Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1085 Source: Userenv

The Group Policy client-side <extension>  failed to execute. Please look for any errors reported earlier by that extension.
In our case, the user (using roaming profiles and redirected folders) somehow lost permissions on registry and folder redirection failed. Gave user, via GPO, permission to edit registry permissions, logged in and added user full control of the 'current user' (HKCU) registry tree. Removed users elevated authority and all is fine.
In my case, I had this error while trying to distribute packages via Group Policy. Every package from the CLIENTSAPPS folder failed. I solved ths problem by adding "Domain Computers" to the CLIENTAPPS folder permissions.
We set up Folder Redirection in GP on a 2003 SBS but set the location of the redirected folders to other than the default (which is on the System drive.) We had this error until we gave the Folder Operators group Full Control on both the share and NTFS permissions. Alternately, you can give the same permissions to Domain Users. Note that the Exclusive Access features are maintained; users still may not see each other’s files.
- Extension: “Internet Explorer Zonemapping” - We had an IP address with wild cards entered in for a specific zone. We had "*" entered, which caused this error. After changing it to “*.*", the event went away. The userenv.log was of little help as it even stated that our original entry, causing the event, was processed without error.
- Extension: "Software Installation" - See ME311727 for information on this problem.
- Extension: "IP Security" - See ME898062 for a hotfix applicable to Microsoft Windows XP.

Steps to resolve this situation:
1. Create a new policy called Disk Quota Policy.
2. Edit the policy and navigate to the following: Computer Configuration -> Administrative Templates -> System -> Disk Quotas.
3. Double click the following polices below and check the Disabled option:
- Enable disk quotas
- Enforce disk quota limit.
4. Once disabled, click Apply and exit the policy.
5. If you are using GPMC, link the policy to the OU containing the users receiving the error or link it to the domain. If you are using Group Policy Object Editor, right click the correct OU and create the policy.
6. On XP/2000 client machines, run the GPUPDATE /Force command or restart the client.
7. Reboot the Domain Controller.

NOTE: If you have multiple DCs, you will have to verify that the policy is pushed to the remaining domain controllers. To determine if the policy is in effect, from Start -> Run, type RSOP.MSC and expand the policy setting: Computer Configuration -> Administrative Templates -> System -> Disk Quotas. If you do not see Administrative Templates or System, it means the policy is not being applied to that machine. If that is the case, verify that the machine is located in an OU affected by the policy. ME250842 is an article that talks about troubleshooting group policy errors.
I had this event in conjunction with EventID 107 from source Folder Redirection. When attempting to redirect a users My Computer special folder when connecting to a Terminal Server, I had set to re-direct everyone's folder to the same location, and to re-direct to their Home Directory. The user had a Terminal Server Home Directory set in their Terminal Services Profile in ADUC, but this folder would not re-direct and continually produced these errors until I also set a Home Directory in the User’s Profile.
After installing Windows 2003 SP1 and SBS 2003 SP1 the problem still existed. The problem seemed to be caused by a Group Policy (Default Domain Controller Policy) that contained some damaged/corrupt IPSec settings. No IPSec settings were visible in the policy but because the GPO was corrupted. I copied the settings of the Corrupt Group Policy to a new policy and disabled the corrupt Group Policy. This solved our problem. To check if the problem is caused by a corrupted IPSec policy, look for the file "gptext.log" (C:\%windows dir%\debug\usermode\gptext.log). This logfile contains all the IPsec policy errors.
I stopped this problem by finding an erroneous login script and eliminating it. Open the Group Policy Object Editor and go to User Configuration –> Windows Settings –> Scripts. Double-click the Logon and/or Logoff, and click the Show file button. Delete the erroneous script.
Per Microsoft: “This behavior may occur if you have a Microsoft Windows 2000 domain that includes Windows Server 2003-based servers, and you apply Internet Protocol security (IPSec) policies by using Group Policy. These event messages appear in the Application event log every time that these policies are applied on the Windows Server 2003-based servers”. See ME823608 and MSW2KDB to fix this problem".
As the message suggests, this is just an effect of a previous error. The group policy failed to be applied due to various reasons (reported earlier) and this event simply records the failure without pinpointing to a specific cause.

- Security - no info
- Microsoft Disk Quota - no info
- Folder Redirection - See "Best Practices for Folder Redirection"

To understand what GP Client-Side Extensions are check ME216357 or see ME216358 on how to troubleshoot them.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.