Access Denied for System and Application Logs
From: Michael R. Emmert (Michael.Emmert@cols.disa.mil)
Date: 11/07/02
- Next message: Sue: "Limiting acess to internet"
- Previous message: Erik: "IIS breach w2k Sp3()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Michael R. Emmert" <Michael.Emmert@cols.disa.mil> Date: Thu, 7 Nov 2002 10:41:47 -0500
Hi, We have a Win2K server(SP2) which is in a workgroup. There is a special
application running on this box, and the developers (in another location)
have given us a patch to apply. This was done last week. Now, we are not
able to access the System log in the event viewer. The local administrator
does not have the permissions to open the file. The error is: 'access
denied'. We have checked the log files in %system root%\system32\config
folder and the normal permissions are applied to all of the files. We have
checked the Group policy and are not able to find any thing which has been
changed. Also the developers do not have any idea what may have caused this.
The Application log and the Security log, can be viewed with no problem. We
have checked Technet and the only article that seems to apply is Q245128.
This has been done, but has not corrected the problem. Is there some setting
that we still need to check?
We have also checked the local security settings
(Start -> Programs -> Control Panel -> Administrative Tools -> Local
Security Policy) and expand:
Security Settings -> Local Policies -> User Rights Assignment.
Check the right "Manage auditing and Security log". The Administrator and
Administrators group are listed
The only log is the Security log which is accessable by the administrator.
Here is a Log message and details. I cannot find anything in the Knowledge
Base to point to this problem.
Date: 11/6/2002 Source: Security
Time: 8:26 Category: Object Access
Type: Failure Event ID: 560
User: Server\Administrator
Computer: server
Object Open:
Object Server: Security
Object Type: Event
Object Name: \BaseNamedObjects\crypt32LogoffEvent
New Handle ID: -
Operation ID: {0,4190261}
Process ID: 3976
Primary User Name: administrator
Primary Domain: SERVER
Primary Logon ID: (0x0,0x35E0C8)
Client User Name: -
Client Domain: -
Client Logon ID: -
Accesses DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
SYNCHRONIZE
Query event state
Modify event state
Privileges -
-----------------------------------
This problem really has us puzzled. Any help would be greately
appreaciated.
Thanks
Michael R.
- Next message: Sue: "Limiting acess to internet"
- Previous message: Erik: "IIS breach w2k Sp3()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
