Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
Policy change from LSA/SAM can't be saved in the policy storage. Error <error code> to save policy change in the local GPO database.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the Group Policy?
What is the LSA?
What is the SAM?
1208 - "An extended error has occurred.".
1. Create an OldSecurity subfolder at %SystemRoot%\Security
2. Move the log files from %SystemRoot%\Security\logs to %SystemRoot%\Security\OldSecurity
3. Move the database from %SystemRoot%\Security\Database\Secedit.sdb to %SystemRoot%\Security\OldSecurity and change the file extension to .old
4. Start / Run / MMC / OK
5. Console / Add/Remove Snap-in
6. Add the Security and Configuration Analysis snap-in. Press Close and OK.
7. Right-click Security and Configuration Analysis and press Open Database.
8. Navigate to the %SystemRoot%\Security\Database folder, type Secedit.sdb into File name, and press Open
9. When prompted to import a template, select Setup security.inf.
10. Press Open. Ignore any Access Denied error.
11. Right-click Security and Configuration Analysis and press Configure computer Now
2 - "The system cannot find the file specified." - usually indicates missing security policy files
1332 - "No mapping between account names and security IDs was done." - This seems to be similar to the errors generated by security policy propagation when some groups or accounts are deleted from AD but not from security policies
For errors 2 ("The system cannot find the file specified.") and 5 ("Access is denied."), more information can be found in the new article ME272560 (as well as a potential hotfix).
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated