[gptalk] Re: FW: Re: Usage of GPO_OPEN_LOAD_REGISTRY | GPO_OPEN_READ_ONLY flags
- From: Thorbjörn Sjövold <thorbjorn.sjovold@xxxxxxxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Thu, 7 Sep 2006 09:49:10 +0200
Raghuramji,
don't worry, I understood that it was the New method, but what I really wanted
was to get a better understanding of the problem and to see if you could open
any GPO in write mode, which obviously was the case. My guess is still that
there is some problem with the GPT and the Registry.pol, or the path to it.
Since you are using the IGroupPolicyObject and not the IGPEInformation I would
assume that you are creating a custom application that you could just start and
run easy in your dev environment. One idea could be use Network Monitor or to
run Sysinternals FileMon on the DC, download and keep it since they have been
acquired by MS and who knows if it will be free in the future :), and monitor
your application to see exactly what file that is missing. I'm not sure how
FileMon handles calls to the Redirector so you might have to run it on the DC.
Another thing, can you test your application in another domain with the same
result?
Best,
Thorbjörn Sjövold
Special Operations Software
www.specopssoft.com
thorbjorn.sjovold a t specopssoft.com
Downlad our free tool for remote Gpupdate with graphical reporting,
http://www.specopssoft.com/products/specopsgpupdate/default.asp
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of ramji chandran
Sent: Wednesday, August 30, 2006 5:55 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: FW: Re: Usage of GPO_OPEN_LOAD_REGISTRY |
GPO_OPEN_READ_ONLY flags
Thorbjorn thanks for your time.
>*Are you passing an explicit DC in the pszDomainName parameter or are you
>letting your system select?
I'm passing the DC explicitly for creating GPO.
>After you create it as a read-only GPO, do you see both the GPC and the GPT on
>the DC where you created it, if not does replication fix it after a while?
I can see both the GPC and the GPT on the DC, when i create the GPO in
read-only mode.
>Can you use the OpenDSGPO with GPO_OPEN_LOAD_REGISTRY on an existing GPO?
Since New with GPO_OPEN_LOAD_REGISTRY is not working, as a workaround i have
used New with GPO_OPEN_READ_ONLY for creating GPO and OpenDSGPO with
GPO_OPEN_LOAD_REGISTRY for editing GPO.
Note: The problem is, when i use New with GPO_OPEN_LOAD_REGISTRY it throws an
error 0x80070003.
Thanks,
Raghuramji C
On 8/30/06, Darren Mar-Elia <darren@xxxxxxxxxx> wrote:
Posting Thorbjorn's response to this since he's having some problems
with email.
________________________________
From: Thorbjörn Sjövold
Sent: Tuesday, August 29, 2006 11:52 AM
To: 'gptalk@xxxxxxxxxxxxx'
Subject: RE: [gptalk] Re: Usage of GPO_OPEN_LOAD_REGISTRY |
GPO_OPEN_READ_ONLY flags
Darren, sorry for being only being a lurker your list and not a
contributor anymore :), but you have so many bright people here on the list
nowadays. My plan is to become an active contributor again in the future since
this is one of the top GP resources available...
Raghuramji,
IGroupPolicyObject is an old friend of mine; one must remember that
Group Policy has a legacy from the old NT 4 system policies, and that some of
the COM interfaces and APIs was created before Windows 2000. So in this case,
even if the parameter says GPO_OPEN_LOAD_REGISTRY, it really means that you
open the GPO in edit mode, regardless if you want to use the Registry.pol or
not. I have never encountered this problem, but it sounds like the newly
created GPC and GPT are not in sync, i.e. you have access to the GPC, but the
GPT is not there.
* Are you passing an explicit DC in the pszDomainName parameter or are
you letting your system select?
*After you create it as a read-only GPO, do you see both the GPC and
the GPT on the DC where you created it, if not does replication fix it after a
while?
* Can you use the OpenDSGPO with GPO_OPEN_LOAD_REGISTRY on an existing
GPO?
Best,
Thorbjörn Sjövold
Special Operations Software
www.specopssoft.com
thorbjorn.sjovold a t specopssoft.com
Downlad our free tool for remote Gpupdate with graphical reporting,
http://www.specopssoft.com/products/specopsgpupdate/default.asp
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Monday, August 28, 2006 8:04 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Usage of GPO_OPEN_LOAD_REGISTRY |
GPO_OPEN_READ_ONLY flags
A quick Google search seems to deliver few good answers, but I found a
code snippet here: http://www.totalblowhole.com/new-823399-3604.html that seems
to show some successful code using this flag. Other than that, I haven't spent
enough time myself with this API to know for sure. Maybe Thorbjorn, who lurks
here occasionally, has some insight, since I think he looked at this API a
while back.
Darren
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of ramji chandran
Sent: Monday, August 28, 2006 3:00 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Usage of GPO_OPEN_LOAD_REGISTRY | GPO_OPEN_READ_ONLY
flags
Hi,
Can somebody explain the real usage of flags "GPO_OPEN_LOAD_REGISTRY"
and "GPO_OPEN_READ_ONLY" in the IGroupPolicy method "New"?
I've a particular condition where while trying to create a GPO
programmatically with the GPO_OPEN_LOAD_REGISTRY flag set it throws an error of
0x80070003(The system cannot find the path specified). This problem gets
solved if I use the flag "GPO_OPEN_READ_ONLY", but causes problem while
updating my CSE GUID during linking. Kindly note I do not want to create any
".pol" files that contains the registry entries. I've my configuration data
separately in a XML file generated under the SYSVOL.
Please advice me on the right usage of these flags and their purpose or
any pointers on this would be highly appreciated.
Thanks,
Raghuramji C.
Other related posts:
