ERROR Event ID 1000

[angelo23]

Hello,

In our event Log we are getting the following Error like every 5 minutes....
Event ID 1000
USER: NT AUTHORITY\SYSTEM
COMPUTER: Mail1
Description:
The Group Policy client-side extension Security was passed flags(17) and returned a failure status code of (1332)...

How do I clear this up so it stops showing in our event log...Microsoft Online Support said to ADD a Group Policy object link for the Default Domain Controller policy to the Domain Controllers Organizationals unit... But when I went to add the default domain controller policy... There was already one there....???

Any help would be appreciated as I'm not a expert with Windows 2000 Server....

Thanks

 

[karlisi]

Perhaps you have one of yours DC (Mail1) in another OU, not Domain Controllers OU?

===
Karlis
ECDL; MCP

 

[mlichstein]

1332 is "no mapping between account names and security IDs was done" This usually happens when a GPO contains a user ID that no longer exists in the domain.

Take a look at both default policies (default domain and default domain controllers), and go to computer configuration/windows settings/security settings/local policies/user rights assignments. Go through the list of rights and look for any user accounts that appear as SIDs (S-1-xx-xxxxxx......). Remove those accounts from the settings.

After you have done that, close the group policy editor, open a command prompt and run "secedit /refreshpolicy machine_policy /enforce" Then check your application log for any new userenv errors. If all goes well, you will see an information event 1704 saying that group policy was applied successfully.

 

[mlichstein]

One other thing I forgot to mention. Also check the same location (user rights) in your local policy (gpedit.msc).