JSI Tip 3567. After setting security on NtFrs using Group Policy, you receive Events 1000 and 1002?

Ater configuring the Startup mode and security settings on the File Replication service ( NtFrs) via Group Policy, your Application event log contains:

Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 1/4/2001
Time: 1:01:30 PM
User: N/A
Computer: Server
Description: Security policies are propagated with warning. 0x5 : Access is denied.
             Please look for more details in Troubleshooting section in Security Help. 

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 1/4/2001
Time: 1:01:30 PM
Computer: Server
Description: The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (5).
If you turned on Security Configuration Client logging, the %SystemRoot%\Security\logs\Winlogon.log contains:
Configure NtFrs.
Warning 5: Access is denied.
Error opening NtFrs.
General Service configuration completed with error.
The policy engine no longer has the permissions it requires to set security. to fix the problem:

1. Use Group Policy to navigate to Computer Configuration\Windows Settings\Security Settings\System Services.

2. Right-click File Replication Service and press Security.

3. Grant the System and Administrators groups Full Control.


5. Use Regedt32 to navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTFRS.

6. Delete the Security sub-key.

7. Restart the computer.

8. To verify that the fix has worked, look for consecutive Event ID 1704 messages in the Application event log.

NOTE: This problem is NOT unique to NtFrs and can happen to other services you configure.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.