Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1000 Source: Userenv

Source
Level
Description
Windows cannot access the file gpt.ini for GPO <cn={0F5174F0-C67B-49B6-8AE2-400AF8923F2A},cn=policies,cn=system,DC=company,DC=NET. The file must be present at the location <\\Company.NET\sysvol\company.NET\Policies\{0F5174F0-C67B-49B6-8AE2-400AF8923F2A}\gpt.ini>. (Access is denied.). Group Policy processing aborted.
Comments
 
I was getting the same event 1000 logged in the application log on a W2K server and the server was the only one in the domain not taking the GPO. After searching and trying everything, I found that the TCP/IP NetBIOS Helper Service had been stopped and disabled. Once it was started, the errors stopped and the GPO was successfully applied.
From a support forum post: "Often this is related to a timing issue with the network stack not coming up before GP processing starts. Check out ME840669 and see if that helps."
The information provided by WITP74444 helped me solve this problem.
In my case, the policy was not replicated on all DCs (we have 3). I made a copy and passed it on all DCs in \\<domain>\sysvol\<domain>\policies. Now it works.
This problem can also occur if the "Workstation" service is stopped.


If on a Win2K Server, go to "Active Directory Users & Computers" -> Right Click on the OU you wish to view Group Policies for -> Select "Properties" -> Click on the "Group Policy" tab -> Highlight the policy you wish to edit -> Click "Edit" -> Right Click on the Group you wish to edit -> Click the "Security" tab -> Click "Add" -> Add the "Everyone" group and set its permissions to "Read" only. If you do not set (at a minimum) read permissions to the "Everyone" group, no one will be able to read and apply the appropriate Group Policy.
On a Windows 2000 domain controller, opening MMC, adding the Group Policy snapin for "default group policy", and then navigating through the policy caused the following message: "The following entry in the [strings] section is too long and has been truncated". See Microsoft KB article ME842933 for information on this problem.
In my case, deleting the default domain group policy and creating a new group policy solved the problem. Make sure that the new policy is renamed to something other than "default domain policy". Click properties and check the security tab ensuring that the SYSTEM account has FULL control permissions. Configure your policy as per your environment. The Userenv errors should now be resolved.
There should be four files named GPT.INI properly situated within %systemroot%\sysvol. If you can't restore the contents of %systemroot%\sysvol from a backup (as I recently encountered), this might fix your problem:

1. Manually create the following subfolders if they don't already exist, with "YOURDOMAIN" being the exact domain name for your network's domain:

%systemroot%\sysvol\domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}

%systemroot%\sysvol\domain\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}

%systemroot%\sysvol\sysvol\YOURDOMAIN\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}

%systemroot%\sysvol\sysvol\YOURDOMAIN\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}
Keep in mind that most domains controlled by Windows 200x domain controllers are in fully qualified domain name (FQDN) format.

2. Create a text document GPT.INI in each of these subfolders.

3. Add the following text to GPT.INI in each {31B2F340-016D-11D2-945F-00C04FB984F9} subfolder, then save and close it:

[General]
Version=65545

4. Add the following text to GPT.INI in each {6AC1786C-016F-11D2-945F-00C04fB984F9} subfolder, then save and close it:

[General]
Version=1

The 1000/Userenv errors should disappear no later than at the next domain policy propagation. Check the Application event log to verify this.

Also, see the link to "Chicago Technet" for information about this problem.
From a newsgroup post: "Go to Control Panel -> Network Connections -> Advanced -> Advanced Settings and change the binding order for the NICs. The internal one (LAN) must be at the top".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...