"Windows Cannot Read Template Information" Error Message When You Try to View a Windows XP-based Template in a Windows 2000 Domain (827012)
The information in this article applies to:
- Microsoft Windows XP Home Edition SP1
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
- Microsoft Windows 2000 Server SP4
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
SYMPTOMSIf you create and edit a security template by using the Security Configuration and Analysis tool on a Windows XP-based computer, and then you import this template into a Group Policy object on a Windows 2000 domain controller, you cannot view the template. This is true even though no errors are reported during the import operation. When you try to use the Group Policy editor to view the security settings in the Group Policy object where the template was imported, you receive the following error message (with a red cross next to it): Windows cannot read template information The following events are also logged in Event Viewer when the Group Policy setting is applied to a Windows 2000 client: Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date:
Time:
User: N/A
Computer: Description:
Security policies are propagated with warning. 0x4b8 : An extended error has occurred.
Please look for more details in TroubleShooting section in Security Help. Event Type: Error Event Source: Userenv
Event Category: None
Event ID: 1000
Date: Time: User: NT AUTHORITY\SYSTEM
Computer: Description:
The Group Policy client-side extension Security was passed flags (1) and returned a failure status code of (1208). CAUSEIn Windows XP, the following new Security Descriptor Definition Language (SDDL) objects have been defined: - AN - Anonymous Logon
- LS - Local Service Account
- NS - Network Service Account
- RD - Remote Desktop Users
- NO - Network Configuration Operators
- MU - Performance Monitor Users
- LU - Performance Log Users
Because these SDDL objects do not exist in Windows 2000, you cannot view the template in Windows 2000. RESOLUTIONTo view the template and to apply it to Windows 2000, create the template in Windows 2000. If you want to solve the problem that occurs if you edit domain Group Policy, apply the hotfix that is described in the following Knowledge Base article: 837166 Group Policy that you edit in Windows XP does not work in Windows 2000
WORKAROUNDTo work around this issue, view the template by using Windows XP or Microsoft Windows Server 2003.STATUS
This behavior is by design.MORE INFORMATIONIf you create the template by using Windows XP, and it contains the new SDDL objects, the template is correctly applied to Windows XP and Windows Server 2003-based computers. Additionally, you can view the template by using the Group Policy Management Console (GPMC) tool in Windows XP and Windows Server 2003.
However, the Group Policy object generates the event IDs that are described in the "Symptoms" section when the template is applied to Windows 2000 clients. This occurs because Windows 2000 clients cannot resolve the new SDDL objects.
| Modification Type: | Major | Last Reviewed: | 3/13/2004 |
|---|
| Keywords: | kberrmsg kbprb KB827012 kbAudEndUser kbAudITPRO |
|---|
|