Re: Event ID 560
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Fri, 29 Sep 2006 18:42:15 -0700
Some capability of C:\Program Files\Symantec\Reporting
Server\Php\php-cgi.exe
running in the context of the account Server01\IUSR_Server01 is attempting
to
modigy reg at HKLM\\SOFTWARE\Description\Microsoft\Rpc\UuidTemporaryData
but has insufficient permissions to do so. Perhaps it is also denied read
there. But
rather I am leaning toward it trying to modify something that is not there.
I. E. the reg key path is rather unusual with the \Description\ part in it.
"Kevin Wheeler" <KevinWheeler@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5B0B1825-356B-4E26-AA18-D8CC3256E3BA@xxxxxxxxxxxxxxxx
Can anyone tell me why I'm getting the following error in my security log.
all of a sudden, my symantec reporting server isn't recieving updates.
Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 9/28/2006
Time: 5:07:23 PM
User: Server01\IUSR_Server01
Computer: Server01
Description:
Object Open:
Object Server: Security
Object Type: Key
Object
Name:
\REGISTRY\MACHINE\SOFTWARE\Description\Microsoft\Rpc\UuidTemporaryData
Handle ID: -
Operation ID: {0,128529722}
Process ID: 3696
Image File Name: C:\Program Files\Symantec\Reporting
Server\Php\php-cgi.exe
Primary User Name: IUSR_Server01
Primary Domain: W31SVISSC01
Primary Logon ID: (0x0,0x39864)
Client User Name: -
Client Domain: -
Client Logon ID: -
Accesses: Query key value
Set key value
Privileges: -
Restricted Sid Count: 0
Access Mask: 0x3
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
.
- Prev by Date: Re: IIS Security Question
- Next by Date: Re: pb with application pools
- Previous by thread: Re: IIS Security Question
- Next by thread: Re: pb with application pools
- Index(es):
Relevant Pages
|
|
