Click here to get back home

What are these protection log messages?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
What are these protection log messages? M. Simioni 07-19-2006
Get Chitika Premium
Posted by M. Simioni on July 19, 2006, 2:43 pm
Please log in for more thread options
 Hi all.
I have a webserver with windows 2000 server running, sql server 2000
sp4, iis 5, full windows update patches, framework 1.0 and 1.1.

There are some asp.net application that runs on this server, some of
them using crystal report if it can help.

We always have activated the audit policy activated, and in the
protection log i have a lot of these messages (sorry for the italian
language, i can translate in english if u want, but i think the meaning
is clear).

The name of the subdirectory in C:\WINNT\XXXXXXXXXXX always change, it
seems a sort of temporary folder or so. I thought it was a crystal
report temporary folder or something like this.
Have you ever seen this? How can i look for the exact procedure that
try to read this folder?

Thank you i.a. for your help.
Marco

ID EVENT: 160
Apertura oggetto:
        Server oggetto:        Security
        Tipo oggetto:                File
        Nome oggetto:                C:\WINNT\GHY38LQF4LANKXUR
        Nuovo ID dell'handle:        -
        ID dell'operazione:                
        ID del processo:                3440
        Nome utente primario:        ASPNET
        Dominio primario:                WEBSERVER
        ID di accesso primario:        (0x0,0x393C0)
        Nome utente client:                -
        Dominio client:                -
        ID di accesso client:        -
        Accessi                        SYNCHRONIZE
                        ReadData (o ListDirectory)
                        
        Privilegi                        -


Posted by Roger Abell [MVP] on July 20, 2006, 12:34 am
Please log in for more thread options
 You would probably need to examine / become familiar with those
Asp.Net applications in order to determine the cause of the (apparent)
temporary directorys (created without regard to Windows defined ways
to locate temps).
ASPNET is probably not in Users on your system, and so does not get
a grant of List to the temp folders once they are created.
In the IIS 5 environment with NetFx v1/1.1 ASPNET needs a grant on
every folder along the path from (and including) the partition root on down
to any content that is part of a Asp.Net application. This is because it
attempts to register for notification events to let it know when the source
has changed and the app needs to be recompiled.

> Hi all.
> I have a webserver with windows 2000 server running, sql server 2000
> sp4, iis 5, full windows update patches, framework 1.0 and 1.1.
>
> There are some asp.net application that runs on this server, some of
> them using crystal report if it can help.
>
> We always have activated the audit policy activated, and in the
> protection log i have a lot of these messages (sorry for the italian
> language, i can translate in english if u want, but i think the meaning
> is clear).
>
> The name of the subdirectory in C:\WINNT\XXXXXXXXXXX always change, it
> seems a sort of temporary folder or so. I thought it was a crystal
> report temporary folder or something like this.
> Have you ever seen this? How can i look for the exact procedure that
> try to read this folder?
>
> Thank you i.a. for your help.
> Marco
>
> ID EVENT: 160
> Apertura oggetto:
> Server oggetto: Security
> Tipo oggetto: File
> Nome oggetto: C:\WINNT\GHY38LQF4LANKXUR
> Nuovo ID dell'handle: -
> ID dell'operazione:
> ID del processo: 3440
> Nome utente primario: ASPNET
> Dominio primario: WEBSERVER
> ID di accesso primario: (0x0,0x393C0)
> Nome utente client: -
> Dominio client: -
> ID di accesso client: -
> Accessi SYNCHRONIZE
> ReadData (o ListDirectory)
>
> Privilegi -
>



Similar ThreadsPosted
Software Restriction Policy with custmized messages? February 16, 2006, 3:32 am
Virus protection on servers? December 14, 2007, 3:57 pm
Can I disable Data Encryption Protection in W2K3 Svr? March 24, 2006, 11:42 am
AD/SPYWARE protection package for a windows 2003 server. August 30, 2005, 12:43 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap