Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2004 Source: GroupPolicyManagement

Level
Description
Backup of GPO failed. Error [Class not registered].
Comments
 
From a newsgroup post: "This event can occur if you backup a GPO which contains custom registry security settings, and the Owner for this registry key they were trying to set security on, had been set to one of their own admins. You may edit the policy to change the owner to be “Administrators” group (the default) as following:
1. Right click the policy in Group Policy Management and select Edit.
2. In Group Policy Object Editor, right click the Default Domain Policy and
select Properties.
3. In Security tab, click Advanced.
4. In Advanced Security Settings for page, confirm the Owner is “Administrators” in Owner tab.

If the problem still persists, please enable verbose logging of the Group Policy Management Console by adding the following registry keys:
Key:  HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
        Value:  GPMgmtTraceLevel
        Value Type:  REG_DWORD
        Value Data:  2
Key:  HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
        Value:  GPMgmtLogFileOnly
        Value Type:  REG_DWORD
        Value Data:     1
This creates a gpmgmt.log that is located in %temp%. The temp folder is in the profile of the currently logged on user".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...