The following table illustrates how events display in your log.
2001 Error importing settings to object 2002 Various generic exception messages 2004 Various generic exception messages 2005 Various generic exception messages 2006 Various generic exception messages 2007 Various generic exception messages
2010 Problem with Access Control List (ACL) attribute.
2245 Problem with Read Only domains or a problem with the version control containers.
5000 Problem with the license – error code and error message 5000-2086928381 Invalid license – wrong product
5000-2086928382 Invalid license – demo expired 5000-2086928383 Invalid license – license expired 5000-2147467259 Invalid license
LEVEL SOURCE EVENT ID TASK
CATEGORY DESCRIPTION
Information GPOADmin 1050 2 The change is an
authorized change made by GPOADmin on a working copy.
Warning GPOADmin 1050 2 Unable to locate any
domain controllers to monitor.
EVENT ID DESCRIPTION
Glossary
This glossary contains definitions taken from Microsoft publications.
A
Active Directory
The Windows directory service.
ADAM ADAM is a Lightweight Directory Access Protocol (LDAP) directory service. It provides data storage and retrieval for directory-enabled applications, without the dependencies that are required for the Active Directory directory service. ADAM provides much of the same functionality as Active Directory, but it does not require the deployment of domains or domain controllers. You can run multiple instances of ADAM concurrently on a single computer, with an independently managed schema for each ADAM instance.
AD LDS
In Windows Server 2008, ADAM was renamed AD LDS - Active Directory Lightweight Directory Services
ADM files
Template files that are used by Group Policies to describe where registry-based policy settings are stored in the registry.
Administrative rights
Administrative rights are the rights granted to a member of the Administrators local group. This member can perform such actions as creating user accounts, creating groups, and adding group members.
Authentication
The process required to log on to a computer locally.
Authentication requires a valid user name and password that exists in the local accounts database. An access token is created if the information provided matches the account in the database.
D
Distinguished name (DN)
The distinguished name is the fully qualified name of an object in a hierarchical system. Distinguished names are used for all Active Directory objects and in the Domain Name System (DNS). No two objects in these systems should have the same distinguished name.
Domain
A domain (in relation to a Microsoft network) is a logical collection of resources consisting of computers, printers, computer accounts, user accounts, and other related objects. The domain also has a system of logon
authentication of user accounts, and computer accounts.
Domain controller (DC)
A server that authenticates domain logon passwords and maintains security policy and the security accounts master database for a domain.
F
Forest
One or more domain trees that do not form a contiguous namespace but that share a common schema,
configuration, and global catalog.
G
Group
A group (in relation to a Microsoft network) is a logical collection of user accounts or other groups. A collection of users, computers, contacts, and other groups.
Group Policy Object (GPO)
GPO is the grouping of policy settings for users and computers.
GPMC Group Policy Management Console. This is Microsoft’s native tool for managing Group Policy.
GPMC Extension
The GPOADmin interface for managing Group Policy within GPMC.
L
Live GPO
Live GPOs are the GPOs that reside in the enterprise environment and affect user and computer settings.
N
Node In a network, a node is a connection point, either a redistribution point or an end point for data transmissions.
O
Object
An object is a Windows NT entity. Examples include users, groups, and computers. Access rights to objects include create, read, edit, and delete.
OU Organizational Unit
An OU is a container object used to organize the Active Directory objects logically within a domain.
P
Permission
A rule associated with an object to regulate access to a particular object on the network. For example, a user may have read and write access to a file on the network.
Policies
General controls that enhance the security of an operating environment.
Reject
If a GPO edit is rejected, no changes are incorporated and the GPO status is set back to an available state.
Rollback
From the Compliance Wizard, users can roll back within the Version Control system to any point in the GPO's history.
S
Schema
The metadata that describes the use of objects within a given structure.
Scope of Management (SOM)
An Active Directory site, domain, or organizational unit container. These containers contain user and computer accounts that can be managed through Group Policy.
These SOMs are themselves associated with Group Policy objects (GPOs), and the accounts within them are considered by the Group Policy Protocol [MS-GPOL] to inherit that association.
Site A collection of domain controllers. Sites are defined by a domain controller’s subnet.
SLA Software License Agreement
SOM See Scope of Management.
W
Watcher Service
The Watcher Service protects an organization from unauthorized changes by automatically detecting changes to GPOs made outside of the GPOADmin Version Control system.
WMI Filters
WMI Filters are used to determine the scope of Group Policies based on computer attributes such as the operating system, free hard disk space or brand and model.
A
approve or reject 70
changing the approval workflow 68 check compliance 74
check in objects 60 check out objects 57 client/server architecture 9 Version Control server 16
Conflicting Objects Report 98 conflicting template settings 92 connections
Contacting Quest Software 161 contacting Quest support 161 container
customized views 14 hierarchy 40
label 40
controlled object reports 87 create
templates from registered GPOs 47 WMI filters 45
Cross-Domain Linked Group Policy Objects Report 98
delete version history 53 Deployment
differences report 41, 89, 100 compare group policy results 100 disabling workflow 56
E
editADM files 108 GPOs 76
object properties 54 objects 76
roles 24
I NDEX
WMI filters 79 enabling workflow 56
enhanced workflow approval 67 F
flagged GPO 75 restore with links 75 FRS Event Log Report 95 FRS Log Reports 96 FRS Parameters Report 96 FRS Troubleshooter Report 95 G
GPMC Extension accessing 31 overview 10
restoring GPO links 64 GPO links
appending 65 replacing 65 searching for 65 GPOADmin
PowerShell scripts 114, 152 group policy reports
differences 41, 89, 100 object consistency report 98 object security report 99 object settings search report 90 result differences report 100 results report 99
importing INF file settings 81 inactive policy settings report 99 incorporate live 74
L
label a container 40 labels 49
latest version report 100 license
restoring with GPOs 75 live report 100 modify approval workflow 67 multi-forest support 10 multiple
differences report 41, 89, 100 links, creating 79
N
notification system
copying, pasting, or merging 24 overview 12
selecting events 25 setting for other users 24 O
offline GPO testing 14 export objects 82 import objects 83 P
pending
deployment and approval 66 permissions
ADAM/AD LDS 18 role-based delegation 21 persisting connections 28 port requirements 18 PowerShell scripts 113, 149 preferences
user, configuring 31 properties
viewing and editing 54 R
reject edits 70
diagnostic and troubleshooting 92 differences 41, 89, 100
folders 103
group policy object consistency report 98
group policy object security report 99
group policy object settings search 90
group policy result differences 100 group policy results 99
historical settings 102 history 89
inactive policy settings report 99 latest version 100
linked/unlinked report 99 live 100
options 13 settings 88
software installation package report 99
deleted GPO with links 75 deleted objects 74
GPO links in GPMC Extension 64 GPO links to previous version 63 group policy objects and links 74 to a previous version 61
review links
green links 65, 66 red links 65, 66 yellow links 65, 66
role-based delegation 11, 21 roles
create 23
create and edit 20 delegate 24
group policy objects with links 73 noncompliant objects 73
restore object in live environment 73
all managed objects 29 available 29
checked out 29 checked out to me 29 cloaked 30
deleted objects 30
linked scopes of management 30 locked 30
pending approval 29 pending deployment 29 unauthorized modifications 30 unlinked scopes of management 31 unregistered 30
workflow disabled objects 30 workflow enabled objects 30 search report
group policy settings 90 Set NTFRS Parameters Report 97 Settings Report 88
settings report 88
software installation package report 99
status
available 36, 56 checked out 37, 59 pending approval 38 pending deployment 38, 66 registered 49
SYSVOL Connectivity Report 97 T
template apply 77
conflict report 91 create 47
create from registered GPOs 47 custom ADM files 32
edit 81 overview 13
third party licenses 162 troubleshooting reports 92 U
undo check out 59 unregistering 39 user activity report 90 user preferences 31 V
version control 11 Version Control server
configuring 16 editing properties 19
viewdifferences between versions 41 history 51
properties 54 W
Watcher Service 73 withdraw approval 61 WMI filters 45
workflow diagram 9 working copy report 100