RE: Failure Audit log
From: William Wang[MSFT] (v-rxwang_at_online.microsoft.com)
Date: 05/12/05
- Previous message: Hal Heinrich: "How can I tell if a user has EXEC permission for a stored procedur"
- In reply to: STech: "Failure Audit log"
- Next in thread: STech: "RE: Failure Audit log"
- Reply: STech: "RE: Failure Audit log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 12 May 2005 06:43:11 GMT
Based on my experience, this error usually occurs when a user
(DOMAIN\KNOWN_USER_NAME) makes a connection via a MMC and they do not have
the permissions to perform this action.
Can you identify what actions were performing at that time this error was
logged? In addition, is there any business impact casued by this error? Do
the domain users have any difficulty doing their job?
Sincerely,
William Wang
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Thread-Topic: Failure Audit log
>thread-index: AcVWbUHfZOaL7esET9Wrkqq2v6XWfA==
>X-WBNR-Posting-Host: 128.194.92.153
>From: "=?Utf-8?B?U1RlY2g=?=" <stech@nospam.nospam>
>Subject: Failure Audit log
>Date: Wed, 11 May 2005 14:06:10 -0700
>Lines: 44
>Message-ID: <DA088796-FBED-4CCB-B9FC-2A2370CEACF0@microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.sqlserver.security
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.sqlserver.security:4976
>X-Tomcat-NG: microsoft.public.sqlserver.security
>
>
>We have started seeing a lot of failure audits on our sql server after we
>gave a couple of domain users access to the SQL DB. The users have
>permissions to read/write to certain tables in some databases. Any idea
what
>is causing this?
>
>Event Type: Failure Audit
>Event Source: Security
>Event Category: Object Access
>Event ID: 560
>Date: 5/5/2005
>Time: 1:08:00 PM
>User: <<DOMAIN\KNOWN_USER_NAME>>
>Computer: <<SERVER_NAME>>
>Description:
>Object Open:
> Object Server: SC Manager
> Object Type: SC_MANAGER OBJECT
> Object Name: ServicesActive
> Handle ID: -
> Operation ID: {0,<<000000000>>}
> Process ID: 844
> Image File Name: C:\WINDOWS\system32\services.exe
> Primary User Name: <<SERVER_NAME>>$
> Primary Domain: SAGO
> Primary Logon ID: (0x0,0x<<000>>)
> Client User Name: <<KNOWN_USER_NAME>>
> Client Domain: SAGO
> Client Logon ID: (0x0,0x<<00000000>>)
> Accesses: READ_CONTROL
> Connect to service controller
> Enumerate services
> Query service database lock state
>
> Privileges: -
> Restricted Sid Count: 0
> Access Mask: 0x20015
>
>
>For more information, see Help and Support Center at
>http://go.microsoft.com/fwlink/events.asp.
>
>
>
>
- Previous message: Hal Heinrich: "How can I tell if a user has EXEC permission for a stored procedur"
- In reply to: STech: "Failure Audit log"
- Next in thread: STech: "RE: Failure Audit log"
- Reply: STech: "RE: Failure Audit log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
