Handle event 1000 errors in Win2k

What they are and how to handle them.

Group policy objects are a convenient and widely used way to enforce certain behaviors on all the machines in a specific environment. There are, however, some pitfalls to using GPOs that may not be obvious even to experienced administrators.

Like this. One of the errors that can be logged on workstations that have GPOs applied to them unsuccessfully is Event ID 1000. The log entry will usually look like this:

Event ID: 1000
Event Source: Userenv
Description: Windows cannot read the history of GPOs from the registry

This error is notoriously vague, since it is simply used to indicate that applying the GPO failed for some generic reason. The most common reason (which isn't separately documented as an error) is a missing or damaged Registry entry -- or a Registry entry with incorrect permissions applied to it, a common "time bomb" problem.

Here's what to do.

  1. Open the Registry Editor using REGEDT32 (not REGEDIT) and navigate to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionGroup PolicyHistory.

  2. Make sure the History key and its sub-keys have these permissions:

    Read permissions for the group Authenticated Users
    Read / Full Control permissions for the groups Administrators and System

  3. Go into the History key and delete all of its subkeys (but don't delete the History key itself!). These sub-keys will be recreated later.

  4. Run the following command from the command line:

    secedit /refreshpolicy machine_policy /enforce

This forces GPO settings to be imposed and take effect immediately. (For more on the SECEDIT /REFRESHPOLICY command, see Microsoft KnowledgeBase Article 227302.)


Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter.


This was first published in February 2003

Dig deeper on Windows Operating System Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close