| Author | Messages | |
mike.elliottuk
Posts:38
 | | 07/01/2009 1:50 PM |
| Yes you can but it needs to be done from a Vista client or Windows 2008
Server as I think the latest versions of gpmc do not work on Server 2003.
If you adopt either a Vista client or Win 2008 Server as your gpo admin
point then you can manage settings for both XP and Vista using ADMX policy
files etc.
2009/7/1 Haritwal, Dhiraj <xxxxxxxxxxxxxxxx>
> Can I verify both policy settings (Vista & XP) in AD
>
>
>
> Dhiraj
>
>
>
>
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Mike Elliott
> *Sent:* Wednesday, July 01, 2009 5:28 PM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Extension Wireless ProcessGroupPolicy failed,
> status 0x201b
>
>
>
> You need to be administering GP settings from either a Windows Vista client
> or from a Windows 2008 Server box, not a W2K3.
>
>
>
> Mike
>
> 2009/7/1 Haritwal, Dhiraj <xxxxxxxxxxxxxxxx>
>
> Mike,
>
>
>
> I have created one Policy for XP also but still on Win 2K3 ADC gpmc it’s
> showing only one policy which is for XP. It’s still a mystery that why in
> 2K3 AD GPMC it’s showing only XP policy but on my Vista machine, it’s
> showing both policy (Vista & XP).
>
>
>
> Does anybody have any idea, where exactly it store the Wireless policy
> settings in AD Sysvol.
>
>
>
>
>
> Dhiraj
>
>
>
>
>
>
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Mike Elliott
> *Sent:* Tuesday, June 30, 2009 1:15 PM
>
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Extension Wireless ProcessGroupPolicy failed,
> status 0x201b
>
>
>
> This might sound obvious, but there needs to be a policy for each OS. A
> Vista policy for Vista machines and another XP policy for XP machines. As
> it stands the XP machines will be able to see and read the gpo itself but
> there is no relevant XP policy in there for them to apply.
>
>
>
> Mike
>
> 2009/6/30 Haritwal, Dhiraj <xxxxxxxxxxxxxxxx>
>
> Darren,
>
>
>
> All XP machines are having SP3. Yes, I am facing this problem on XP
> machines only. On Win 2K3 server side I am getting the below error in GPMC.
> Is it because I have created a Wireless Vista Policy (as per below
> screenshot). Where exactly I can see this wireless info in sysvol folder.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Thanks & Regards,*
>
> *Dhiraj Haritwal*
>
> *System Administrator*
>
> *Sony India Pvt. Ltd.*
>
> *Tel. No. : +91-11-66006276*
>
> *Mobile No. : +91-9873585408*
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Darren Mar-Elia
> *Sent:* Monday, June 29, 2009 10:36 PM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* RE: [gptalk] Extension Wireless ProcessGroupPolicy failed,
> status 0x201b
>
>
>
> The fact that XP thinks the GPO does not exist is puzzling. Clearly it
> found the GPO enough to know it had to process it. But when the Wireless
> extension runs, its not finding the GPO settings. If I remember correctly,
> Wireless settings are stored in AD, within the GPC part of the GPO. The ony
> thing I can think of is that somehow the XP machines cannot read the
> Wireless settings out of AD -- I would check permissions on the GPC and
> drill into the "Machine" container to see if you can view the permissions on
> it. Also, you say you have SP3 on those boxes, which is required (or you
> would need the hotfix for SP2) to process WPA2 settings. Can you verify that
> SP3 is really installed correctly? I think its suspicious that only XP
> machines are having the issue.
>
>
>
> Darren
>
> --- On *Mon, 6/29/09, Haritwal, Dhiraj <xxxxxxxxxxxxxxxx>*wrote:
>
>
> From: Haritwal, Dhiraj <xxxxxxxxxxxxxxxx>
> Subject: RE: [gptalk] Extension Wireless ProcessGroupPolicy failed, status
> 0x201b
> To: "xxxxxxxxxxxxxxxx" <xxxxxxxxxxxxxxxx>
> Date: Monday, June 29, 2009, 6:11 AM
>
> Darren,
>
>
>
> Waiting for your reply.
>
>
>
> Dhiraj
>
>
>
>
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Haritwal, Dhiraj
> *Sent:* Saturday, June 27, 2009 12:05 PM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* RE: [gptalk] Extension Wireless ProcessGroupPolicy failed,
> status 0x201b
>
>
>
> There is no security group/WMI Filters. OS is also same XP SP3.
>
>
>
> Sorry just now I realized that Wireless policy is not applying on any of XP
> Machines & showing “Policy object doesn’t exist”.
>
>
>
> Now the confusion is then how it’s working on Vista machines & on XP is
> showing Object not found.
>
>
>
> Dhiraj
>
>
>
>
>
>
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Darren Mar-Elia
> *Sent:* Friday, June 26, 2009 8:59 PM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* RE: [gptalk] Extension Wireless ProcessGroupPolicy failed,
> status 0x201b
>
>
>
> Well, the error is pretty clear in that the system can’t find the GPO. Is
> this GPO using any security group or WMI filters? Any differences in OS
> updates between the XP machines where its working and those where its not?
>
>
>
> Darren
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Haritwal, Dhiraj
> *Sent:* Thursday, June 25, 2009 9:47 PM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* RE: [gptalk] Extension Wireless ProcessGroupPolicy failed,
> status 0x201b
>
>
>
> Darren,
>
>
>
> But I have seen the Same DC as logon server on XP Machines where Wireless
> policy is showing error but the same DC is coming on my Vista machine where
> I able to see Wireless Policy with the settings which I have configured.
>
>
>
> I have configured Wireless policy from Vista Machine with RSAT because in
> windows 2003 there is no option for WPA2. I don’t think so Schema updation
> required for Wireless Policy.
>
>
>
> Now it’s very strange that on Vista Machines as well as some XP Machines,
> Wireless policies are applied but on some XP Machines showing errors.
>
>
>
> GPOTool is showing Policy OK on both of my Win WK3 ADC’s.
>
>
>
> ============================================================
>
> Policy {5BBA7734-8580-48DB-A96E-FC866D750EEC}
>
> Friendly name: Wireless Users Policy
>
> Policy OK
>
> ============================================================
>
>
>
>
>
> Dhiraj
>
>
>
>
>
>
>
>
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Darren Mar-Elia
> *Sent:* Thursday, June 25, 2009 9:46 PM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* RE: [gptalk] Extension Wireless ProcessGroupPolicy failed,
> status 0x201b
>
>
>
> I doubt the problem is caused by lack of schema updates. Mike is correct
> that if you are in a Server 2003 AD environment, you need to have applied
> the Server 2008 AD schema extensions in order to even see the new Wireless
> policy stuff from a Vista or 2008 GPMC editor. I suspect Dhiraj’s problem is
> really related to GPO replication issues. Dhiraj---I would run GPOTool.exe
> against your DCs for the GPO that is delivering that wireless policy and
> make sure all DCs have the same version.
>
>
>
> Darren
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Mike Elliott
> *Sent:* Thursday, June 25, 2009 8:49 AM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Extension Wireless ProcessGroupPolicy failed,
> status 0x201b
>
>
>
> I found that I was not able to even create a Wifi policy for Vista clients
> until this schema update had been applied. The necessary schema attributes
> are not there. In attempting to add a new Vista policy in GPMC I got an
> error describing the missing attributes.
>
>
>
> Mike
>
>
>
> 2009/6/25 Timo Ylitalo <xxxxxxxxxxxxxxxx<http://us.mc6.mail.yahoo.com/mc/compose?to=xxxxxxxxxxxxxxxx>
> >
>
> I am not sure whether this is what's causing your problem. I also have 2003
> AD and I have to set up wireless settings through group policy in the near
> future, so it would be interesting to know, whether one needs the schema
> update to configure wireless policy to XP SP3 and Win7 clients. Btw, from
> what OS are you configuring the group policy, I mean do you use the 2003 or
> vista or perhaps Windows 7 RC? I'd also like to know whether the OS that
> your configuring the settings has any effect on this, I mean you do get all
> the new policy settings when using e.g. Windows 7 RC. I guess I am not much
> of a help here, just more questions  Maybe someone smarter than me can
> help.
>
> - Timo
>
> 2009/6/25 Haritwal, Dhiraj <xxxxxxxxxxxxxxxx<http://us.mc6.mail.yahoo.com/mc/compose?to=xxxxxxxxxxxxxxxx>
> >
>
> Very strange! Then how come it’s working on mostly Vista & some XP
> Machines. I am using windows 2003 AD & XP-SP3 / Vista-SP1/SP2 clients. Best
> part is I have seen this problem on some XP machines (SP3).
>
>
>
> Second thing if client is not able to get the object, do you think it’s
> because of the AD Schema modification.
>
>
>
> Dhiraj
>
>
>
>
>
>
>
>
>
> *From:* xxxxxxxxxxxxxxxx<http://us.mc6.mail.yahoo.com/mc/compose?to=xxxxxxxxxxxxxxxx>[mailto:
> xxxxxxxxxxxxxxxx<http://us.mc6.mail.yahoo.com/mc/compose?to=xxxxxxxxxxxxxxxx>]
> *On Behalf Of *Timo Ylitalo
> *Sent:* Thursday, June 25, 2009 6:21 PM
>
>
> *To:* xxxxxxxxxxxxxxxx<http://us.mc6.mail.yahoo.com/mc/compose?to=xxxxxxxxxxxxxxxx>
>
> *Subject:* Re: [gptalk] Extension Wireless ProcessGroupPolicy failed,
> status 0x201b
>
>
>
> I don't know if this has anything to do with your problem, but I've read
> that you need to extend your Active Directory Schema in some cases
> (depending on your domain controller operating system) when configuring
> wireless settings through group policy. Here's more detailed information
> http://technet.microsoft.com/en-us/library/bb727029.aspx
>
>
>
> - Timo
>
> 2009/6/25 Haritwal, Dhiraj <xxxxxxxxxxxxxxxx<http://us.mc6.mail.yahoo.com/mc/compose?to=xxxxxxxxxxxxxxxx>
> >
>
> It’s replicated to both. I am also getting the below error message in GPMC
> Result for those clients.
>
>
>
> *Error! Filename not specified.*
>
>
>
> Dhiraj
>
>
>
>
>
>
>
>
>
> *From:* xxxxxxxxxxxxxxxx<http://us.mc6.mail.yahoo.com/mc/compose?to=xxxxxxxxxxxxxxxx>[mailto:
> xxxxxxxxxxxxxxxx<http://us.mc6.mail.yahoo.com/mc/compose?to=xxxxxxxxxxxxxxxx>]
> *On Behalf Of *Florian Frommherz
> *Sent:* Thursday, June 25, 2009 5:28 PM
> *To:* xxxxxxxxxxxxxxxx<http://us.mc6.mail.yahoo.com/mc/compose?to=xxxxxxxxxxxxxxxx>
> *Subject:* RE: [gptalk] Extension Wireless ProcessGroupPolicy failed,
> status 0x201b
>
>
>
> Howdie!
>
>
>
> 201b is a hex code for 8219 which stands for
> „ERROR_POLICY_OBJECT_NOT_FOUND”. Can you check whether the wireless policy
> in question has been replicated (both SYSVOL and AD portions) to all DCs
> (e.g. the DC the test user logs on to)?
>
>
>
> Cheers,
>
> Florian
>
>
>
>
> ------------------------------
>
> *Von:* xxxxxxxxxxxxxxxx<http://us.mc6.mail.yahoo.com/mc/compose?to=xxxxxxxxxxxxxxxx>[mailto:
> xxxxxxxxxxxxxxxx<http://us.mc6.mail.yahoo.com/mc/compose?to=xxxxxxxxxxxxxxxx>]
> *Im Auftrag von *Haritwal, Dhiraj
> *Gesendet:* Donnerstag, 25. Juni 2009 10:59
> *An:* xxxxxxxxxxxxxxxx<http://us.mc6.mail.yahoo.com/mc/compose?to=xxxxxxxxxxxxxxxx>
> *Betreff:* [gptalk] Extension Wireless ProcessGroupPolicy failed, status
> 0x201b
>
>
>
> Hi,
>
>
>
> I have deployed one Wireless GP to configure WPA2 on XP/Vista machines. Now
> on some XP Machines I am getting the below error message in Event
> viewer/Userenv & clients are not showing Wireless policy. Kindly tell me
> what can be the reason.
>
>
>
> USERENV(54c.a6c) 11:25:34:086 ProcessGPOs: Extension Wireless
> ProcessGroupPolicy failed, status 0x201b.
>
> USERENV(54c.a6c) 13:13:37:649 ProcessGPOs: Extension Wireless
> ProcessGroupPolicy failed, status 0x201b.
>
> USERENV(54c.a6c) 14:43:38:293 ProcessGPOs: Extension Wireless
> ProcessGroupPolicy failed, status 0x201b.
>
> USERENV(54c.a6c) 16:37:39:034 ProcessGPOs: Extension Wireless
> ProcessGroupPolicy failed, status 0x201b.
>
> USERENV(54c.550) 18:17:48:917 MyRegUnLoadKey: Failed to unmount hive
> 00000005
>
> USERENV(54c.550) 18:17:48:932 DumpOpenRegistryHandle: 2 user registry
> Handles leaked from
> \Registry\User\S-1-5-21-376907524-191846188-1232828436-77614
>
> USERENV(54c.550) 18:17:48:932 UnloadUserProfileP: Didn't unload user
> profile <err = 5>
>
> USERENV(54c.550) 18:17:49:948 UnloadUserProfile: UnloadUserProfileP failed
> with 0
>
> USERENV(54c.151c) 18:17:55:011 CEvents::Report: ReportEvent failed. Error
> = 1717
>
> USERENV(780.1034) 18:17:56:120 GetUserNameAndDomain: MyGetUserNameEx
> failed for NT4 style name with 1115
>
> USERENV(780.1034) 18:17:56:417 GetUserNameAndDomain: MyGetUserNameEx
> failed for NT4 style name with 1115
>
> USERENV(780.1108) 18:17:56:432 GetUserNameAndDomain: MyGetUserNameEx
> failed for NT4 style name with 1115
>
> USERENV(54c.550) 09:27:02:093 CUserProfile::CleanupUserProfile: Ref Count
> is not 0
>
> USERENV(54c.550) 09:27:02:109 CUserProfile::CleanupUserProfile: Ref Count
> is not 0
>
> USERENV(54c.550) 09:27:02:109 CUserProfile::CleanupUserProfile: Ref Count
> is not 0
>
> USERENV(54c.368) 09:28:12:066 ProcessGPOs: Extension Wireless
> ProcessGroupPolicy failed, status 0x201b.
>
> USERENV(54c.b4c) 11:14:23:634 ProcessGPOs: Extension Wireless
> ProcessGroupPolicy failed, status 0x201b.
>
> USERENV(54c.b4c) 12:51:24:248 ProcessGPOs: Extension Wireless
> ProcessGroupPolicy failed, status 0x201b.
>
> USERENV(6d0.102c) 14:03:39:085 GetUserGuid: Failed to impersonate user with
> 5.
>
> USERENV(6d0.102c) 14:03:39:116 GetProfileType: Profile is not loaded.
>
> USERENV(12ac.14d8) 14:03:44:429 GetUserGuid: Failed to impersonate user
> with 5.
>
> USERENV(12ac.14d8) 14:03:44:444 GetProfileType: Profile is not loaded.
>
>
>
>
>
>
>
> Regards,
>
>
>
> Dhiraj
>
>
>
>
>
>
>
>
>
>
> ------------------------------
>
> This email is confidential and intended only for the use of the individual
> or entity named above and may contain information that is privileged. If you
> are not the intended recipient, you are notified that any dissemination,
> distribution or copying of this email is strictly prohibited. If you have
> received this email in error, please notify us immediately by return email
> or telephone and destroy the original message. - This mail is sent via Sony
> Asia Pacific Mail Gateway..
>
>
> ------------------------------
>
> This email is confidential and intended only for the use of the individual
> or entity named above and may contain information that is privileged. If you
> are not the intended recipient, you are notified that any dissemination,
> distribution or copying of this email is strictly prohibited. If you have
> received this email in error, please notify us immediately by return email
> or telephone and destroy the original message. - This mail is sent via Sony
> Asia Pacific Mail Gateway..
>
>
>
>
> ------------------------------
>
> This email is confidential and intended only for the use of the individual
> or entity named above and may contain information that is privileged. If you
> are not the intended recipient, you are notified that any dissemination,
> distribution or copying of this email is strictly prohibited. If you have
> received this email in error, please notify us immediately by return email
> or telephone and destroy the original message. - This mail is sent via Sony
> Asia Pacific Mail Gateway..
>
>
>
>
>
>
> ------------------------------
>
> This email is confidential and intended only for the use of the individual
> or entity named above and may contain information that is privileged. If you
> are not the intended recipient, you are notified that any dissemination,
> distribution or copying of this email is strictly prohibited. If you have
> received this email in error, please notify us immediately by return email
> or telephone and destroy the original message. - This mail is sent via Sony
> Asia Pacific Mail Gateway..
>
>
> ------------------------------
>
> This email is confidential and intended only for the use of the individual
> or entity named above and may contain information that is privileged. If you
> are not the intended recipient, you are notified that any dissemination,
> distribution or copying of this email is strictly prohibited. If you have
> received this email in error, please notify us immediately by return email
> or telephone and destroy the original message. - This mail is sent via Sony
> Asia Pacific Mail Gateway..
>
>
> ------------------------------
>
> This email is confidential and intended only for the use of the individual
> or entity named above and may contain information that is privileged. If you
> are not the intended recipient, you are notified that any dissemination,
> distribution or copying of this email is strictly prohibited. If you have
> received this email in error, please notify us immediately by return email
> or telephone and destroy the original message. - This mail is sent via Sony
> Asia Pacific Mail Gateway..
>
>
>
>
> ------------------------------
>
> This email is confidential and intended only for the use of the individual
> or entity named above and may contain information that is privileged. If you
> are not the intended recipient, you are notified that any dissemination,
> distribution or copying of this email is strictly prohibited. If you have
> received this email in error, please notify us immediately by return email
> or telephone and destroy the original message. - This mail is sent via Sony
> Asia Pacific Mail Gateway..
>
>
>
>
> ------------------------------
>
> This email is confidential and intended only for the use of the individual
> or entity named above and may contain information that is privileged. If you
> are not the intended recipient, you are notified that any dissemination,
> distribution or copying of this email is strictly prohibited. If you have
> received this email in error, please notify us immediately by return email
> or telephone and destroy the original message. - This mail is sent via Sony
> Asia Pacific Mail Gateway..
>
>
>
> ------------------------------
> This email is confidential and intended only for the use of the individual
> or entity named above and may contain information that is privileged. If you
> are not the intended recipient, you are notified that any dissemination,
> distribution or copying of this email is strictly prohibited. If you have
> received this email in error, please notify us immediately by return email
> or telephone and destroy the original message. - This mail is sent via Sony
> Asia Pacific Mail Gateway..
>
| | | |
|
|