gpo

Domain Controller SceCli event 1202

Greetings Humans! It is Sunday morning and I had to work very early to do some testing after a migration. There is also a lot of waiting involved so i resolved to run some checks on the health of our domain controllers. We had a lot of SceCli event 1202 warnings on every single DC. Those errors are potentially caused by an account that was deleted or not replicated correctly. That account is also part of the User Rights Assignment policy, most commonly on the “Logon as a service” settings. To figure out the account that is causing the error browse to: %SYSTEMROOT%\Security\Logs\winlogon.log Search for “Cannot find” In my case I found the following: Error 1332: No mapping between account names and security IDs was done. Cannot find postgres_eip. That means that the account postgres_eip does not match the SID Active Directory expects it to have. (as it no longer…

Advanced Group Policy Management – AGPM

There are a lot of reasons why companies should buy their licences with Software Assurance. One of the main advantages is the right to use the Microsoft Desktop Optimization Pack, which includes AGPM – Advanced Group Policy Management. AGPM is a tool that will increase the control you will have over your group policies. This toll will help you avoid issues like the one descibed at “Group Policy Management – Steve and Nick’s Tale”.   The key components in Microsoft Advanced Group Policy Management are: Change Control AGMP provides a secure archive for controlling changes to GPOs. In order to change a GPO, an administrator has to “check out” the GPO from the voult. When the changes are complete, the GPO gets “checked in” to the vault. Differences between archived versions and live versions are reviewed on the reports tab. When a GPO is ready for deployment it can be transferred to…

Group Policy Management – Steve and Nick’s Tale

One of the main reasons why Windows is very well established as The Enterprise Operating System is the ease of centralized administration. Most of the credit goes to Group Policies. Group Policies are a set of rules that will be enforced on the workstations and on user profiles. Based on the rules, user experience will change. That means that a CEO will get a more flexible and open system than a call center user, which will get an OS restricted to the tools he needs to be able to perform his tasks. Group Policy is extremely powerful, and as Uncle Ben told Peter Parker (a.k.a. Spiderman) – ‘With great power comes great responsibility’. The reason I am bringing that up is that is that IT departments overlook the importance of controlling access to Group Policy management. Group Policies are live, as soon as you edit a setting it is already…

TechDays Online UK 2011 – Windows 7 and Internet Explorer

  TechDays Online UK 2011 was a very interesting event. I had the pleasure to present 2 sessions, the first about Windows 7 as the best desktop experience and Why Internet Explorer is awesome for the Enterprise. All the recordings for TechDays are available at the TechNet UK Team Blog. I managed to re-encode my sessions so they can be uploaded to youtube. Enjoy and leave your feedback.   Find the link for the presentations on slideshare on this other post: http://davidnudelman.com/2011/techdaysuk/