|
Posted by Roger Abell [MVP] on October 31, 2005, 1:41 am
Please log in for more thread options
> Object access errors like that can be hard to track down and usually can
> be ignored if everything is working well. Also look in the system and
> application logs to see if there are any other warning or error messages
> that show about the same timestamp that may give a clue. I have seen that
> Event ID when an account tries access the operating system in such a way
> that requires administrator access but fails.--- Steve
>
Agreed, but in case of message shown it is the machine$ account,
which runs as System, and that is hidden member of Administrators.
I assume that the SCM is impersonating an account used as a service
account, but the account does not have correct permissions on its service.
>
>> Hello,
>>
>> Yesterday I was reading through the Security Logs in Event Viewer on a
>> Windows Server 2003 Domain Controller when I noticed the following event:
>>
>> Event Type: Failure Audit
>> Event Source: Security
>> Event Category: Object Access
>> Event ID: 560
>> Date: 29/10/2005
>> Time: 1:20:08 PM
>> User: NT AUTHORITY\NETWORK SERVICE
>> Computer: <cut>
>> Description:
>> Object Open:
>> Object Server: SC Manager
>> Object Type: SC_MANAGER OBJECT
>> Object Name: ServicesActive
>> Handle ID: -
>> Operation ID:
>> Process ID: 528
>> Image File Name: C:\WINDOWS\system32\services.exe
>> Primary User Name: <cut>$ (Machine Logon)
>> Primary Domain: <cut>
>> Primary Logon ID: (0x0,0x3E7)
>> Client User Name: NETWORK SERVICE
>> Client Domain: NT AUTHORITY
>> Client Logon ID: (0x0,0x3E4)
>> Accesses: READ_CONTROL
>> Connect to service controller
>> Lock service database for exclusive access
>>
>> Privileges: -
>> Restricted Sid Count: 0
>> Access Mask: 0x20009
>>
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>>
>> A quick bit of experimentation revealed that this Failure Audit occurs
>> only once every reboot, relatively early in the Windows boot-up process.
>>
>> Can anyone provide any advice on the cause of this failure audit, and any
>> likely repercussions from it? I have yet to notice any negative effects
>> from this error, but it would still be nice to know the reason behind
>> this event.
>>
>> Thanks in advance,
>>
>> Ralish
>>
>
>
| 
XML Sitemap