W
Will
On a Windows 2000 domain controller (it is a backup and does not hold any
roles), we are getting an SCECLI 1202 event in the eventviewer with a code
of 0x534, which means "no mapping between account names and security IDs was
done." The error does not occur on the primary domain controller. I read
throught the Microsoft kb article on this event here:
http://support.microsoft.com/kb/324383
but this leads me to a dead end. There is no group policy that contains
the "Power Users" group, and that is the group that is being objected to
here.
I am including an extract from winlogon.log below my signature. Does
someone have a theory on why Power Users appears in this file if Power Users
does not show up in any of the
%SYSTEMROOT%\Security\Templates\Policies\GPT*.INF files?
--
Will
Error 0 to send control flag 1 over to server.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
[Mapping] gpt00000.inf = Default Domain Controllers Policy
-------------------------------------------
11/12/2005 14:43:29
Invoke Registry Value Delay Filter.
Analyze machine\software\microsoft\driver signing\policy.
...
Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
Copy local policy.
----Un-initialize configuration engine...
-------------------------------------------
11/12/2005 14:43:31
----Configuration engine is initialized successfully.----
----Reading Configuration template info...
----Configure User Rights...
Configure S-...
Configure S-1-5-18.
Configure Power Users.
Error 1332: No mapping between account names and security IDs was done.
Cannot find Power Users.
Configure S-1-5-32-545.
...
User Rights configuration completed with error.
roles), we are getting an SCECLI 1202 event in the eventviewer with a code
of 0x534, which means "no mapping between account names and security IDs was
done." The error does not occur on the primary domain controller. I read
throught the Microsoft kb article on this event here:
http://support.microsoft.com/kb/324383
but this leads me to a dead end. There is no group policy that contains
the "Power Users" group, and that is the group that is being objected to
here.
I am including an extract from winlogon.log below my signature. Does
someone have a theory on why Power Users appears in this file if Power Users
does not show up in any of the
%SYSTEMROOT%\Security\Templates\Policies\GPT*.INF files?
--
Will
Error 0 to send control flag 1 over to server.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
[Mapping] gpt00000.inf = Default Domain Controllers Policy
-------------------------------------------
11/12/2005 14:43:29
Invoke Registry Value Delay Filter.
Analyze machine\software\microsoft\driver signing\policy.
...
Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
Copy local policy.
----Un-initialize configuration engine...
-------------------------------------------
11/12/2005 14:43:31
----Configuration engine is initialized successfully.----
----Reading Configuration template info...
----Configure User Rights...
Configure S-...
Configure S-1-5-18.
Configure Power Users.
Error 1332: No mapping between account names and security IDs was done.
Cannot find Power Users.
Configure S-1-5-32-545.
...
User Rights configuration completed with error.