Ошибка 4098 group policy

Windows Server: Event ID 4098: Group Policy Preferences (Group Policy Printers)

Applies To: Windows Server 2008 & Windows Server 2008 R2

Group Policy Preferences (GPP) allow you to specify computer and user configuration settings. These settings allow granular configuration not available using regular Group Policy. GPP also provides filtering of settings using item-level targeting which allows
for granular application of settings to subset of users or computers. Group Policy Preferences contain a number of different preference extensions. The different extensions can log the same event ID, but are interpreted differently depending on the preference
extension.

Group Policy Preference events are written to the Application log. Informational events are only logged when the relevant Group Policy settings are enabled through specific Administrative Template settings. The path to the settings per preference area is:

Computer ConfigurationPoliciesAdministrative TemplatesSystemGroup PolicyLogging and tracing

When evaluating Event ID 4098 for Group Policy Printers, the specific error that is logged within the event message distinguishes among root causes for the event.

Table of Contents

  • Event Details
  • Resolve
    • Correct any issues with the printer driver.
      • Error code
        0x80070705 (The printer driver is unknown)
  • Verify
  • Related Management Information

Event Details

Product: Windows Operating System
ID: 4098
Source: Microsoft-Windows-GroupPolicyPrinters
Version: 6.1
Symbolic Name: W_CSE_POLICYAPPLYFAILED_BYPASS or E_CSE_POLICYAPPLYFAILED
Message: The [computer | user] <computer IP address> preference item in the <GPO name> Group Policy object did not apply because it failed with error code <error code>. This error was suppressed.

Resolve

Correct any issues with the printer driver.

The Printers preference extension logs the error message and the error code. This information appears on the
Details tab of the error message in Event Viewer. The error code (displayed as a hexadecimal) and error description fields further identify the reason for the failure. Evaluate the error code with the list below:

  • Error code 0x80070705

Error code
0x80070705 (The printer driver is unknown)

This error code usually indicates that the Printer is configured with a type 4  print drivers.

Group Policy Preference TCP/IP printers do not support Type 4 print drivers. The printer must be configured on the server with Type 3 drivers.

The printer driver type can be discovered as follows:

  1. Open the Print Management console by typing printmanagement.msc on the command-line.
  2. In the console tree, click Printer Servers to expand the folder.
  3. Click the Print Server that you are configuring
  4. Click Printers
  5. In the results pane, for the specific printer,  check the «Driver Type» column. This column specifies if the driver is Type 3 or Type 4.

If it is determined that the print drive is type 4, a type 3 print drive must be selected instead. This can be done within the Print Management console by selecting the type 3 driver from the drop down list, if already installed on the print server. If the
type 3 driver is not already installed on the print server, you can install the type 3 driver from the Advanced tab. Select New Driver.

Most type 3 print drivers can be downloaded from Windows Update. If the type 3 driver is not available from Windows Update, see the printer manufacturer’s website.

Verify

Group Policy applies during computer startup and user logon. Afterwards, Group Policy applies every 90 to 120 minutes. Events appearing in the event log may not reflect the most current state of Group Policy. Group Policy Printers will continue to apply
every refresh unless the «Apply once and do not reapply» option has been selected on the Common tab. Therefore, you should always refresh Group Policy to determine if Group Policy is working correctly.

To refresh Group Policy on a specific computer:

  1. Open the Start menu. Click All Programs and then click
    Accessories.
  2. Click Command Prompt.
  3. In the command prompt window, type gpupdate and then press ENTER.
  4. When the gpupdate command completes, open the Event Viewer.

Group Policy Printers is working correctly if this event ID is no longer logged in the Application log.

Related Management Information

  • Information about Group Policy Preferences Events
  • Understand and Troubleshoot Printing in Windows Server «8» Beta

Источник
title description ms.date author ms.author manager audience ms.topic ms.prod localization_priority ms.reviewer ms.custom ms.technology

User GPP Scheduled Task item fails to apply

Provides a solution to an issue where User GPP Scheduled Task item fails to apply.

04/28/2023

Deland-Han

delhan

dcscontentpm

itpro

troubleshooting

windows-server

medium

kaushika, akhleshs

sap:problems-applying-group-policy-objects-to-users-or-computers, csstroubleshoot

windows-server-group-policy

User GPP Scheduled Task item fails to apply and logs event ID: 4098 with 0x80070005 Access is denied

This article provides a solution to an issue where User Group Policy Preference (GPP) Scheduled Task item fails to apply.

Applies to:   Windows Server 2012 R2
Original KB number:   2447414

Symptoms

You configure the following User Group Policy Preference (GPP) item in a Windows 2008/2008 R2 based Active Directory Domain.

  • User ConfigurationPreferencesControl Panel SettingsScheduled TasksNew"Scheduled Task (Windows Vista and later)"
  • Under the Common Settings tab, select option Run in logged-on user’s security context (user policy option). After the Group Policy is applied to a user, you find that the preference item doesn’t take effect.

Additionally, you see the following event log in the Application log:

Additionally if you enable Group Policy tracing for GPP Scheduled Tasks Client Side Extension, you’ll see the following messages logged in the GPP User log file:

<DateTime> [pid=0x3a0,tid=0x8c8] Starting class <TaskV2> — <GPP item name>.
<DateTime> [pid=0x3a0,tid=0x8c8] Set user security context.
<DateTime> [pid=0x3a0,tid=0x8c8] Adding child elements to RSOP.
<DateTime> [pid=0x3a0,tid=0x8c8] WorkItem.Init [hr = 0x80070005 «Access is denied.»]
<DateTime> [pid=0x3a0,tid=0x8c8] Properties handled. [hr = 0x80070005 «Access is denied.»]
<DateTime> [pid=0x3a0,tid=0x8c8] Set system security context.
<DateTime> [pid=0x3a0,tid=0x8c8] EVENT : The user ‘<GPP item name>’ preference item in the ‘<GPO name> {GPO GUID}’ Group Policy object did not apply because it failed with error code ‘0x80070005 Access is denied.’%100790273
<DateTime> [pid=0x3a0,tid=0x8c8] Error suppressed. [hr = 0x80070005 «Access is denied.»]
<DateTime> [pid=0x3a0,tid=0x8c8] Completed class <TaskV2> — <GPP item name>.
<DateTime> [pid=0x3a0,tid=0x8c8] Completed class <ScheduledTasks>.

You can enable GPP tracing through group policy:
Computer ConfigurationPoliciesAdministrative TemplatesSystemGroup PolicyLogging and TracingConfigure Schedulled Tasks preference logging and tracing

When configured, the log file will be created in:
%SystemDrive%ProgramDataGroupPolicyPreferenceTraceUser.log

Cause

The User GPP Scheduled Tasks item wasn’t designed to run under the currently logged on users security context AND must be applied in the default system security context.

Resolution

To avoid this issue, don’t enable the Run in logged-on user’s security context (user policy option) Common option when configuring user GPP Scheduled Tasks items.

The security context under which the Scheduled Task will run once it has been deployed can be specified in the General settings tab when creating the User GPP Scheduled Task item:

User ConfigurationPreferencesControl Panel SettingsScheduled TasksNew"Scheduled Task (Windows Vista and later)"
General:
Security Options -> «When running the task, use the following user account:»

By default, it’s set to: %LogonDomain%%LogonUser%

It’s where the security context under which the scheduled task will run should be configured.

Data collection

If you need assistance from Microsoft support, we recommend you collect the information by following the steps mentioned in Gather information by using TSSv2 for Group Policy issues.

Источник

Description

In this article, I am going to give the solution/fix/cause for error Event 4098. Event ID 4098 is an error event that related to the Group Policy Shortcuts.

Event ID 4098 Source

I saw the Event ID 4098 with the following error.

The computer 'My Settings' preference item in the 'Default Domain Policy {31B2F340-016D-11D2-945F-00C04FB984F9}' Group Policy object did not apply because it failed with error code '0x80070002 The system cannot find the file specified.' This error was suppressed.

Event ID 4098:Fix/Solution

After I have analyzed for some time found the following things as root cause for the problem.
 1. Open the Group Policy Management Console by running the command GPMC.msc.

 2. Click the Edit option on Default Domain Policy (the above 4098 event source shows this policy as error, In your case, it may be different policy )

3. Go to the Computer Shortcuts node, Computer Configuration ->Preferences -> Windows Settings ->Shortcuts, in right side pane check the target path of the shortcut link that causes for the Event 4098.
In my case, the shortcut link is My Settings

Event ID 4098 - Group Policy Shortcut error -Fix/Solution

3. Now change file path in shortcut link settings which caused the Group Policy Shortcut error.

 Thanks,
 Morgan
Software
 Developer

Источник

I am using Group Policy Preference item to copy a file from a network URL to a location within the users profile and keep coming up with an Evnit ID 4098 (as seen below). Here is what I have:

1. This is a Windows XP SP3 machine with the group policy client side extension installed
2. I have also confirmed that from that machine with the user logged in, I can access the location of the policy folder (as shown below) so it doesn’t appear to me to be a permission issue.
3. The permissions on that policy folder allows Authenticated user to read it.
3. User does not have admimistrative permissions on machine being logged into

Anyone have any idea what could be the causing this?

______

\domain.localSYSVOLdomain.localPolicies{B9EFD8C6-627D-4D72-A42B-E36357AC1490}

Event Type: Warning
Event Source: Group Policy Files
Event Category: (2)
Event ID: 4098
Date:  11/20/2012
Time:  11:59:30 PM
User:  NT AUTHORITYSYSTEM
Computer: Desktop-013
Description:
The user ‘NRTDDE.INI’ preference item in the ‘User Policy (XP Desktops) {B9EFD8C6-627D-4D72-A42B-E36357AC1490}’ Group Policy object did not apply because it failed with error code ‘0x80070005 Access is denied.’ This error was suppressed.

Источник

KnowledgeBase: Group Policy Preferences for Local Users and Groups fails with Event ID 4098 on Windows 8 and Windows Server 2012

Last week, Microsoft released KnowledgeBase article 2890259. It describes an issue in Windows 8 and Windows Server 2012 with Group Policy Preferences for Local Users and Groups.

In some circumstances, these Group Policy Preferences would not apply, resulting in events with EventId 4098 in the Windows Event Viewer (eventvwr.exe) on your domain-joined Windows 8-based device(s) and/or Windows Server 2012-based member server(s). 

The situation

In many organizations, Group Policy Preferences (GPPs) are used to manage local users and groups. However, when you apply a Group Policy Preference for Local Users and Groups to rename the built-in Administrator account on a domain-joined Windows 8-based device and/or Windows Server 2012-based member server the group policy preference for Local Users and Groups fails to apply and an event similar to the below is logged on domain-joined Windows 8-based devices and/or Windows Server 2012-based member servers:

Log Name: Application Source: Group Policy Local Users and Groups Event ID: 4098 Task Category: (2) Level: Warning Keywords: Classic User: SYSTEM Description: The computer 'Administrator (built-in)' preference item in the 'Policy_Name {GUID}' Group Policy Object did not apply because it failed with error code '0x8007052a This operation is disallowed as it could result in an administration account being disabled, deleted or unable to logon.' This error was suppressed.

The issue

This issue can occur if the User cannot change password checkbox is checked when you configured the Group Policy Preference. Do not configure this option for the built-in administrator account. This may lead to the inability of the administrator account being able to logon to the Windows 8-based device(s) and/or Windows Server 2012-based member server(s).

The solution

To resolve this issue, follow the steps mentioned below to edit the Group Policy Preference, Local Users and Groups and uncheck the option of «User cannot change password»

  1. Log on to a domani-joined Windows 8-based device(s) and/or Windows Server 2012-based member server(s) with Group Policy Management installed, with an account which has permissions to modify the Group Policy Object.
  2. Start Group Policy Mangement (gpmc.msc)
  3. Locate the Group Policy Object (GPO), responsible for the Group Policy Preference settings for Local Users and Groups on the Windows 8-based device(s) and/or Windows Server 2012-based member server(s) where you receive the events.Tip!
         Use Resultant Set of Policies (rsop.msc) on the Windows 8-based device(s)
    and/or Windows Server 2012-based member server(s) to locate the Group Policy
    Object (GPO) responsible for the settings, if needed.
  4. Right-click the Group Policy Object (GPO), right-click it and select Edit… from the context menu.
  5. In the Group Poliy Object (GPO) in the left pane, navigate to Computer Configuration, then Preferences, Control Panel Settings and finally Local Users and Groups.
  6. Right-click the Local Users and Groups policy for the built-in account and click Properties from the context menu.
  7. Uncheck User cannot change password option.Group Policy Preferences to change the password for the built-in administrator
  8. Click Apply and then OK.If you have multiple Domain Controllers, wait for Active Directory Replication to finish.
  9. Run gpupdate /force on the Windows 8-based device(s) and/or Windows Server 2012-based member server(s) or force a remote Group Policy update on the Organizational Unit(s) containing the affected Windows 8-based device(s) and/or Windows Server 2012-based member server(s) from within Group Policy Management.

Related KnowledgeBase articles

2890259 GPP Local Users and Groups fails with Event ID 4098 on Windows 8 and Windows Server 2012
2616766 Group Policy Preferences Local Users & Groups do not accept long names

Further reading

Local Users and Groups Extension
Configure a Local User Item
How to use Group Policy Preferences to Secure Local Administrator Groups
Local admin with Group Policy Preferences

Источник

I have set up a file copying Group Policy Preferences item to copy a file from a network share to the user’s AppData folder.  So, we have…

target:           \serversharefolderMSO2057.acl
destination:   %APPDATA%MicrosoftOfficeMSO2057.acl

The file is not copied, and an Event ID 4098 (Source — Group Policy Files).  It gives a description of…

The user ‘MSO2057.acl’ preference item in the ‘Gosodiadau Proffil {4763B80B-64AB-4D05-98DB-0454B5500FF6}’ Group Policy object did not apply because it failed with error code ‘0x80070005 Access is denied.’ This error was suppressed.

The permissions are fine on both source and destination.

One thing to note is that AppData has been redirected to the user’s home share.

I have tried changing the target location to a real one, i.e. a folder on the local C-drive, and it copies OK — I’m guessing it a variables issue.

Do you know how I get around this?

I’ve noticed this question…  https://www.experts-exchange.com/questions/24470914/Group-Policy-File-Howto.html

but I cannot change it to a Computer Policy because it puts things in the user’s profile.

By the way, the client PCs here are Windows Server 2008 R2

Thanks.

Источник

Перейти к контенту

Windows Server: Event ID 4098: Group Policy Preferences (Group Policy Printers)

Applies To: Windows Server 2008 & Windows Server 2008 R2

Group Policy Preferences (GPP) allow you to specify computer and user configuration settings. These settings allow granular configuration not available using regular Group Policy. GPP also provides filtering of settings using item-level targeting which allows
for granular application of settings to subset of users or computers. Group Policy Preferences contain a number of different preference extensions. The different extensions can log the same event ID, but are interpreted differently depending on the preference
extension.

Group Policy Preference events are written to the Application log. Informational events are only logged when the relevant Group Policy settings are enabled through specific Administrative Template settings. The path to the settings per preference area is:

Computer ConfigurationPoliciesAdministrative TemplatesSystemGroup PolicyLogging and tracing

When evaluating Event ID 4098 for Group Policy Printers, the specific error that is logged within the event message distinguishes among root causes for the event.

Table of Contents

  • Event Details
  • Resolve
    • Correct any issues with the printer driver.
      • Error code
        0x80070705 (The printer driver is unknown)
  • Verify
  • Related Management Information

Event Details

Product: Windows Operating System
ID: 4098
Source: Microsoft-Windows-GroupPolicyPrinters
Version: 6.1
Symbolic Name: W_CSE_POLICYAPPLYFAILED_BYPASS or E_CSE_POLICYAPPLYFAILED
Message: The [computer | user] <computer IP address> preference item in the <GPO name> Group Policy object did not apply because it failed with error code <error code>. This error was suppressed.

Resolve

Correct any issues with the printer driver.

The Printers preference extension logs the error message and the error code. This information appears on the
Details tab of the error message in Event Viewer. The error code (displayed as a hexadecimal) and error description fields further identify the reason for the failure. Evaluate the error code with the list below:

  • Error code 0x80070705

Error code
0x80070705 (The printer driver is unknown)

This error code usually indicates that the Printer is configured with a type 4  print drivers.

Group Policy Preference TCP/IP printers do not support Type 4 print drivers. The printer must be configured on the server with Type 3 drivers.

The printer driver type can be discovered as follows:

  1. Open the Print Management console by typing printmanagement.msc on the command-line.
  2. In the console tree, click Printer Servers to expand the folder.
  3. Click the Print Server that you are configuring
  4. Click Printers
  5. In the results pane, for the specific printer,  check the «Driver Type» column. This column specifies if the driver is Type 3 or Type 4.

If it is determined that the print drive is type 4, a type 3 print drive must be selected instead. This can be done within the Print Management console by selecting the type 3 driver from the drop down list, if already installed on the print server. If the
type 3 driver is not already installed on the print server, you can install the type 3 driver from the Advanced tab. Select New Driver.

Most type 3 print drivers can be downloaded from Windows Update. If the type 3 driver is not available from Windows Update, see the printer manufacturer’s website.

Verify

Group Policy applies during computer startup and user logon. Afterwards, Group Policy applies every 90 to 120 minutes. Events appearing in the event log may not reflect the most current state of Group Policy. Group Policy Printers will continue to apply
every refresh unless the «Apply once and do not reapply» option has been selected on the Common tab. Therefore, you should always refresh Group Policy to determine if Group Policy is working correctly.

To refresh Group Policy on a specific computer:

  1. Open the Start menu. Click All Programs and then click
    Accessories.
  2. Click Command Prompt.
  3. In the command prompt window, type gpupdate and then press ENTER.
  4. When the gpupdate command completes, open the Event Viewer.

Group Policy Printers is working correctly if this event ID is no longer logged in the Application log.

Related Management Information

  • Information about Group Policy Preferences Events
  • Understand and Troubleshoot Printing in Windows Server «8» Beta

Description

In this article, I am going to give the solution/fix/cause for error Event 4098. Event ID 4098 is an error event that related to the Group Policy Shortcuts.

Event ID 4098 Source

I saw the Event ID 4098 with the following error.

The computer 'My Settings' preference item in the 'Default Domain Policy {31B2F340-016D-11D2-945F-00C04FB984F9}' Group Policy object did not apply because it failed with error code '0x80070002 The system cannot find the file specified.' This error was suppressed.

Event ID 4098:Fix/Solution

After I have analyzed for some time found the following things as root cause for the problem.
 1. Open the Group Policy Management Console by running the command GPMC.msc.

 2. Click the Edit option on Default Domain Policy (the above 4098 event source shows this policy as error, In your case, it may be different policy )

3. Go to the Computer Shortcuts node, Computer Configuration ->Preferences -> Windows Settings ->Shortcuts, in right side pane check the target path of the shortcut link that causes for the Event 4098.
In my case, the shortcut link is My Settings

Event ID 4098 - Group Policy Shortcut error -Fix/Solution

3. Now change file path in shortcut link settings which caused the Group Policy Shortcut error.

 Thanks,
 Morgan
Software
 Developer

I am using Group Policy Preference item to copy a file from a network URL to a location within the users profile and keep coming up with an Evnit ID 4098 (as seen below). Here is what I have:

1. This is a Windows XP SP3 machine with the group policy client side extension installed
2. I have also confirmed that from that machine with the user logged in, I can access the location of the policy folder (as shown below) so it doesn’t appear to me to be a permission issue.
3. The permissions on that policy folder allows Authenticated user to read it.
3. User does not have admimistrative permissions on machine being logged into

Anyone have any idea what could be the causing this?

______

domain.localSYSVOLdomain.localPolicies{B9EFD8C6-627D-4D72-A42B-E36357AC1490}

Event Type: Warning
Event Source: Group Policy Files
Event Category: (2)
Event ID: 4098
Date:  11/20/2012
Time:  11:59:30 PM
User:  NT AUTHORITYSYSTEM
Computer: Desktop-013
Description:
The user ‘NRTDDE.INI’ preference item in the ‘User Policy (XP Desktops) {B9EFD8C6-627D-4D72-A42B-E36357AC1490}’ Group Policy object did not apply because it failed with error code ‘0x80070005 Access is denied.’ This error was suppressed.

KnowledgeBase: Group Policy Preferences for Local Users and Groups fails with Event ID 4098 on Windows 8 and Windows Server 2012

Last week, Microsoft released KnowledgeBase article 2890259. It describes an issue in Windows 8 and Windows Server 2012 with Group Policy Preferences for Local Users and Groups.

In some circumstances, these Group Policy Preferences would not apply, resulting in events with EventId 4098 in the Windows Event Viewer (eventvwr.exe) on your domain-joined Windows 8-based device(s) and/or Windows Server 2012-based member server(s). 

The situation

In many organizations, Group Policy Preferences (GPPs) are used to manage local users and groups. However, when you apply a Group Policy Preference for Local Users and Groups to rename the built-in Administrator account on a domain-joined Windows 8-based device and/or Windows Server 2012-based member server the group policy preference for Local Users and Groups fails to apply and an event similar to the below is logged on domain-joined Windows 8-based devices and/or Windows Server 2012-based member servers:

Log Name: Application Source: Group Policy Local Users and Groups Event ID: 4098 Task Category: (2) Level: Warning Keywords: Classic User: SYSTEM Description: The computer'Administrator (built-in)' preference item in the'Policy_Name {GUID}' Group Policy Object did not apply because it failed with error code'0x8007052a This operation is disallowed as it could result in an administration account being disabled, deleted or unable to logon.' This error was suppressed.

The issue

This issue can occur if the User cannot change password checkbox is checked when you configured the Group Policy Preference. Do not configure this option for the built-in administrator account. This may lead to the inability of the administrator account being able to logon to the Windows 8-based device(s) and/or Windows Server 2012-based member server(s).

The solution

To resolve this issue, follow the steps mentioned below to edit the Group Policy Preference, Local Users and Groups and uncheck the option of «User cannot change password»

  1. Log on to a domani-joined Windows 8-based device(s) and/or Windows Server 2012-based member server(s) with Group Policy Management installed, with an account which has permissions to modify the Group Policy Object.
  2. Start Group Policy Mangement (gpmc.msc)
  3. Locate the Group Policy Object (GPO), responsible for the Group Policy Preference settings for Local Users and Groups on the Windows 8-based device(s) and/or Windows Server 2012-based member server(s) where you receive the events.Tip!
         Use Resultant Set of Policies (rsop.msc) on the Windows 8-based device(s)
    and/or Windows Server 2012-based member server(s) to locate the Group Policy
    Object (GPO) responsible for the settings, if needed.
  4. Right-click the Group Policy Object (GPO), right-click it and select Edit… from the context menu.
  5. In the Group Poliy Object (GPO) in the left pane, navigate to Computer Configuration, then Preferences, Control Panel Settings and finally Local Users and Groups.
  6. Right-click the Local Users and Groups policy for the built-in account and click Properties from the context menu.
  7. Uncheck User cannot change password option.Group Policy Preferences to change the password for the built-in administrator
  8. Click Apply and then OK.If you have multiple Domain Controllers, wait for Active Directory Replication to finish.
  9. Run gpupdate /force on the Windows 8-based device(s) and/or Windows Server 2012-based member server(s) or force a remote Group Policy update on the Organizational Unit(s) containing the affected Windows 8-based device(s) and/or Windows Server 2012-based member server(s) from within Group Policy Management.

Related KnowledgeBase articles

2890259 GPP Local Users and Groups fails with Event ID 4098 on Windows 8 and Windows Server 2012
2616766 Group Policy Preferences Local Users & Groups do not accept long names

Further reading

Local Users and Groups Extension
Configure a Local User Item
How to use Group Policy Preferences to Secure Local Administrator Groups
Local admin with Group Policy Preferences

Consider the following:

  • You have a computer that is running Windows 8 or Windows Server 2012
  • You join the computer to a Domain
  • You apply a Group Policy Preference Local Users and Groups to rename the built-in Administrator account.

In this scenario, the group policy preference Local Users and Groups fails to apply and an event similar to the below is logged on the Windows 8 clients or Windows Server 2012 computers:

Log Name:      Application
Source:        Group Policy Local Users and Groups
Event ID:      4098
Task Category: (2)
Level:         Warning
Keywords:      Classic
User:          SYSTEM
Computer:      Computer.Contoso.com
Description:
The computer ‘Administrator (built-in)’ preference item in the ‘Policy_Name {GUID}’ Group Policy Object did not apply because it failed with error code ‘0x8007052a This operation is disallowed as it could result in an administration account being disabled, deleted or unable to logon.’ This error was suppressed.

Cause:

   This issue can occur if the checkbox «User cannot change password» is checked when you configured the Group Policy Preference. Do not configure this option for the built-in administrator account. This may lead to the inability of the administrator account being able to logon to the computers. 

Resolution:

 To resolve this issue, follow the steps mentioned below to edit the Group Policy Preference, Local Users and Groups and uncheck the option of «User cannot change password» 

  1. Open GPMC with an account which has permissions to modify the Group Policy Object.
  2. Browse to the following Group Policy Object
    Computer ConfigurationPreferencesControl Panel SettingsLocal Users and Groups
  3. Right click the Local Users and Groups policy for the built-in account and click Properties
  4. Uncheck User cannot change password option
  5. Click Apply and then OK.
    If you have multiple Domain Controllers, wait for Active Directory Replication to finish.
  6. Run gpupdate /force on the client computers

Soure:
www.technet.microsoft.com

Published By
S.G.Godwin Dinesh.MCA
Sr.System Administrator

  • Remove From My Forums

  • General discussion

  • Hi We are getting multiples events on production servers of Event 4098:-

    Group policy 4098 The computer ‘Administrators’ preference item in the  Baseline Policy {CF03F75-F0′ Group Policy object did not apply because it failed with error code ‘0x80070534 No mapping between account names and security IDs was done.’ This error
    was suppressed.
    Plese let us know removed the entry form XML file which located SYSVOLPolicies is good approach to fix that issue

    • Edited by

      Thursday, July 3, 2014 2:04 PM

    • Changed type
      H.Vats
      Friday, July 4, 2014 3:04 PM
  • Remove From My Forums

  • General discussion

  • Hi We are getting multiples events on production servers of Event 4098:-

    Group policy 4098 The computer ‘Administrators’ preference item in the  Baseline Policy {CF03F75-F0′ Group Policy object did not apply because it failed with error code ‘0x80070534 No mapping between account names and security IDs was done.’ This error
    was suppressed.
    Plese let us know removed the entry form XML file which located SYSVOLPolicies is good approach to fix that issue

    • Edited by

      Thursday, July 3, 2014 2:04 PM

    • Changed type
      H.Vats
      Friday, July 4, 2014 3:04 PM

Источник

Consider the following:

  • You have a computer that is running Windows 8 or Windows Server 2012
  • You join the computer to a Domain
  • You apply a Group Policy Preference Local Users and Groups to rename the built-in Administrator account.

In this scenario, the group policy preference Local Users and Groups fails to apply and an event similar to the below is logged on the Windows 8 clients or Windows Server 2012 computers:

Log Name:      Application
Source:        Group Policy Local Users and Groups
Event ID:      4098
Task Category: (2)
Level:         Warning
Keywords:      Classic
User:          SYSTEM
Computer:      Computer.Contoso.com
Description:
The computer ‘Administrator (built-in)’ preference item in the ‘Policy_Name {GUID}’ Group Policy Object did not apply because it failed with error code ‘0x8007052a This operation is disallowed as it could result in an administration account being disabled, deleted or unable to logon.’ This error was suppressed.

Cause:

   This issue can occur if the checkbox «User cannot change password» is checked when you configured the Group Policy Preference. Do not configure this option for the built-in administrator account. This may lead to the inability of the administrator account being able to logon to the computers. 

Resolution:

 To resolve this issue, follow the steps mentioned below to edit the Group Policy Preference, Local Users and Groups and uncheck the option of «User cannot change password» 

  1. Open GPMC with an account which has permissions to modify the Group Policy Object.
  2. Browse to the following Group Policy Object
    Computer ConfigurationPreferencesControl Panel SettingsLocal Users and Groups
  3. Right click the Local Users and Groups policy for the built-in account and click Properties
  4. Uncheck User cannot change password option
  5. Click Apply and then OK.
    If you have multiple Domain Controllers, wait for Active Directory Replication to finish.
  6. Run gpupdate /force on the client computers

Soure:
www.technet.microsoft.com

Published By
S.G.Godwin Dinesh.MCA
Sr.System Administrator

Источник

Понравилась статья? Поделить с друзьями:
  • Ошибка 4101 amd windows 10
  • Ошибка 4112 на терминале сбербанка
  • Ошибка 40967 порше кайен
  • Ошибка 4100 терминал ingenico
  • Ошибка 4111 на терминале сбербанка