|
Posted by Jim on June 20, 2007, 4:07 pm
Please log in for more thread options
Hi,
Below is a copy & paste from a Windows Server 2003 Security Event. This is
triggered by a Scheduled Task which runs a BAT file with a single call to:
"C:\Program Files\Java\jre1.5.0_06\bin\java.exe" <long_parameter_list>
My inclination is to give
<machine_name>\<local_user>
rights to READ and EXECUTE
C:\WINNT\system32\java.exe
When I attempt to do so, I am warned about changing a system file. But
<machine_name>\USERS
has READ & EXECUTE perms on
C:\WINNT\system32\java.exe
anyway.
Could someone interpret the Security log event for me? Or point out a guide
for interpreting this type of event? (Better... teach a man to fish. :)
Thanks,
Jim
----------------------------------------------------
Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 6/19/2007
Time: 1:00:00 AM
User: <machine_name>\<local_user>
Computer: <machine_name>
Description:
Object Open:
Object Server: Security
Object Type: File
Object Name: C:\WINNT\system32\java.exe
Handle ID: -
Operation ID:
Process ID: 336
Image File Name: C:\WINNT\system32\csrss.exe
Primary User Name: <machine_name>$
Primary Domain: UAB
Primary Logon ID: (0x0,0x3E7)
Client User Name: <local_user>
Client Domain: <machine_name>
Client Logon ID: (0x0,0x4698371)
Accesses: READ_CONTROL
SYNCHRONIZE
ReadData (or ListDirectory)
ReadEA
ReadAttributes
WriteAttributes
Privileges: -
Restricted Sid Count: 0
Access Mask: 0x120189
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
---------------------------------------------------------------
| 
XML Sitemap