If your DFS Client is disabled, Group Policies may not be applied and your Event log contains messages similar to:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 4/7/2000
Time: 4:25:40 AM
User: NT AUTHORITY\SYSTEM
Computer: MYCOMPUTER
Description: Windows cannot access the registry information at
\\mydomain.com\sysvol\mydomain.com\Policies\\{31B2F340-016D-11D2-945F-00C04FB984F9\}\Machine\registry.pol
with (51).
Event Type: Error
Event Source: SceCli
Event Category: None
Event ID: 1001
Date: 4/7/2000
Time: 4:30:46 AM
User: N/A
Computer: MYCOMPUTER
Description: Security policy cannot be propagated. Cannot access the template. Error code = 3.
\\mydomain.com\sysvol\mydomain.com\Policies\\{31B2F340-016D-11D2-945F-00C04FB984F9\}\Machine\Microsoft\Windows
NT\SecEdit\GptTmpl.inf.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 4/7/2000
Time: 4:30:46 AM
User: NT AUTHORITY\SYSTEM
Computer: MYCOMPUTER
Description: The Group Policy client-side extension Security was passed flags (17) and returned a failure
status code of (3).If the
DFS Client is disabled, you can
NOT access the
\\<Active Directory Domain Name>\Sysvol share, which would cause this problem.
To check / enable the DFS Client, use Regedt32 to navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup
Double-click the DisableDFS value name, a REG_DWORD data type.
A data value of 0, the default, enables the DFS Client. A data value of 1 disables the DFS Client.
NOTE: If the DisableDFS value name is missing, the DFS Client is enabled.
0 comments
Hide comments
