Group Policy Error Events Logged When Unknown Environment Variable Is Used

Symptoms
If you are running an Active Directory forest and using a file system security policy you may see the following events logged:
Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 will log this event to the Group Policy operational log:
Log Name:      Microsoft-Windows-GroupPolicy/Operational
Source:        Microsoft-Windows-GroupPolicy
Event ID:      7016
Task Category: None
Level:         Error
Keywords:     
User:          SYSTEM
Description:
Completed Security Extension Processing in 20984 milliseconds.
Event Xml:
<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”>
<EventData>
    <Data Name=”CSEElaspedTimeInMilliSeconds”>20984</Data>
    <Data Name=”ErrorCode”>1252</Data>
    <Data Name=”CSEExtensionName”>Security</Data>
    <Data Name=”CSEExtensionId”>{827D319E-6EAC-11D2-A4EA-00C04F79F83A}</Data>
  </EventData>
</Event>
Windows XP and Windows Server 2003 will log this event in the Application log:
Event ID: 1091
Category: None
Source: Userenv
Type: Error
Message: The Group Policy client-side extension Security failed to log RSOP (Resultant Set of Policy) data. Please look for any errors reported earlier by that extension.
All Windows version will log this event in the Application log:
Event ID: 1202
Category: None
Source: SceCli
Type: Warning
Message: Security policies were propagated with warning. 0xd: The data is invalid.
Depending on the actual policy configuration, the settings in the security policies may or may not be present. The More Information section explains the conditions for policy failure or success (despite the errors).
Resolution
The events are logged because the file system security settings of one policy contain an environment variable that is unknown on the client computer. To find out more about the problem, enable logging of the security configuration client-side extension:
324383 Troubleshooting SCECLI 1202 Events
In the %windir%\security\logs\winlogon.log file, you will see an entry such as:
Process GP template gpt0000x.inf.
Error 13: The data is invalid.
      Error converting %PROGRAMFILES(X86)%\MyApplication.
%PROGRAMFILES(X86)% is only an example. It is used when the policy is edited on a 64-bit version of Windows and security settings are made for the folder C:\PROGRAM FILES (X86) or one of its subfolders.
The gpt0000x.inf file, a text file containing the policy settings, can be found in the %windir%\security\templates\policies folder. It also contains the location of the policy in Active Directory in the line starting with GPOPath, allowing you to identify which policy has the unknown environment variable.

MS11-028: Vulnerability in the .NET Framework could allow remote code execution: April 12, 2011

Symptoms
Microsoft has released security bulletin MS11-028. To view the complete security bulletin, visit one of the following Microsoft websites:Home users:
http://www.microsoft.com/security/pc-security/bulletins/201104.aspx
(http://www.microsoft.com/security/pc-security/bulletins/201104.aspx)Skip the details: Download the updates for your home computer or laptop from the Microsoft Update website now:
http://update.microsoft.com/microsoftupdate/
(http://update.microsoft.com/microsoftupdate/)IT professionals:
http://www.microsoft.com/technet/security/bulletin/MS11-028.mspx
(http://www.microsoft.com/technet/security/bulletin/MS11-028.mspx)How to obtain help and support for this security update Help installing updates: Support for Microsoft Update
(http://support.microsoft.com/ph/6527)
Security solutions for IT professionals: TechNet Security Troubleshooting and Support
(http://technet.microsoft.com/security/bb980617.aspx)
Help protect your computer that is running Windows from viruses and malware:Virus Solution and Security Center
(http://support.microsoft.com/contactus/cu_sc_virsec_master)
Local support according to your country: International Support
(http://support.microsoft.com/common/international.aspx)

Resolution
Known issues and additional information about this security update The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.
2446710
(http://support.microsoft.com/kb/2446710/) MS11-028: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and on Windows Server 2008 R2 Service Pack 1: April 12, 2011
2446708
(http://support.microsoft.com/kb/2446708/) MS11-028: Description of the security update for the .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: April 12, 2011
2446709
(http://support.microsoft.com/kb/2446709/) MS11-028: Description of the security update for the .NET Framework 3.5.1 on Windows 7 and on Windows Server 2008 R2: April 12, 2011Known issues in security update 2446709:
After you install security update 2446709 on a Windows Server 2008-based system that is running certain versions of Exchange Server or SQL Server, you may experience any of the following issues: On a SQL server, you cannot launch Powershell or Event Viewer, and the SQL Reporting Service will not start. On an Exchange server, you cannot start launch Powershell or Event Viewer. The Exchange Mailbox Replication Service terminates unexpectedly. For more information about this problem, please click the following article number to view the article in the Microsoft Knowledge Base:
2540222
(http://support.microsoft.com/kb/2540222/) Exchange Server, SQL Server, or PowerShell crashes after you install security update 2449742 or 2446709
2449742
(http://support.microsoft.com/kb/2449742/) MS11-028: Description of the security update for the .NET Framework 3.5 Service Pack 1 and the .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: April 12, 2011Known issues in security update 2449742:
After you install security update 2449742 on a Windows Server 2008-based system that is running certain versions of Exchange Server or SQL Server, you may experience any of the following issues: On a SQL server, you cannot launch Powershell or Event Viewer, and the SQL Reporting Service will not start. On an Exchange server, you cannot start launch Powershell or Event Viewer. The Exchange Mailbox Replication Service terminates unexpectedly. For more information about this problem, please click the following article number to view the article in the Microsoft Knowledge Base:
2540222
(http://support.microsoft.com/kb/2540222/) Exchange Server, SQL Server, or PowerShell crashes after you install security update 2449742 or 2446709
2449741
(http://support.microsoft.com/kb/2449741/) MS11-028: Description of the security update for the .NET Framework 3.5 Service Pack 1 and the .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 1 and Windows Server 2008: April 12, 2011
2446704
(http://support.microsoft.com/kb/2446704/) MS11-028: Description of the security update for the .NET Framework 3.5 Service Pack 1 and the .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP: April 12, 2011

December 2010 cumulative time zone update for Windows operating systems

Symptoms
The update that this article describes changes the time zone data to accommodate daylight saving time (DST) changes in several countries. This update also includes other DST-related changes, time zone-related changes, and settings-related changes. Some of these changes have occurred since the products that are listed in the “Applies to” section were originally released.
The update that this article describes is a cumulative update rollup that includes all the changes that were previously released in Microsoft Knowledge Base (KB) articles 928388, 929120, 933360, 942763, 951072, 955839, 970653, 976098, 981793 and 2158563.
For more information about how DST changes may affect other Microsoft products, visit the following Microsoft Web site:http://support.microsoft.com/gp/cp_dst
(http://support.microsoft.com/gp/cp_dst)
For more information about how daylight saving time changes may affect other Microsoft products, click the following article number to view the article in the Microsoft Knowledge Base:
914387
(http://support.microsoft.com/kb/914387/)How to configure daylight saving time for Microsoft Windows operating systems
NoteWhen you apply this update, you may receive the following message:
Update cannot be installed as a newer or same time zone update has already been installed on the system.
This message indicates that you have already applied the correct update or that Windows Updates or Microsoft Update has automatically installed this update. No additional action is required to update the Windows operating system.

Resolution
Windows XP
PrerequisitesYou must have one of the following operating systemsinstalled to apply this update.Windows XP Service Pack 3 (SP3)
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
322389
(http://support.microsoft.com/kb/322389/)How to obtain the latest Windows XP service packRestart requirementYou may need to restart the computer after you apply this update.Update replacement informationNote You can install this cumulative update rollup even after you have installed any of the following previously-released updates. This update replaces the following update:
2158563
(http://support.microsoft.com/kb/2158563/) September 2010 cumulative time zone update for Microsoft Windows operating systems
Windows Server 2003
PrerequisitesYou must have Windows Server 2003 SP2 installed to apply this update.For more information, click the following article number to view the article in the Microsoft Knowledge Base:
889100
(http://support.microsoft.com/kb/889100/)How to obtain the latest service pack for Windows Server 2003Restart requirementYou may need to restart the computer after you apply this update.Update replacement informationNote You can install this cumulative update rollup even after you have installed any of the following previously-released updates. This update replaces the following update:
2158563
(http://support.microsoft.com/kb/2158563/) September 2010 cumulative time zone update for Microsoft Windows operating systems
Windows Vista or Windows Server 2008
Prerequisites
You must have one of the following operation systems installed to apply this update.Windows Vista or Windows Server 2008 Service Pack 1Restart requirementYou may need to restart the computer after you apply this update.Update replacement informationNote You can install this cumulative update rollup even after you have installed any of the following previously-released updates. This update replaces the following update:
2158563
(http://support.microsoft.com/kb/2158563/) September 2010 cumulative time zone update for Microsoft Windows operating systems
Windows 7 or Windows Server 2008 R2
PrerequisitesNo prerequisites are required to apply this update.Restart requirementYou may need to restart the computer after you apply this update.Update replacement informationNote You can install this cumulative update rollup even after you have installed any of the following previously-released updates. This update replaces the following update:
2158563
(http://support.microsoft.com/kb/2158563/) September 2010 cumulative time zone update for Microsoft Windows operating systems

Windows Backup does not back up to CD-R, CD-RW, or DVD-R devices

Symptoms
When you select a backup media device in Backup (Ntbackup.exe), you cannot select a CD-R (compact disc recordable), CD-RW (compact disc rewritable), or DVD-R (digital video disc recordable) device.
Resolution
This issue occurs because Removable Storage Management does not recognize CD-R, CD-RW, or DVD-R devices as backup pool media, even though you can add these media types in Removable Storage Management. Ntbackup.exe therefore does not support backup to these devices.

SQL Server Questions and Answers, SQL QA