Guest Claude Lachapelle Posted April 30, 2009 Posted April 30, 2009 Hi! Since we enabled Object auditing on domain controllers, security event logs are flooded with these events: Event Type: Failure Audit Event Source: Security Event Category: Object Access Event ID: 560 Date: 4/30/2009 Time: 1:20:21 PM User: DOMAIN\USERID Computer: SERVER Description: Object Open: Object Server: SC Manager Object Type: SERVICE OBJECT Object Name: ServiceName Handle ID: - Operation ID: {0,126766685} Process ID: 388 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: SERVER$ Primary Domain: DOMAIN Primary Logon ID: (0x0,0x3E7) Client User Name: USERID Client Domain: DOMAIN Client Logon ID: (0x0,0x78E4E51) Accesses: READ_CONTROL Query service configuration information Query status of service Enumerate dependencies of service Query information from service Privileges: - Restricted Sid Count: 0 Access Mask: 0x2008D For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Here the security on the related objects: C:\>sc sdshow scmanager D:(ACCLCRPRCAU)(ACCLCRPWPRCSY)(AKABA)S:(AUFAKAWD)(AUOIIOFA GAWD) C:\>sc sdshow servicename D:(ACCDCLCSWRPWPDTLOCRSDRCWDWOSY)(ACCLCSWRPLORCAU)S:(AUFACCDCLCSWRPW PDTLOCRSDRCWDWOWD) What's wrong? Thanks. Claude Lachapelle Systems Administrator, MCSE Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.