInstallElevated => 1 [OK]
(28c.694) 08:45:46:557 ParseRegistryFile: Leaving.
(28c.694) 08:45:46:577 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\conf.adm> to the Adm list.
(28c.694) 08:45:46:587 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\inetres.adm> to the Adm list.
(28c.694) 08:45:46:597 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\system.adm> to the Adm list.
(28c.694) 08:45:46:617 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\wmplayer.adm> to the Adm list.
(28c.694) 08:45:46:627 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\wuau.adm> to the Adm list.
(28c.694) 08:45:46:627 ParseRegistryFile: Entering with
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Machine\registry.pol>.
(28c.694) 08:45:46:647 SetRegistryValue: NoUpdateCheck => 1 [OK]
(28c.694) 08:45:46:647 SetRegistryValue: PreventAutoRun => 1 [OK]
(28c.694) 08:45:46:678 SetRegistryValue: NoConfigCache => 1 [OK]
(28c.694) 08:45:46:678 SetRegistryValue: Enabled => 0 [OK]
(28c.694) 08:45:46:678 SetRegistryValue: DefaultLevel => 262144 [OK]
(28c.694) 08:45:46:678 SetRegistryValue: TransparentEnabled => 1 [OK]
(28c.694) 08:45:46:688 SetRegistryValue: PolicyScope => 1 [OK]
(28c.694) 08:45:46:688 SetRegistryValue: ExecutableTypes was set successfully
(28c.694) 08:45:46:728 SetRegistryValue: LastModified was set successfully
(28c.694) 08:45:46:738 SetRegistryValue: Description => [OK]
(28c.694) 08:45:46:738 SetRegistryValue: SaferFlags => 0 [OK]
(28c.694) 08:45:46:738 SetRegistryValue: ItemData =>
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
[OK]
(28c.694) 08:45:46:738 SetRegistryValue: LastModified was set successfully
(28c.694) 08:45:46:748 SetRegistryValue: Description => [OK]
(28c.694) 08:45:46:748 SetRegistryValue: SaferFlags => 0 [OK]
(28c.694) 08:45:46:748 SetRegistryValue: ItemData =>
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SystemRoot%*.exe [OK]
(28c.694) 08:45:46:758 SetRegistryValue: LastModified was set successfully
(28c.694) 08:45:46:758 SetRegistryValue: Description => [OK]
(28c.694) 08:45:46:758 SetRegistryValue: SaferFlags => 0 [OK]
(28c.694) 08:45:46:758 SetRegistryValue: ItemData =>
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SystemRoot%System32\*.exe [OK]
(28c.694) 08:45:46:768 SetRegistryValue: LastModified was set successfully
(28c.694) 08:45:46:768 SetRegistryValue: Description => [OK]
(28c.694) 08:45:46:788 SetRegistryValue: SaferFlags => 0 [OK]
(28c.694) 08:45:46:788 SetRegistryValue: ItemData =>
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% [OK]
(28c.694) 08:45:46:788 SetRegistryValue: DeleteRoamingCache => 1 [OK]
(28c.694) 08:45:46:798 SetRegistryValue: NoAUShutdownOption => 1 [OK]
(28c.694) 08:45:46:798 SetRegistryValue: NoAutoUpdate => 1 [OK]
(28c.694) 08:45:46:798 SetRegistryValue: Deleted value <AUOptions>.
(28c.694) 08:45:46:798 SetRegistryValue: Deleted value <ScheduledInstallDay>.
(28c.694) 08:45:46:798 SetRegistryValue: Deleted value <ScheduledInstallTime>.
(28c.694) 08:45:46:798 SetRegistryValue: SyncForegroundPolicy => 1 [OK]
(28c.694) 08:45:46:808 SetRegistryValue: SearchList =>
DOMAINNAME.DOMAIN.com,DOMAIN.com,intranet.DOMAIN.com,srv.DOMAIN.com,pp.DOMAIN.com [OK]
(28c.694) 08:45:46:808 SetRegistryValue: SupportLink =>
\\DOMAINNAME\SITENAME\Printer [OK]
(28c.694) 08:45:46:808 SetRegistryValue: fAllowToGetHelp => 1 [OK]
(28c.694) 08:45:46:818 SetRegistryValue: fAllowFullControl => 1 [OK]
(28c.694) 08:45:46:818 SetRegistryValue: MaxTicketExpiry => 1 [OK]
(28c.694) 08:45:46:818 SetRegistryValue: MaxTicketExpiryUnits => 1 [OK]
(28c.694) 08:45:46:818 SetRegistryValue: fUseMailto => 1 [OK]
(28c.694) 08:45:46:818 SetRegistryValue: fAllowUnsolicited => 1 [OK]
(28c.694) 08:45:46:828 SetRegistryValue: fAllowUnsolicitedFullControl => 1
[OK]
(28c.694) 08:45:46:828 SetRegistryValue: DOMAINNAME\cp-SITE-ouadmins =>
DOMAINNAME\cp-SITE-ouadmins [OK]
(28c.694) 08:45:46:838 SetRegistryValue: EnableFirewall => 0 [OK]
(28c.694) 08:45:46:838 SetRegistryValue: EnableFirewall => 0 [OK]
(28c.694) 08:45:46:838 ParseRegistryFile: Leaving.
(28c.694) 08:45:46:878 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\conf.adm> to the Adm list.
(28c.694) 08:45:46:878 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\inetres.adm> to the Adm list.
(28c.694) 08:45:46:898 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\system.adm> to the Adm list.
(28c.694) 08:45:46:898 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\wmplayer.adm> to the Adm list.

Guest · Jul 21, 2006

Userenv Part 5 (see additional posts for rest of log):
(28c.694) 08:45:46:908 AllocAdmFileInfo: Adding File name
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\wuau.adm> to the Adm list.
(28c.694) 08:45:46:908 ParseRegistryFile: Entering with
<\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{D979A465-11EB-4110-940B-C32C64D76B24}\Machine\registry.pol>.
(28c.694) 08:45:46:918 SetRegistryValue: NV PrimaryDnsSuffix =>
DOMAINNAME.DOMAIN.com [OK]
(28c.694) 08:45:46:918 SetRegistryValue: AlwaysInstallElevated => 1 [OK]
(28c.694) 08:45:46:918 ParseRegistryFile: Leaving.
(28c.694) 08:45:46:928 ParseRegistryFile: Entering with
<\\DOMAINNAME.DOMAIN.com\sysvol\DOMAINNAME.DOMAIN.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol>.
(28c.694) 08:45:46:948 SetRegistryValue: EFSBlob was set successfully
(28c.694) 08:45:46:948 SetRegistryValue: Blob was set successfully
(28c.694) 08:45:46:958 SetRegistryValue: PhysicalLocationSupport => 1 [OK]
(28c.694) 08:45:46:958 ParseRegistryFile: Leaving.
(28c.694) 08:45:47:489 LogRegistry RsopData: Successfully logged registry
Rsop data
(28c.694) 08:45:47:509 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\wuau.adm
(28c.694) 08:45:47:509 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\wmplayer.adm
(28c.694) 08:45:47:509 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\system.adm
(28c.694) 08:45:47:519 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\inetres.adm
(28c.694) 08:45:47:519 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{E3386C85-9DA9-4D18-A07F-B8E697A62070}\Adm\conf.adm
(28c.694) 08:45:47:519 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\wuau.adm
(28c.694) 08:45:47:519 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\wmplayer.adm
(28c.694) 08:45:47:519 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\system.adm
(28c.694) 08:45:47:519 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\inetres.adm
(28c.694) 08:45:47:519 CAdmFileLogger::Log: Logging
\\DOMAINNAME.DOMAIN.com\SysVol\DOMAINNAME.DOMAIN.com\Policies\{4B357FA2-FFFF-4CC4-AA72-46CE8934E04C}\Adm\conf.adm
(28c.694) 08:45:47:529 LogAdmRsopData: Successfully logged Adm data
(28c.694) 08:45:47:529 LeaveCriticalPolicySection: Critical section 0x89c
has been released.
(28c.694) 08:45:47:529 ProcessGPOList: Extension Registry was able to log
data. RsopStatus = 0x0, dwRet = 0, Clearing the dirty bit
(28c.694) 08:45:47:569 ProcessGPOs: -----------------------
(28c.694) 08:45:47:569 ProcessGPOs: -----------------------
(28c.694) 08:45:47:569 ProcessGPOs: Processing extension Wireless
(28c.694) 08:45:47:569 CompareGPOLists: The lists are the same.
(28c.694) 08:45:47:569 ProcessGPOs: Extension Wireless skipped because both
deleted and changed GPO lists are empty.
(28c.694) 08:45:47:569 ProcessGPOs: -----------------------
(28c.694) 08:45:47:569 ProcessGPOs: Processing extension Folder Redirection
(28c.694) 08:45:47:569 CompareGPOLists: The lists are the same.
(28c.694) 08:45:47:569 ProcessGPOs: Extension Folder Redirection skipped
with flags 0x7.
(28c.694) 08:45:47:569 ProcessGPOs: -----------------------
(28c.694) 08:45:47:569 ProcessGPOs: Processing extension Microsoft Disk Quota
(28c.694) 08:45:47:569 CompareGPOLists: The lists are the same.
(28c.694) 08:45:47:569 ProcessGPOs: Extension Microsoft Disk Quota skipped
because both deleted and changed GPO lists are empty.
(28c.694) 08:45:47:569 ProcessGPOs: -----------------------
(28c.694) 08:45:47:569 ProcessGPOs: Processing extension QoS Packet Scheduler
(28c.694) 08:45:47:569 CompareGPOLists: The lists are the same.
(28c.694) 08:45:47:569 ProcessGPOs: Extension QoS Packet Scheduler skipped
because both deleted and changed GPO lists are empty.
(28c.694) 08:45:47:569 ProcessGPOs: -----------------------
(28c.694) 08:45:47:569 ProcessGPOs: Processing extension Scripts
(28c.694) 08:45:47:569 ReadStatus: Read Extension's Previous status
successfully.
(28c.694) 08:45:47:569 CompareGPOLists: The lists are the same.
(28c.694) 08:45:47:569 ProcessGPOList: Entering for extension Scripts
(28c.694) 08:45:47:569 MachinePolicyCallback: Setting status UI to Applying
Scripts policy...
(28c.694) 08:45:47:589 LogExtSessionStatus: Successfully logged Extension
Session data
(28c.694) 08:45:47:759 ProcessGPOList: Extension Scripts returned 0x0.
(28c.694) 08:45:47:759 ProcessGPOList: Extension Scripts was able to log
data. RsopStatus = 0x0, dwRet = 0, Clearing the dirty bit
(28c.694) 08:45:47:789 ProcessGPOs: -----------------------
(28c.694) 08:45:47:789 ProcessGPOs: -----------------------
(28c.694) 08:45:47:789 ProcessGPOs: Processing extension Internet Explorer
Zonemapping
(28c.694) 08:45:47:789 CompareGPOLists: The lists are the same.
(28c.694) 08:45:47:789 ProcessGPOs: Extension Internet Explorer Zonemapping
skipped because both deleted and changed GPO lists are empty.
(28c.694) 08:45:47:789 ProcessGPOs: -----------------------
(28c.694) 08:45:47:789 ProcessGPOs: Processing extension Security
(28c.694) 08:45:47:789 ReadStatus: Read Extension's Previous status
successfully.
(28c.694) 08:45:47:789 CompareGPOLists: The lists are the same.
(28c.694) 08:45:47:839 ProcessGPOList: Entering for extension Security
(28c.694) 08:45:47:839 MachinePolicyCallback: Setting status UI to Applying
Security policy...
(28c.694) 08:45:47:869 LogExtSessionStatus: Successfully logged Extension
Session data
(28c.694) 08:45:47:949 MachinePolicyCallback: Setting status UI to Applying
security policy...
(28c.694) 08:45:47:949 MachinePolicyCallback: Setting status UI to
CP-SITE-PI Installation
(28c.694) 08:45:48:039 MachinePolicyCallback: Setting status UI to
CP-SITE-Computers
(28c.694) 08:45:48:070 MachinePolicyCallback: Setting status UI to
CP-Default Policy (Mandatory)
(28c.694) 08:45:48:100 MachinePolicyCallback: Setting status UI to Default
Domain Policy
(28c.694) 08:45:48:150 MachinePolicyCallback: Setting status UI to
PasswordPolicy
(28c.694) 08:45:51:014 MachinePolicyCallback: Setting status UI to
Configuring security policy to the system.
(28c.694) 08:45:52:856 MachinePolicyCallback: Setting status UI to Applying
computer settings...
(28c.694) 08:45:52:856 ProcessGPOList: Extension Security returned 0x8000000a.
(28c.694) 08:45:52:856 ProcessGPOs: Extension Security ProcessGroupPolicy
returned e_pending.
(28c.694) 08:45:52:856 ProcessGPOs: -----------------------
(28c.694) 08:45:52:856 ProcessGPOs: -----------------------
(28c.694) 08:45:52:856 ProcessGPOs: Processing extension Internet Explorer
Branding
(28c.694) 08:45:52:856 CompareGPOLists: The lists are the same.
(28c.694) 08:45:52:856 ProcessGPOs: Extension Internet Explorer Branding
skipped with flags 0x7.
(28c.694) 08:45:52:856 ProcessGPOs: -----------------------
(28c.694) 08:45:52:856 ProcessGPOs: Processing extension EFS recovery
(28c.694) 08:45:52:856 ReadStatus: Read Extension's Previous status
successfully.
(28c.694) 08:45:52:856 CompareGPOLists: The lists are the same.
(28c.694) 08:45:52:856 ProcessGPOList: Entering for extension EFS recovery
(28c.694) 08:45:52:856 MachinePolicyCallback: Setting status UI to Applying
EFS recovery policy...
(28c.694) 08:45:52:856 ReadStatus: Read Extension's Previous status
successfully.
(28c.694) 08:45:52:886 LogExtSessionStatus: Successfully logged Extension
Session data
(28c.694) 08:45:52:886 ProcessGPOList: Extension EFS recovery returned 0x0.
(28c.694) 08:45:52:886 ProcessGPOList: Extension EFS recovery doesn't
support rsop logging
(28c.694) 08:45:52:927 ProcessGPOs: -----------------------
(28c.694) 08:45:52:927 ProcessGPOs: -----------------------
(28c.694) 08:45:52:937 ProcessGPOs: Processing extension Software Installation
(28c.694) 08:45:52:937 ReadStatus: Read Extension's Previous status
successfully.
(28c.694) 08:45:52:937 CompareGPOLists: One list is empty
(28c.694) 08:45:52:937 ProcessGPOList: Entering for extension Software
Installation
(28c.694) 08:45:52:937 MachinePolicyCallback: Setting status UI to Applying
Software Installation policy...
(28c.694) 08:45:52:937 ProcessGPOList: Passing in the force refresh flag to
Extension Software Installation
(28c.694) 08:45:52:967 LogExtSessionStatus: Successfully logged Extension
Session data
(28c.694) 08:45:53:007 MachinePolicyCallback: Setting status UI to Applying
software installation settings...
(28c.11c) 08:45:53:287 ProcessGroupPolicyCompleted: Entering. Extension =
{827D319E-6EAC-11D2-A4EA-00C04F79F83A}, dwStatus = 0x0
(28c.11c) 08:45:53:427 GetWbemServices: CoCreateInstance succeeded
(28c.11c) 08:45:53:437 ConnectToNameSpace: ConnectServer returned 0x0
(28c.11c) 08:45:53:437 ProcessGroupPolicyCompletedEx: Extension
{827D319E-6EAC-11D2-A4EA-00C04F79F83A} was able to log data. Error = 0x0,
dwRet = 0. Clearing the dirty bit
(28c.11c) 08:45:53:437 ProcessGroupPolicyCompleted: Leaving. Extension =
{827D319E-6EAC-11D2-A4EA-00C04F79F83A}, Return status dwRet = 0x0
(28c.694) 08:45:54:349 MachinePolicyCallback: Setting status UI to
Installing managed software Microsoft Visio Web Component Technology
Preview...
(130.134) 08:45:54:439 LibMain: Process Name: C:\WINDOWS\System32\msiexec.exe
(414.420) 08:46:34:967 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(28c.694) 08:46:39:724 MachinePolicyCallback: Setting status UI to Applying
software installation settings...
(28c.694) 08:46:39:864 MachinePolicyCallback: Setting status UI to
Installing managed software AXISCameraServerControl...
(684.6bc) 08:46:44:020 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(28c.694) 08:46:44:491 MachinePolicyCallback: Setting status UI to Applying
software installation settings...
(28c.694) 08:46:44:731 MachinePolicyCallback: Setting status UI to
Installing managed software Microsoft .NET Framework 1.1...
(520.524) 08:47:04:429 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(4f0.5c0) 08:48:06:679 LibMain: Process Name:
C:\WINDOWS\system32\wbem\mofcomp.exe
(62c.3f0) 08:48:07:109 LibMain: Process Name:
C:\WINDOWS\System32\wbem\wmiprvse.exe
(1b4.1b8) 08:48:14:110 LibMain: Process Name: C:\WINDOWS\System32\dllhost.exe
(2b8.6cc) 08:48:14:560 LoadUserProfile: Yes, we can impersonate the user.
Running as self
(2b8.6cc) 08:48:14:560
=========================================================
(2b8.6cc) 08:48:14:560 LoadUserProfile: Entering, hToken = <0x538>,
lpProfileInfo = 0xedf6ec
(2b8.6cc) 08:48:14:560 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
(2b8.6cc) 08:48:14:560 LoadUserProfile: lpProfileInfo->lpUserName =
<NetworkService>
(2b8.6cc) 08:48:14:560 LoadUserProfile: NULL central profile path
(2b8.6cc) 08:48:14:560 LoadUserProfile: NULL default profile path
(2b8.6cc) 08:48:14:560 LoadUserProfile: NULL server name
(2b8.6cc) 08:48:14:560 GetInterface: Returning rpc binding handle
(28c.380) 08:48:14:560 IProfileSecurityCallBack: client authenticated.
(28c.380) 08:48:14:560 DropClientContext: Got client token 000007A8, sid =
S-1-5-18
(28c.380) 08:48:14:560 MIDL_user_allocate enter
(28c.380) 08:48:14:560 DropClientContext: load profile object successfully
made
(28c.380) 08:48:14:560 DropClientContext: Returning 0
(2b8.6cc) 08:48:14:560 LoadUserProfile: Calling DropClientToken (as self)
succeeded
(28c.2a4) 08:48:14:560 IProfileSecurityCallBack: client authenticated.
(28c.2a4) 08:48:14:560 In LoadUserProfileP
(28c.2a4) 08:48:14:560 LoadUserProfile: Running as client
(28c.2a4) 08:48:14:560
=========================================================
(28c.2a4) 08:48:14:560 LoadUserProfile: Entering, hToken = <0x734>,
lpProfileInfo = 0x165e120
(28c.2a4) 08:48:14:560 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
(28c.2a4) 08:48:14:560 LoadUserProfile: lpProfileInfo->lpUserName =
<NetworkService>
(28c.2a4) 08:48:14:560 LoadUserProfile: NULL central profile path
(28c.2a4) 08:48:14:560 LoadUserProfile: NULL default profile path
(28c.2a4) 08:48:14:560 LoadUserProfile: NULL server name
(28c.2a4) 08:48:14:560 LoadUserProfile: User sid: S-1-5-20
(28c.2a4) 08:48:14:560 CSyncManager::EnterLock <S-1-5-20>
(28c.2a4) 08:48:14:560 CSyncManager::EnterLock: No existing entry found
(28c.2a4) 08:48:14:560 CSyncManager::EnterLock: New entry created
(28c.2a4) 08:48:14:560 CHashTable::HashAdd: S-1-5-20 added in bucket 4
(28c.2a4) 08:48:14:560 LoadUserProfile: Wait succeeded. In critical section.
(28c.2a4) 08:48:14:560 TestIfUserProfileLoaded: Profile already loaded.
(28c.2a4) 08:48:14:560 Profile Ref Count is 3
(28c.2a4) 08:48:14:560 LoadUserProfile: Leaving critical Section.
(28c.2a4) 08:48:14:560 CSyncManager::LeaveLock <S-1-5-20>
(28c.2a4) 08:48:14:560 CSyncManager::LeaveLock: Lock released
(28c.2a4) 08:48:14:560 CHashTable::HashDelete: S-1-5-20 deleted
(28c.2a4) 08:48:14:560 CSyncManager::LeaveLock: Lock deleted
(28c.2a4) 08:48:14:560 LoadUserProfile: Impersonated user: 00000734, 00000728
(28c.2a4) 08:48:14:560 LoadUserProfile: Reverted to user: 00000000
(28c.2a4) 08:48:14:560 LoadUserProfile: Reverted back to user <00000000>
(28c.2a4) 08:48:14:560 LoadUserProfile: Leaving with a value of 1.
(28c.2a4) 08:48:14:560
=========================================================
(28c.2a4) 08:48:14:560 LoadUserProfileI: returning 0
(2b8.6cc) 08:48:14:560 LoadUserProfile: Running as self
(2b8.6cc) 08:48:14:560 LoadUserProfile: Calling LoadUserProfileI (as user)
succeeded
(2b8.6cc) 08:48:14:560 LoadUserProfile: Returning success. Final
Information follows:
(2b8.6cc) 08:48:14:560 lpProfileInfo->UserName = <NetworkService>
(2b8.6cc) 08:48:14:560 lpProfileInfo->lpProfilePath = <>
(2b8.6cc) 08:48:14:560 lpProfileInfo->dwFlags = 0x9
(28c.3d4) 08:48:14:560 IProfileSecurityCallBack: client authenticated.
(28c.3d4) 08:48:14:560 ReleaseClientContext: Releasing context
(28c.3d4) 08:48:14:560 ReleaseClientContext_s: Releasing context
(28c.3d4) 08:48:14:560 MIDL_user_free enter
(2b8.6cc) 08:48:14:560 ReleaseInterface: Releasing rpc binding handle
(2b8.6cc) 08:48:14:570 LoadUserProfile: Returning TRUE. hProfile = <0x424>
(2b8.6cc) 08:48:14:570 GetUserDNSDomainName: Domain name is NT Authority.
No DNS domain name available.
(22c.230) 08:48:14:831 LibMain: Process Name: C:\WINDOWS\System32\msdtc.exe
(138.7f8) 08:48:21:600 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
(840.844) 08:48:25:576 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
(d5c.d60) 08:49:23:619 LibMain: Process Name: C:\WINDOWS\system32\lodctr.exe
(d6c.d70) 08:49:23:870 LibMain: Process Name: C:\WINDOWS\system32\lodctr.exe
(28c.694) 08:49:26:153 MachinePolicyCallback: Setting status UI to Applying
software installation settings...
(28c.694) 08:49:26:383 MachinePolicyCallback: Setting status UI to
Installing managed software Macromedia Shockwave Player 10.1...
(f60.f64) 08:49:45:561 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(fc8.fcc) 08:49:47:684 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(28c.694) 08:49:50:268 MachinePolicyCallback: Setting status UI to Applying
software installation settings...
(28c.694) 08:49:50:528 MachinePolicyCallback: Setting status UI to
Installing managed software WinZip 8.0...
(52c.188) 08:49:54:444 LibMain: Process Name:
\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
(28c.694) 08:49:59:171 MachinePolicyCallback: Setting status UI to Applying
software installation settings...
(28c.694) 08:49:59:341 MachinePolicyCallback: Setting status UI to
Installing managed software BigFix Enterprise Client 5-1...
(28c.694) 08:50:11:418 MachinePolicyCallback: Setting status UI to Applying
software installation settings...
(28c.694) 08:50:12:239 MachinePolicyCallback: Setting status UI to
Installing managed software PARCView 3.00.0069...
(9c.e00) 08:51:51:552 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(4fc.328) 08:51:52:113 LibMain: Process Name:
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
(ca8.d60) 08:52:49:676 LibMain: Process Name: C:\WINDOWS\system32\ntvdm.exe
(ca8.d60) 08:52:49:936 LibMain: Process Name: C:\WINDOWS\system32\ntvdm.exe
(ca8.d60) 08:52:49:936 LibMain: Process Name: C:\WINDOWS\system32\ntvdm.exe
(ca8.d60) 08:52:49:936 LibMain: Process Name: C:\WINDOWS\system32\ntvdm.exe
(ca8.d60) 08:52:49:986 LibMain: Process Name: C:\WINDOWS\system32\ntvdm.exe
(dd0.dd4) 08:52:53:551 LibMain: Process Name:
C:\WINDOWS\System32\wbem\wmiprvse.exe
(e4c.e50) 08:54:35:037 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(e58.e5c) 08:54:35:438 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(e64.e68) 08:54:35:628 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(78c.e70) 08:54:35:688 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(e78.e7c) 08:54:35:868 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(2bc.e88) 08:54:36:059 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(e90.e94) 08:54:36:219 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(7b4.57c) 08:54:36:309 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(e9c.ea0) 08:54:36:449 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(28c.694) 08:54:41:747 MachinePolicyCallback: Setting status UI to Applying
software installation settings...
(28c.694) 08:54:41:897 MachinePolicyCallback: Setting status UI to
Installing managed software ISScript...
(28c.694) 08:54:49:087 MachinePolicyCallback: Setting status UI to Applying
software installation settings...
(28c.694) 08:54:49:188 MachinePolicyCallback: Setting status UI to
Installing managed software Java 2 Runtime Environment, SE v1.4.2_06 for
PortalJ 10...
(83c.6a0) 08:55:31:028 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(28c.694) 08:55:59:379 MachinePolicyCallback: Setting status UI to Applying
software installation settings...
(28c.694) 08:55:59:569 MachinePolicyCallback: Setting status UI to
Installing managed software PortalJ_10 Client Components...
(e50.e44) 08:56:06:359 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(e58.e54) 08:56:07:220 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(28c.694) 08:56:07:741 MachinePolicyCallback: Setting status UI to Applying
software installation settings...
(28c.694) 08:56:07:861 MachinePolicyCallback: Setting status UI to
Installing managed software Portal_J 10 Region 2 Launcher...
(28c.694) 08:56:15:452 MachinePolicyCallback: Setting status UI to Applying
software installation settings...
(28c.694) 08:56:17:975 MachinePolicyCallback: Setting status UI to
Installing managed software Microsoft Office XP Professional without
FrontPage...
(d84.de0) 08:56:40:618 LibMain: Process Name:
C:\WINDOWS\System32\wbem\wmiprvse.exe
(824.820) 08:56:43:192 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(88.ed4) 09:02:09:385 LibMain: Process Name:
C:\WINDOWS\System32\wbem\wmiprvse.exe
(6c4.70) 09:04:04:477 LibMain: Process Name:
C:\WINDOWS\TEMP\pftCB.tmp\Setup.exe
(324.278) 09:04:04:642 LibMain: Process Name:
C:\WINDOWS\TEMP\pftCB.tmp\Setup.exe
(168.910) 09:04:20:707 LibMain: Process Name: C:\WINDOWS\system32\cmd.exe
(914.918) 09:04:20:843 LibMain: Process Name: C:\WINDOWS\system32\cmd.exe
(924.928) 09:04:20:920 LibMain: Process Name: C:\WINDOWS\system32\cacls.exe
(960.85c) 09:04:28:447 LibMain: Process Name: C:\WINDOWS\system32\cacls.exe
(cb8.d50) 09:08:52:840 LibMain: Process Name:
C:\WINDOWS\System32\wbem\wmiprvse.exe
(b38.8a8) 09:25:04:260 LibMain: Process Name:
C:\WINDOWS\System32\wbem\wmiprvse.exe
(ce8.9b4) 09:31:52:455 LibMain: Process Name: C:\WINDOWS\system32\fixmapi.exe
(4b4.1dc) 09:32:08:458 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(540.d98) 09:32:14:082 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(874.dc0) 09:32:14:872 LibMain: Process Name: C:\WINDOWS\system32\msiexec.exe
(970.ebc) 09:32:18:847 LibMain: Process Name:
C:\WINDOWS\system32\rundll32.exe
(978.974) 09:32:19:137 LibMain: Process Name: C:\WINDOWS\System32\svchost.exe
(28c.694) 09:32:19:337 MachinePolicyCallback: Setting status UI to Applying
software installation settings...
(28c.694) 09:32:20:286 MachinePolicyCallback: Setting status UI to
Installing managed software Adobe Reader 7.0...
(a84.684) 09:32:31:914 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(28c.694) 09:34:50:716 MachinePolicyCallback: Setting status UI to Applying
software installation settings...
(28c.694) 09:34:50:846 MachinePolicyCallback: Setting status UI to
Installing managed software Trend OfficeScan Aug 05...
(c48.e68) 09:36:23:648 LibMain: Process Name: C:\WINDOWS\Installer\MSI100.tmp
(4ac.bbc) 09:36:24:074 LibMain: Process Name: C:\WINDOWS\system32\ntvdm.exe
(4ac.bbc) 09:36:24:286 LibMain: Process Name: C:\WINDOWS\system32\ntvdm.exe
(4ac.bbc) 09:36:24:286 LibMain: Process Name: C:\WINDOWS\system32\ntvdm.exe
(4ac.bbc) 09:36:24:286 LibMain: Process Name: C:\WINDOWS\system32\ntvdm.exe
(4ac.bbc) 09:36:24:347 LibMain: Process Name: C:\WINDOWS\system32\ntvdm.exe
(830.854) 09:36:24:955 LibMain: Process Name: C:\WINDOWS\TEMP\_INS5176._MP
(94c.900) 09:37:00:312 LibMain: Process Name: C:\Program Files\Trend
Micro\OfficeScan Client\INSTREG.EXE
(c3c.c20) 09:37:05:881 LibMain: Process Name: C:\Program Files\Trend
Micro\OfficeScan Client\TSC.EXE
(e3c.e44) 09:37:13:647 LibMain: Process Name: C:\Program Files\Trend
Micro\OfficeScan Client\TSC.EXE
(28c.694) 09:37:24:269 MachinePolicyCallback: Setting status UI to Applying
software installation settings...
(28c.694) 09:37:26:152 MachinePolicyCallback: Setting status UI to
Installing managed software Citrix ICA Client 6.31 Update...
(aec.5c0) 09:38:24:696 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(6fc.c08) 09:38:37:910 LibMain: Process Name:
C:\WINDOWS\System32\regsvr32.exe
(df4.51c) 09:38:38:629 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(e10.dec) 09:38:38:872 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(870.250) 09:38:40:107 LibMain: Process Name: C:\WINDOWS\Installer\MSI115.tmp
(28c.694) 09:38:42:790 MachinePolicyCallback: Setting status UI to Applying
software installation settings...
(28c.694) 09:38:43:975 MachinePolicyCallback: Setting status UI to
Installing managed software Microsoft .NET Framework 2.0...
(f1c.9c) 09:39:10:372 LibMain: Process Name: C:\WINDOWS\System32\MsiExec.exe
(914.924) 09:39:35:725 LibMain: Process Name: C:\Program Files\Trend
Micro\OfficeScan Client\TSC.EXE
(a20.fec) 09:39:43:674 LibMain: Process Name: C:\Program Files\Trend
Micro\OfficeScan Client\TSC.EXE
(e64.c2c) 09:40:02:378 LibMain: Process Name: C:\Program Files\Trend
Micro\OfficeScan Client\TSC.EXE
(170.4b8) 09:40:08:773 LibMain: Process Name: C:\Program Files\Trend
Micro\OfficeScan Client\TSC.EXE
(840.aac) 09:44:33:344 LibMain: Process Name:
C:\WINDOWS\System32\wbem\wmiprvse.exe
(e9c.26c) 09:45:01:675 LibMain: Process Name: C:\Program Files\Common
Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
(a6c.220) 09:47:25:269 LibMain: Process Name:
C:\WINDOWS\system32\wbem\mofcomp.exe
(b5c.3e8) 09:47:25:540 LibMain: Process Name:
C:\WINDOWS\System32\wbem\wmiprvse.exe
(450.544) 09:48:04:784 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
(b44.438) 09:48:06:500 LibMain: Process Name:
C:\WINDOWS\system32\wbem\mofcomp.exe
(b68.a30) 09:48:13:297 LibMain: Process Name:
C:\WINDOWS\System32\wbem\wmiprvse.exe
(4ac.32c) 09:48:41:809 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
(d90.ca0) 09:48:43:104 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(95c.e5c) 09:48:43:114 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
(9f4.e88) 09:48:44:078 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(9e8.e20) 09:49:03:384 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(198.da0) 09:49:03:384 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
(610.f8) 09:49:04:739 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(f24.13c) 09:49:06:265 LibMain: Process Name:
\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
(8f4.194) 09:49:20:872 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(1e4.afc) 09:49:22:720 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(5c0.a8c) 09:49:22:720 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
(560.b28) 09:49:23:141 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(114.b14) 09:49:26:183 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(e30.dfc) 09:49:47:035 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(e50.ac8) 09:49:47:095 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
(b08.a1c) 09:49:47:517 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(a78.8f0) 09:49:57:014 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(d0c.cdc) 09:49:57:014 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
(d50.e60) 09:49:57:586 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(df0.4f0) 09:50:09:453 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(4c0.5a4) 09:50:09:453 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
(540.87c) 09:50:10:266 LibMain: Process Name:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

Guest · Aug 16, 2006

Kim,

Did you ever solve this? I have exactly the same problem and any help would
be appreciated.

Regards,
Paul

Florian Frommherz · Aug 16, 2006

Howdy Kim!

We are experiencing a problem where all the group policy software uninstalls
and then reinstalls on reboot. So far, this problem is limited to XP -- Pro
and Tablet. It seems to occur most often when changing between network cards
or when installing software.

For example, we have a tablet PC that typically uses a Cisco wireless card
to access the network. I plugged in to the onboard card and rebooted. The
group policy software uninstalled. I rebooted again and the group policy
software installed. I removed the cable from the onboard card and rebooted
... software uninstalled and reinstalled on reboot.

As for software installs causing the reboot, this typically occurs for
software requiring a reboot, for example, WonderWare, Visual Studio, and
PCAnywhere, to name a few. Again, a second reboot will cause the software to
reinstall.

As no one else has got a solution for your issue I may have an idea:
Change the binding order of your network cards that the static network
card (the one that you won't remove) is on top of the list.

cheers,

Florian

Group Policy Software Uninstalls on XP PCs

Guest

Harj

Guest

Guest

Guest

Guest

Guest

Guest

Florian Frommherz