Skip navigation

JSI Tip 3567. After setting security on NtFrs using Group Policy, you receive Events 1000 and 1002?

Ater configuring the Startup mode and security settings on the File Replication service ( NtFrs) via Group Policy, your Application event log contains:

Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 1/4/2001
Time: 1:01:30 PM
User: N/A
Computer: Server
Description: Security policies are propagated with warning. 0x5 : Access is denied.
             Please look for more details in Troubleshooting section in Security Help. 

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 1/4/2001
Time: 1:01:30 PM
Computer: Server
Description: The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (5).
If you turned on Security Configuration Client logging, the %SystemRoot%\Security\logs\Winlogon.log contains:
Configure NtFrs.
Warning 5: Access is denied.
Error opening NtFrs.
General Service configuration completed with error.
The policy engine no longer has the permissions it requires to set security. to fix the problem:

1. Use Group Policy to navigate to Computer Configuration\Windows Settings\Security Settings\System Services.

2. Right-click File Replication Service and press Security.

3. Grant the System and Administrators groups Full Control.


5. Use Regedt32 to navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTFRS.

6. Delete the Security sub-key.

7. Restart the computer.

8. To verify that the fix has worked, look for consecutive Event ID 1704 messages in the Application event log.

NOTE: This problem is NOT unique to NtFrs and can happen to other services you configure.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.