Skip navigation

JSI Tip 2059. Security Policies Are Propagated with Warning. 0x534?

When I looked in the Application log on my server, I discovered numerous entries, every 5 minutes:

Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 10/16/1999
Time: 10:13:10 am
User: N/A
Description: Security policies are propagated with warning. 0x534 : No mapping between account names and security IDs
             was done. Please look for more details in TroubleShooting section in Security Help.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 10/16/1999
Time: 10:13:11 am
Description: The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (1332).
To find the problem:

1. I navigated to HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\GPExtension\\{827...\} and Added Value name ExtensionDebugLevel as a type REG_DWORD, setting it to 2. This turned on logging for Winlogon.

2. At a CMD prompt, I typed:

    secedit /refreshpolicy machine_policy /enforce to create %SystemRoot%\Security\logs\Winlogon.log.

3. After inspecting Winlogon.log, I discovered that someone at Microsoft failed to learn the basics of database design, and did not implement referential integrity.

I had recently uninstalled IIS on my Windows 2000 Server. The initial install created the IUSR_... and IWAM_... accounts and assigned users rights. The uninstall removed these accounts, but failed to remove them from User Rights Assignment.

The fix was to manually remove the accounts from the from User Rights Assignment at Administrative Tools / Local Security Policy / Local Policies.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.