Using Group Policys to Configure Windows Services

[tobru]

I tried to configure the Windows Services using Group Policys.

Now when I start the PC with the configured GPO there are many red crosses in the Event Log and the PC slows down. No other Policy settings are set, so I think its a problem with configuring this services.
Before I made the Policy definition, I set the Services by hand to my needs to test if there are any problems. After that, I set the Services in the Group Policy like I configured they by hand.
For help me resolving this Problem, I put the EventLog and the Policy settings on my Server:
Application EventLog
System EventLog
GPO definitions

Please help =)
Thanks a lot...
Tobias

 

[markdmac]

Which services are we talking about?

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[mlichstein]

You posted the app log twice (no system log).

What type of machine is this? A server? Workstation? Domain controller? What?

What exactly is the problem? Red x's and "the PC slows down" is not very helpful in diagnosing the problem.

 

[GlenJohnson]

What kind of error messages are you getting. Post the type of error message and the number so we can chase down the solution. Good luck.

Click here to learn How to help with tsunami relief...

http://www.google.com/tsunami_relief.html

Glen A. Johnson
"An investment in knowledge always pays the best interest."
Benjamin Franklin

 

[tobru]

Hello

@markdmac:
We are talking about the Windows Services like "Automatic Updates" or "Event Log".

@mlichstein:
I'm sorry, I fixed this.
Application EventLog
System EventLog

It is an IBM Thinkpad T42 Laptop and is used as a normal Workstation with Windows XP Professional SP2.
The exact problem is difficult to describe, I'll give another try: When I apply the GPO then many Services will fail to start or are always starting (status). In the Eventlog are many errors. When I remove the GPO from this Computer, no more errors are in the Event Log.
Here is a list of this errors:

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date:		24.02.2005
Time:		17:06:00
User:		N/A
Computer:	ZIBTESTL
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. 

For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]


Event Type:	Error
Event Source:	Kerberos
Event Category:	None
Event ID:	7
Date:		24.02.2005
Time:		17:07:28
User:		N/A
Computer:	ZIBTESTL
Description:
The kerberos subsystem encountered a PAC verification failure.  This indicates that the PAC from the client ZIBTESTL$ in realm SUISA.CH had a PAC which failed to verify or was modified.  Contact your system administrator.

For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]
Data:
0000: 92 01 00 c0               ?..À    


Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date:		24.02.2005
Time:		17:08:28
User:		N/A
Computer:	ZIBTESTL
Description:
The Windows Installer service terminated with the following error: 
The requested lookup key was not found in any active activation context. 

For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]


Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7022
Date:		24.02.2005
Time:		17:08:28
User:		N/A
Computer:	ZIBTESTL
Description:
The COM+ Event System service hung on starting.

For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]


Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7022
Date:		24.02.2005
Time:		17:08:28
User:		N/A
Computer:	ZIBTESTL
Description:
The Network Connections service hung on starting.

For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]


Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date:		24.02.2005
Time:		17:08:28
User:		N/A
Computer:	ZIBTESTL
Description:
The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: 
After starting, the service hung in a start-pending state. 

For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]


Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date:		24.02.2005
Time:		17:08:28
User:		N/A
Computer:	ZIBTESTL
Description:
The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: 
After starting, the service hung in a start-pending state. 

For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]


Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date:		24.02.2005
Time:		17:09:42
User:		NT AUTHORITY\SYSTEM
Computer:	ZIBTESTL
Description:
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]


Event Type:	Warning
Event Source:	MRxSmb
Event Category:	None
Event ID:	3019
Date:		24.02.2005
Time:		17:09:55
User:		N/A
Computer:	ZIBTESTL
Description:
The redirector failed to determine the connection type.

For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]
Data:
0000: 00 00 00 00 04 00 4e 00   ......N.
0008: 00 00 00 00 cb 0b 00 80   ....Ë..?
0010: 00 00 00 00 84 01 00 c0   ....?..À
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........


Event Type:	Error
Event Source:	EventSystem
Event Category:	(51)
Event ID:	4609
Date:		24.02.2005
Time:		17:06:00
User:		N/A
Computer:	ZIBTESTL
Description:
The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 80004015 from line 130 of d:\qxp_slp\com\com1x\src\events\tier2\service.cpp.  Please contact Microsoft Product Support Services to report this error.

For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]


Event Type:	Error
Event Source:	EventSystem
Event Category:	(50)
Event ID:	4609
Date:		24.02.2005
Time:		17:07:28
User:		N/A
Computer:	ZIBTESTL
Description:
The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 80070005 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]


Event Type:	Error
Event Source:	VSS
Event Category:	None
Event ID:	8193
Date:		24.02.2005
Time:		17:07:28
User:		N/A
Computer:	ZIBTESTL
Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]
Data:
0000: 57 52 54 57 52 54 49 43   WRTWRTIC
0008: 32 31 34 39 00 00 00 00   2149....
0010: 57 52 54 57 52 54 49 43   WRTWRTIC
0018: 32 31 31 31 00 00 00 00   2111....


Event Type:	Error
Event Source:	Userenv
Event Category:	None
Event ID:	1090
Date:		24.02.2005
Time:		17:07:29
User:		NT AUTHORITY\SYSTEM
Computer:	ZIBTESTL
Description:
Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]

@GlenJohnson:
See the answer to mlichstein.

Tobias

 

[mlichstein]

I'm assuming this machine is a member of a domain? If so, you need to change the startup type for the Netlogon service to automatic.

 

[tobru]

Yes, this PC is a domain-member.
I changed the service from manual (windows default) to automatic, but no success =(
In the Security-Eventlog, the following entries are found:

Event Type:	Failure Audit
Event Source:	Security
Event Category:	Object Access 
Event ID:	560
Date:		28.02.2005
Time:		14:39:05
User:		NT AUTHORITY\NETWORK SERVICE
Computer:	ZIBTESTL
Description:
Object Open:
 	Object Server:	SC Manager
 	Object Type:	SERVICE OBJECT
 	Object Name:	winmgmt
 	Handle ID:	-
 	Operation ID:	{0,246763}
 	Process ID:	596
 	Image File Name:	C:\WINDOWS\system32\services.exe
 	Primary User Name:	ZIBTESTL$
 	Primary Domain:	SUISA
 	Primary Logon ID:	(0x0,0x3E7)
 	Client User Name:	NETWORK SERVICE
 	Client Domain:	NT AUTHORITY
 	Client Logon ID:	(0x0,0x3E4)
 	Accesses:		READ_CONTROL 
			Query information from service 
			
 	Privileges:		-
 	Restricted Sid Count: 0


For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]


Event Type:	Failure Audit
Event Source:	Security
Event Category:	Object Access 
Event ID:	560
Date:		28.02.2005
Time:		14:38:47
User:		NT AUTHORITY\NETWORK SERVICE
Computer:	ZIBTESTL
Description:
Object Open:
 	Object Server:	SC Manager
 	Object Type:	SERVICE OBJECT
 	Object Name:	Netman
 	Handle ID:	-
 	Operation ID:	{0,214366}
 	Process ID:	596
 	Image File Name:	C:\WINDOWS\system32\services.exe
 	Primary User Name:	ZIBTESTL$
 	Primary Domain:	SUISA
 	Primary Logon ID:	(0x0,0x3E7)
 	Client User Name:	NETWORK SERVICE
 	Client Domain:	NT AUTHORITY
 	Client Logon ID:	(0x0,0x3E4)
 	Accesses:		READ_CONTROL 
			Query information from service 
			
 	Privileges:		-
 	Restricted Sid Count: 0


For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]


Event Type:	Failure Audit
Event Source:	Security
Event Category:	Object Access 
Event ID:	560
Date:		28.02.2005
Time:		14:38:40
User:		NT AUTHORITY\NETWORK SERVICE
Computer:	ZIBTESTL
Description:
Object Open:
 	Object Server:	SC Manager
 	Object Type:	SERVICE OBJECT
 	Object Name:	EventSystem
 	Handle ID:	-
 	Operation ID:	{0,99202}
 	Process ID:	596
 	Image File Name:	C:\WINDOWS\system32\services.exe
 	Primary User Name:	ZIBTESTL$
 	Primary Domain:	SUISA
 	Primary Logon ID:	(0x0,0x3E7)
 	Client User Name:	NETWORK SERVICE
 	Client Domain:	NT AUTHORITY
 	Client Logon ID:	(0x0,0x3E4)
 	Accesses:		READ_CONTROL 
			Query information from service 
			
 	Privileges:		-
 	Restricted Sid Count: 0


For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]


Event Type:	Failure Audit
Event Source:	Security
Event Category:	Object Access 
Event ID:	560
Date:		28.02.2005
Time:		14:38:38
User:		NT AUTHORITY\NETWORK SERVICE
Computer:	ZIBTESTL
Description:
Object Open:
 	Object Server:	SC Manager
 	Object Type:	SERVICE OBJECT
 	Object Name:	ShellHWDetection
 	Handle ID:	-
 	Operation ID:	{0,97769}
 	Process ID:	596
 	Image File Name:	C:\WINDOWS\system32\services.exe
 	Primary User Name:	ZIBTESTL$
 	Primary Domain:	SUISA
 	Primary Logon ID:	(0x0,0x3E7)
 	Client User Name:	NETWORK SERVICE
 	Client Domain:	NT AUTHORITY
 	Client Logon ID:	(0x0,0x3E4)
 	Accesses:		READ_CONTROL 
			Query information from service 
			
 	Privileges:		-
 	Restricted Sid Count: 0


For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]


Event Type:	Failure Audit
Event Source:	Security
Event Category:	Object Access 
Event ID:	560
Date:		28.02.2005
Time:		14:37:13
User:		NT AUTHORITY\NETWORK SERVICE
Computer:	ZIBTESTL
Description:
Object Open:
 	Object Server:	SC Manager
 	Object Type:	SERVICE OBJECT
 	Object Name:	MSIServer
 	Handle ID:	-
 	Operation ID:	{0,85954}
 	Process ID:	596
 	Image File Name:	C:\WINDOWS\system32\services.exe
 	Primary User Name:	ZIBTESTL$
 	Primary Domain:	SUISA
 	Primary Logon ID:	(0x0,0x3E7)
 	Client User Name:	NETWORK SERVICE
 	Client Domain:	NT AUTHORITY
 	Client Logon ID:	(0x0,0x3E4)
 	Accesses:		READ_CONTROL 
			Query service configuration information 
			Query status of service 
			Enumerate dependencies of service 
			Query information from service 
			
 	Privileges:		-
 	Restricted Sid Count: 0


For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]

 

[mlichstein]

Did you reboot after starting the netlogon service?

Why are you restricting all of these services anyway? You're likely restricting a service that other services depend on.

 

[tobru]

Yes I did reboot. Many times, but no success.

I checked the dependencies many times, but I found no problem with that.
My goal is to diable all not needed windows services for a normal workstation who is a member of a windows 2000 domain.
Do you have experience in doing this? Probably you already made this before?