MZ@ !L!This program cannot be run in DOS mode. $Rؕ3}3}3}H̴3}H̱3}Rich3}PEL!  b\@`.rsrcpb@@0H (@XpKM0NH`x            0 @ P ` p  `L`!(D`>$@8\FPLMHM*MQ@T(mMUI{D$l,|T wYzGЕ[ w MUI en-US Securing %s Creating %seError %d to copy security configuration to the security templates directory and the repair directory.LError %d to snapshot system security to %s. See log file %s for detail info.Error %d to load DLL %s.PA(Error %d to get procedure address of %s.Error 0x%x to get token user.2GPO %s is not processed due to previous GPO error.2Cannot access the template. Error code = %d. %s.!No template is defined in GPO %s.Make a local copy of %s.Process GP template %s.0x%x : %s Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".$EFS policy defined : Length is %d. (No EFS policy is defined at this level ,Error=%d to save EFS policy to a temp key. (Existing EFS policy in LSA (Length=%d) )Status=%d to set EFS policy (Length %d) EFS policy is not changed -Cannot open LSA to set EFS policy. Error=%d :Error %d to query merged EFS policy in this propagation. !Error %d to get the DS root name. Error %d to open and bind to DS.9Error %d to save policy change in the local GPO database.=Error %d to send policy change notification to policy engine.7Default Group Policy Object %s is successfully created.,Error %d to copy the default template to %s. Error %d to create directory %s.*Not enough memory to process this command.3Error 0x%x to get file system path for default GPO.CError %d to get the role (DC, server, professional) of the machine.Error %d to open GPO %s.&Error %d to read policies from GPO %s.Error %d to open database./Error %d to create arguments for second thread.Error %d to create a thread.=Snapshot of system security policy and user rights are saved.<Error %d to snapshot system security policy and user rights.3Error %d to remove default settings with option %x.$Out of box default security settings8Default security settings updated for domain controllersSecurity Configuration Server (in services.exe) is not ready. This is probably in system reboot. Policy will be tried again in the next propagation.=Process policy filter changes in the first reboot after setupLSA policy is changed in setup.SAM policy is changed in setup.Notify policy server.:This is not the last GPO : domain policy is ignored on DC.This is not the last GPO.6This is the last GPO : domain policy is ignored on DC.this is the last GPO._Policy propagation is invoked in winlogon blocking thread. Create another thread for slow task.,Policy server is not ready, retry count #%d.Applying security policy'Applying security policy to the system.S 0x%x : %s Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events". Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions: 1. Identify accounts that could not be resolved to a SID: From the command prompt, type: FIND /I "Cannot find" %%SYSTEMROOT%%\Security\Logs\winlogon.log The string following "Cannot find" in the FIND output identifies the problem account names. Example: Cannot find JohnDough. In this case, the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe"). 2. Use RSoP to identify the specific User Rights, Restricted Groups, and Source GPOs that contain the problem accounts: a. Start -> Run -> RSoP.msc b. Review the results for Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment and Computer Configuration\Windows Settings\Security Settings\Local Policies\Restricted Groups for any errors flagged with a red X. c. For any User Right or Restricted Group marked with a red X, the corresponding GPO that contains the problem policy setting is listed under the column entitled "Source GPO". Note the specific User Rights, Restricted Groups and containing Source GPOs that are generating errors. 3. Remove unresolved accounts from Group Policy a. Start -> Run -> MMC.EXE b. From the File menu select "Add/Remove Snap-in..." c. From the "Add/Remove Snap-in" dialog box select "Add..." d. In the "Add Standalone Snap-in" dialog box select "Group Policy" and click "Add" e. In the "Select Group Policy Object" dialog box click the "Browse" button. f. On the "Browse for a Group Policy Object" dialog box choose the "All" tab g. For each source GPO identified in step 2, correct the specific User Rights or Restricted Groups that were flagged with a red X in step 2. These User Rights or Restricted Groups can be corrected by removing or correcting any references to the problem accounts that were identified in step 1.nError code %d occurs when promoting system security. Please see detail in %windir%\security\logs\scedcpro.log.3Error opening some security database(s) such as %s.0x%x : %s Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events". Error 0x5B4 is likely caused because applications change policy using down level APIs and the policy store is locked._Cannot add Authenticated User and Interactive to local Users group. User may add them manually.&Error %d to reconfigure file security.LCannot add Interactive to local Power Users group. User may add it manually.PACannot delete GP cache.<No privileges set before policy propagation. Okay to ignore. Error %d opening cached GPO %s< Error in logging RSOP data. Error Code %d. Information %s.Cannot create GP cache.= ----RSOP planning data logged successfully. Success Code %d.> RSOP diagnosis information. Error Code %d - for instance %s.G RSOP diagnosis information. 64-bit or 32-bit key. Error Code %d - %s.' Emptying RSOP database. Error Code %d0 RSOP logging information. Error Code %d - %s.%s is a NTFS volume.BRoot drive %s is not a fixed volume. Root security is not changed.JError %d to query volume information for %s. Root security is not changed.=Volume %s is not a NTFS volume. Root security is not changed.PError %d to convert security descriptor string %s. Root security is not changed.gInvalid security information is defined in security descriptor string %s. Root security is not changed.!Error %d to query security of %s.hSecurity for %s is not changed because it is not the default set by Windows. The current security is %s.`Volume %s has weak default security. Windows is strengthening the root security, starting at %s.^Error %d to query DACL pointer from the new security descriptor. Root security is not changed.ASetNamedSecurityInfo returns %d at %s for setting security on %s.fError %d to write root security descriptor string %s to %windir%\security emplates\setup security.inf.2Error %d analyzing root security descriptor at %s.0Error %d to send control flag %x over to server.5Error %d impersonating client token during promotion.,Error %d reverting to self during promotion.Error 0x%x to get token system./Error %d to complete the security backup to %s.Registry ValuesPASecurity EFS recoveryUsersPAError adding %s.'Error adding MemberOf list to group %s.&Error adding Members list to group %s.Error adding %s to %s.Error build object.1Error building security descriptor for object %s.Cannot find data type for %s.Cannot find keyword %s.Cannot find section by ID %d.Error getting LDAP name of %s.Error creating %s.Error creating %s.Invalid template path %s.%s is not a valid privilege.!More objects than allocated (%d).&Keyword %s not expected in section %s.'Object %s must have 3 fields each line.Error opening %s.Error opening section by ID %d.Error process object %s.Error querying info of %s.0Error querying privilege assignment for user %s.Error querying value of %s./Registry value %s must have 2 fields each line.Error setting security on %s.Error writing info for %s.X@@@@DP 4`Security configuration was backed up to %1. A replica domain controller is being promoted. No need to create domain policy object. %1 was registered to create default domain group policy objects. DAccount policy in GPO %1,if any, was ignored because account policy on domain controllers can only be configured through domain level group policy objects. No change has been made to the group policy objects since last propagation. Security policy in the Group policy objects has been applied successfully. DProcess group policy objects. Security configuration on converted drive %1 failed. Please look at %%windir%%\security\logs\convert.log for detailed errors. xSecurity configuration on converted drive %1 succeeded. Security configuration cannot be backed up to security templates directory. Instead, it is backed up to %1. pDefault domain policy object cannot be created. %1 pSecurity policies were propagated with warning. %1 Machine was assumed as a non-domain controller. Policy changes were saved in local database. %1 Promoting/Demoting the domain controller encountered a warning. %1 Policy processing of notifications of policy change from LSA/SAM has been delayed because of low disk space. %1 Root SDDL cannot be backed up to security templates directory. \JetTerm2() cannot shutdown cleanly. Some ESE security databases may not be consistent and cannot be moved anywhere. Scesrv uses multiple databases and the log files could be referring to all of them. JetInit() will recover (if needed) all databases which are referred by the log files by looking at the database location as specified in the log files. This error will be seen if that location changed between the unclean shutdown indicated by JetTerm2() and the recovery moment. The logs and checkpoint located at %%windir%%\security should be deleted. dSecurity configuration was not backed up. %1 \Security policy cannot be propagated. %1 pDefault group policy object cannot be created. %1 Notification of policy change from LSA/SAM has been retried and failed. %1 Notification of policy change from LSA/SAM failed to be added to policy queue. %1 ,Some JET database is corrupt. Run esentutl /g to check the integrity of the security database %%windir%%\security\Database\secedit.sdb. If it is corrupt, attempt a soft recovery first by running esentutl /r in the %%windir%%\security directory. If soft recovery fails, attempt a repair with esentutl /p on %%windir%%\security\Database\secedit.sdb. Then delete the log files in %%windir%%\security. %1 HNotification of policy change from LSA/SAM was processed without verifying PDC. Older security policy from this machine may be replicated out to other DCs. %1 All notification of policy changes from LSA/SAM were ignored by policy engine because it timed out to wait for PDC synchronization. This could be caused by network, Active Directory or FRS replication problems. %1 Some thread arguments are invalid when configuring security on a converted drive. \An environment variable is unresolvable. 4VS_VERSION_INFO@%@%?"StringFileInfo040904B0LCompanyNameMicrosoft Corporation4FileDescriptionWindows Security Configuration Editor Client Enginer)FileVersion6.3.9600.16384 (winblue_rtm.130821-1623).InternalNamescecli.LegalCopyright Microsoft Corporation. All rights reserved.6OriginalFilenamesceclij%ProductNameMicrosoft Windows Operating SystemBProductVersion6.3.9600.16384DVarFileInfo$Translation PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD