You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
127 lines
11 KiB
127 lines
11 KiB
#include <windows.h>
|
|
#include <commctrl.h>
|
|
#include <winver.h>
|
|
#include <ntverp.h>
|
|
//#include "dialogs.h"
|
|
|
|
#define VER_FILETYPE VFT_APP
|
|
#define VER_FILESUBTYPE VFT2_UNKNOWN
|
|
#define VER_FILEDESCRIPTION_STR "Windows Security Configuration Editor Client Engine"
|
|
#define VER_INTERNALNAME_STR "scecli\0"
|
|
|
|
#include "common.ver"
|
|
|
|
#include "scedllrc.h"
|
|
|
|
#include "uevents.rc"
|
|
|
|
#include "common.rc"
|
|
|
|
STRINGTABLE
|
|
BEGIN
|
|
|
|
SCECLI_CALLBACK_PREFIX "Securing %s"
|
|
SCECLI_CREATE_GPO_PREFIX "Creating %s"
|
|
|
|
IDS_ERROR_BACKUP "Error %d to copy security configuration to the security templates directory and the repair directory."
|
|
IDS_ERROR_GENERATE "Error %d to snapshot system security to %s. See log file %s for detail info."
|
|
IDS_ERROR_LOADDLL "Error %d to load DLL %s."
|
|
IDS_ERROR_GET_PROCADDR "Error %d to get procedure address of %s."
|
|
IDS_ERROR_GET_TOKEN_USER "Error 0x%x to get token user."
|
|
IDS_ERROR_GET_TOKEN_MACHINE "Error 0x%x to get token system."
|
|
IDS_PREVIOUS_ERROR "GPO %s is not processed due to previous GPO error."
|
|
IDS_ERROR_ACCESS_TEMPLATE "Cannot access the template. Error code = %d.\r\n\t%s."
|
|
IDS_INFO_NO_TEMPLATE "No template is defined in GPO %s."
|
|
IDS_INFO_COPY_TEMPLATE "Make a local copy of %s."
|
|
IDS_PROCESS_TEMPLATE "Process GP template %s."
|
|
IDS_WARNING_PROPAGATE "0x%x : %s\r\nAdvanced help for this problem is available on http://support.microsoft.com. Query for ""troubleshooting 1202 events""."
|
|
IDS_WARNING_PROPAGATE_NOMAP "0x%x : %s\r\nAdvanced help for this problem is available on http://support.microsoft.com. Query for ""troubleshooting 1202 events"". \r\n\r\nError 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions: \r\n\r\n1.\tIdentify accounts that could not be resolved to a SID:\r\n\r\nFrom the command prompt, type: FIND /I ""Cannot find"" %%SYSTEMROOT%%\\Security\\Logs\\winlogon.log\r\n\r\nThe string following ""Cannot find"" in the FIND output identifies the problem account names.\r\n\r\nExample: Cannot find JohnDough.\r\n\r\nIn this case, the SID for username ""JohnDough"" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. ""JohnDoe""). \r\n\r\n2.\tUse RSoP to identify the specific User Rights, Restricted Groups, and Source GPOs that contain the problem accounts:\r\n\r\na.\tStart -> Run -> RSoP.msc\r\nb.\tReview the results for Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\User Rights Assignment and Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Restricted Groups for any errors flagged with a red X.\r\nc.\tFor any User Right or Restricted Group marked with a red X, the corresponding GPO that contains the problem policy setting is listed under the column entitled ""Source GPO"". Note the specific User Rights, Restricted Groups and containing Source GPOs that are generating errors. \r\n\r\n3.\tRemove unresolved accounts from Group Policy\r\n\r\na.\tStart -> Run -> MMC.EXE\r\nb.\tFrom the File menu select ""Add/Remove Snap-in...""\r\nc.\tFrom the ""Add/Remove Snap-in"" dialog box select ""Add...""\r\nd.\tIn the ""Add Standalone Snap-in"" dialog box select ""Group Policy"" and click ""Add""\r\ne.\tIn the ""Select Group Policy Object"" dialog box click the ""Browse"" button.\r\nf.\tOn the ""Browse for a Group Policy Object"" dialog box choose the ""All"" tab\r\ng.\tFor each source GPO identified in step 2, correct the specific User Rights or Restricted Groups that were flagged with a red X in step 2. These User Rights or Restricted Groups can be corrected by removing or correcting any references to the problem accounts that were identified in step 1."
|
|
IDS_WARNING_PROPAGATE_TIMEOUT "0x%x : %s\r\nAdvanced help for this problem is available on http://support.microsoft.com. Query for ""troubleshooting 1202 events"".\r\nError 0x5B4 is likely caused because applications change policy using down level APIs and the policy store is locked."
|
|
IDS_PROPAGATE_NOT_READY "Security Configuration Server (in services.exe) is not ready. This is probably in system reboot. Policy will be tried again in the next propagation."
|
|
IDS_EFS_DEFINED "EFS policy defined : Length is %d.\r\n"
|
|
IDS_NO_EFS_DEFINED "No EFS policy is defined at this level\r\n"
|
|
IDS_ERROR_SAVE_TEMP_EFS "Error=%d to save EFS policy to a temp key.\r\n"
|
|
IDS_EFS_EXIST "Existing EFS policy in LSA (Length=%d)\r\n"
|
|
IDS_SAVE_EFS "Status=%d to set EFS policy (Length %d)\r\n"
|
|
IDS_EFS_NOT_CHANGE "EFS policy is not changed\r\n"
|
|
IDS_ERROR_OPEN_LSAEFS "Cannot open LSA to set EFS policy. Error=%d\r\n"
|
|
IDS_NO_EFS_TOTAL "Error %d to query merged EFS policy in this propagation.\r\n"
|
|
IDS_ERROR_OPEN_DATABASE "Error %d to open database."
|
|
IDS_ERROR_OPEN_JET_DATABASE "Error opening some security database(s) such as %s."
|
|
|
|
IDS_SUCCESS_DEFAULT_GPO "Default Group Policy Object %s is successfully created."
|
|
IDS_ERROR_COPY_TEMPLATE "Error %d to copy the default template to %s."
|
|
IDS_ERROR_CREATE_DIRECTORY "Error %d to create directory %s."
|
|
IDS_ERROR_NO_MEMORY "Not enough memory to process this command."
|
|
|
|
IDS_ERROR_GET_DSROOT "Error %d to get the DS root name."
|
|
IDS_ERROR_BIND_DS "Error %d to open and bind to DS."
|
|
IDS_ERROR_GETGPO_FILE_PATH "Error 0x%x to get file system path for default GPO."
|
|
IDS_ERROR_OPEN_GPO "Error %d to open GPO %s."
|
|
IDS_ERROR_SAVE_POLICY_DB "Error %d to save policy change in the local GPO database."
|
|
IDS_ERROR_READ_GPO "Error %d to read policies from GPO %s."
|
|
IDS_ERROR_SAVE_POLICY_GPO "Error %d to send policy change notification to policy engine."
|
|
IDS_ERROR_GET_ROLE "Error %d to get the role (DC, server, professional) of the machine."
|
|
IDS_ERROR_CREATE_THREAD_PARAM "Error %d to create arguments for second thread."
|
|
IDS_ERROR_CREATE_THREAD "Error %d to create a thread."
|
|
IDS_SNAPSHOT_SECURITY_POLICY "Snapshot of system security policy and user rights are saved."
|
|
IDS_ERROR_SNAPSHOT_SECURITY "Error %d to snapshot system security policy and user rights."
|
|
|
|
IDS_ERROR_REMOVE_DEFAULT_POLICY "Error %d to remove default settings with option %x."
|
|
|
|
IDS_BACKUP_OUTBOX_DESCRIPTION "Out of box default security settings"
|
|
IDS_BACKUP_DC_DESCRIPTION "Default security settings updated for domain controllers"
|
|
|
|
IDS_POLICY_TIMEOUT "Policy server is not ready, retry count #%d."
|
|
|
|
IDS_FILTER_AFTER_SETUP "Process policy filter changes in the first reboot after setup"
|
|
IDS_LSA_CHANGED_IN_SETUP "LSA policy is changed in setup."
|
|
IDS_SAM_CHANGED_IN_SETUP "SAM policy is changed in setup."
|
|
IDS_FILTER_NOTIFY_SERVER "Notify policy server."
|
|
|
|
IDS_NOT_LAST_GPO_DC "This is not the last GPO : domain policy is ignored on DC."
|
|
IDS_NOT_LAST_GPO "This is not the last GPO."
|
|
IDS_LAST_GPO_DC "This is the last GPO : domain policy is ignored on DC."
|
|
IDS_LAST_GPO "this is the last GPO."
|
|
IDS_GPO_FOREGROUND_THREAD "Policy propagation is invoked in winlogon blocking thread. Create another thread for slow task."
|
|
|
|
IDS_APPLY_SECURITY_POLICY "Applying security policy..."
|
|
IDS_CONFIGURE_POLICY "Configuring security policy to the system."
|
|
|
|
IDS_ERR_ADD_AUTH_USER "Cannot add Authenticated User and Interactive to local Users group. User may add them manully."
|
|
IDS_ERR_RECONFIG_FILES "Error %d to reconfigure file security."
|
|
IDS_ERR_ADD_INTERACTIVE "Cannot add Interactive to local Power Users group. User may add it manully."
|
|
IDS_ERR_DELETE_GP_CACHE "Cannot delete GP cache."
|
|
IDS_ERR_CREATE_GP_CACHE "Cannot create GP cache."
|
|
IDS_ERROR_GPO_PRE_POLICY_PROP "No privileges set before policy propagation. Okay to ignore."
|
|
IDS_ERROR_PROMOTE_SECURITY "Error code %d occurs when promoting system security. Please see detail in %windir%\\security\\logs\\scedcpro.log."
|
|
|
|
IDS_ERROR_RSOP_LOG "\t\tError in logging RSOP data. Error Code %d. Information %s."
|
|
IDS_SUCCESS_RSOP_LOG "\t----RSOP planning data logged successfully. Success Code %d."
|
|
IDS_ERROR_RSOP_DIAG_LOG "\t\tRSOP diagnosis information. Error Code %d - for instance %s."
|
|
IDS_ERROR_RSOP_DIAG_LOG64_32KEY "\t\tRSOP diagnosis information. 64-bit or 32-bit key. Error Code %d - %s."
|
|
IDS_CLEAR_RSOP_DB "\t\tEmptying RSOP database. Error Code %d"
|
|
IDS_INFO_RSOP_LOG "\t\tRSOP logging information. Error Code %d - %s."
|
|
IDS_ERROR_OPEN_CACHED_GPO "\t\tError %d opening cached GPO %s"
|
|
IDS_ROOT_NTFS_VOLUME "%s is a NTFS volume."
|
|
IDS_ROOT_NOT_FIXED_VOLUME "Root drive %s is not a fixed volume. Root security is not changed."
|
|
IDS_ROOT_ERROR_QUERY_VOLUME "Error %d to query volume information for %s. Root security is not changed."
|
|
IDS_ROOT_NON_NTFS "Volume %s is not a NTFS volume. Root security is not changed."
|
|
IDS_ROOT_ERROR_CONVERT "Error %d to convert security descriptor string %s. Root security is not changed."
|
|
IDS_ROOT_INVALID_SDINFO "Invalid security information is defined in security descriptor string %s. Root security is not changed."
|
|
IDS_ROOT_ERROR_QUERY_SECURITY "Error %d to query security of %s."
|
|
IDS_ROOT_SECURITY_MODIFIED "Security for %s is not changed because it is not the default set by Windows. The current security is %s."
|
|
IDS_ROOT_SECURITY_DEFAULT "Volume %s has weak default security. Windows is strenghtening the root security, starting at %s."
|
|
IDS_ROOT_ERROR_DACL "Error %d to query DACL pointer from the new security descriptor. Root security is not changed."
|
|
IDS_ROOT_MARTA_RETURN "SetNamedSecurityInfo returns %d at %s for setting security on %s."
|
|
IDS_ROOT_ERROR_INFWRITE "Error %d to write root security descriptor string %s to %windir%\security\templates\setup security.inf."
|
|
IDS_ROOT_ERROR_COMPARE_SECURITY "Error %d analyzing root security descriptor at %s."
|
|
|
|
IDS_CONTROL_QUEUE "Error %d to send control flag %x over to server."
|
|
|
|
IDS_ERROR_PROMOTE_IMPERSONATE "Error %d impersonating client token during promotion."
|
|
IDS_ERROR_PROMOTE_REVERT "Error %d reverting to self during promotion."
|
|
|
|
IDS_ERROR_MERGE_BACKUP_SECURITY "Error %d to complete the security backup to %s."
|
|
|
|
END
|