Tuesday, September 16, 2014
Consider the following:
In this scenario, the group policy preference Local Users and Groups fails to apply and an event similar to the below is logged on the Windows 8 clients or Windows Server 2012 computers:
www.technet.microsoft.com
Published By
S.G.Godwin Dinesh.MCA
Sr.System Administrator
- You have a computer that is running Windows 8 or Windows Server 2012
- You join the computer to a Domain
- You apply a Group Policy Preference Local Users and Groups to rename the built-in Administrator account.
In this scenario, the group policy preference Local Users and Groups fails to apply and an event similar to the below is logged on the Windows 8 clients or Windows Server 2012 computers:
Log Name: Application
Source: Group Policy Local Users and Groups
Event ID: 4098
Task Category: (2)
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: Computer.Contoso.com
Description:
The computer 'Administrator (built-in)' preference item in the 'Policy_Name {GUID}' Group Policy Object did not apply because it failed with error code '0x8007052a This operation is disallowed as it could result in an administration account being disabled, deleted or unable to logon.' This error was suppressed.
Source: Group Policy Local Users and Groups
Event ID: 4098
Task Category: (2)
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: Computer.Contoso.com
Description:
The computer 'Administrator (built-in)' preference item in the 'Policy_Name {GUID}' Group Policy Object did not apply because it failed with error code '0x8007052a This operation is disallowed as it could result in an administration account being disabled, deleted or unable to logon.' This error was suppressed.
Cause:
This issue can occur if the checkbox "User cannot change password" is checked when you configured the Group Policy Preference. Do not configure this option for the built-in administrator account. This may lead to the inability of the administrator account being able to logon to the computers.
Resolution:
To resolve this issue, follow the steps mentioned below to edit the Group Policy Preference, Local Users and Groups and uncheck the option of "User cannot change password"
- Open GPMC with an account which has permissions to modify the Group Policy Object.
- Browse to the following Group Policy Object
Computer Configuration\Preferences\Control Panel Settings\Local Users and Groups - Right click the Local Users and Groups policy for the built-in account and click Properties
- Uncheck User cannot change password option
- Click Apply and then OK.
If you have multiple Domain Controllers, wait for Active Directory Replication to finish. - Run gpupdate /force on the client computers
www.technet.microsoft.com
Published By
S.G.Godwin Dinesh.MCA
Sr.System Administrator