Hello Everyone, I'm trying to trouble shoot a problem with one of NIST's FDCC Administrative Templates that generates the following error when you edit the group policy or run a rsop on a workstation that has had the group policy applied. The template that is erroring is inetres.adm, NIST has configured the IE 7 security, the target is a XP SP2 workstation with IE 6 installed The error I'm getting is "The following keyword is tto long" the area after/below the statement is blank. I've enabled two of the Group policy debug registry keys are there any other I can enable or should enable? Output from: Is located in this file: Enable verbose logging by adding this key or value? ?to this registry key Group Policy core (UserEnv) and registry CSE %windir%\debug\usermode\UserEnv.log UserEnvDebugLevel = REG_DWORD 30002 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Security CSE %windir%\security\logs\winlogon.log ExtensionDebugLevel = REG_DWORD 0x2 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions\{827d319e-6eac-11d2-a4ea-00c04f79f83a} updated policy but no luck, nothing is logged in the event logs, winlogon logs, userenv logs I've ran process monitor at the same time as rsop, but nothing. I'm going to run process monitor today while I run gpupdate /force and see if that gets me anything. Does anyone know what the string length in a admin template is? Does anyone have any other thoughts on how to trouble shoot this.? Thanks in advance --John *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************