Monitor unlimited number of servers
Filter log events
Create email and web-based reports
Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content
Event ID: 2004 Source: GroupPolicyManagement
Source
Level
Description
Backup of GPO failed. Error [Class not registered].
English
Request a translation of the event description in plain English.
Comments
From a newsgroup post: "This event can occur if you backup a GPO which contains custom registry security settings, and the Owner for this registry key they were trying to set security on, had been set to one of their own admins. You may edit the policy to change the owner to be “Administrators” group (the default) as following:
1. Right click the policy in Group Policy Management and select Edit.
2. In Group Policy Object Editor, right click the Default Domain Policy and
select Properties.
3. In Security tab, click Advanced.
4. In Advanced Security Settings for page, confirm the Owner is “Administrators” in Owner tab.
If the problem still persists, please enable verbose logging of the Group Policy Management Console by adding the following registry keys:
Key: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
Value: GPMgmtTraceLevel
Value Type: REG_DWORD
Value Data: 2
Key: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
Value: GPMgmtLogFileOnly
Value Type: REG_DWORD
Value Data: 1
This creates a gpmgmt.log that is located in %temp%. The temp folder is in the profile of the currently logged on user".
1. Right click the policy in Group Policy Management and select Edit.
2. In Group Policy Object Editor, right click the Default Domain Policy and
select Properties.
3. In Security tab, click Advanced.
4. In Advanced Security Settings for page, confirm the Owner is “Administrators” in Owner tab.
If the problem still persists, please enable verbose logging of the Group Policy Management Console by adding the following registry keys:
Key: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
Value: GPMgmtTraceLevel
Value Type: REG_DWORD
Value Data: 2
Key: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
Value: GPMgmtLogFileOnly
Value Type: REG_DWORD
Value Data: 1
This creates a gpmgmt.log that is located in %temp%. The temp folder is in the profile of the currently logged on user".
Windows Event Log Analysis Splunk App
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.
Cisco ASA Log Analyzer Splunk App
Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.