Hi After doing the following i get the follwoing error in winlogon.log. ************************* Cannot access the template. Error code = 3. \\sankhya.com\sysvol\sankhya.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9} Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf. ************************** Regards K Jagadish Pai Systems Administrator "Steve Moffat" <steve@optimum To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> .mine.nu> cc: Subject: [isalist] Re: Problem Not Solved....? 04/24/2003 02:47 AM Please respond to "[ISAserver.or g Discussion List]" http://www.ISAserver.org Event Type: Error Event Source: Userenv Event Category: None Event ID: 1000 Date: 10/16/1999 Time: 10:13:11 am User: NT AUTHORITY\SYSTEM Computer: COMPUTERNAME Description: The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (1332). CAUSE This issue can occur for any of the following reasons: You installed a program, which creates user accounts and assigns rights to those user accounts. Later, you remove the program, which deletes the user accounts, but does not remove the rights from policy before the accounts are deleted. -or- You add a user account and assign rights to the account. Later, you delete the account, but you do not remove the account from the user rights policy. RESOLUTION To resolve this issue, follow these steps: Add the ExtensionDebugLevel DWORD value with the value data 2 to the following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\ GPExtension\{827...} NOTE: In the registry key, any GUID starting with "{827". Under the command window, type secedit /refreshpolicy machine_policy /enforce to generate the Winlogon.log file in the Windows_folder\Security\Logs folder. Restart the Netlogon service. Search the Winlogon.log file for deleted user accounts. Confirm that this user account is not located in any of the User Rights Assignments in the Default Domain Controllers policy as well as in the Local Security Policy, under the effective settings column. For additional information about the User Rights Policy, click the article number below to view the article in the Microsoft Knowledge Base: 234237 Assign Log On locally Rights to Windows 2000 Domain Controller NOTE: The preceding article describes how to add a user to the list. In this case you use the same procedure except you delete a user account from the list. Steve This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than the recipient. Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Optimum Computer Solutions disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of Optimum Computer Solutions or its subsidiaries or affiliates. usermanager@xxxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jagadish.pai@xxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')