Re: What does this winlogon.log message mean?!

From: Glenn L (the.only(delete)_at_gmail.com)
Date: 11/04/04 

Date: Wed, 3 Nov 2004 19:41:34 -0800

This is the logging the scecli.dll component does when applying security
policy to the computer.
The configure user rights is perfrectly normal.

I haven't seen the "analyze" entries before.
I suspect someone ran the "security configuration and analysis" wizard to
analyze the security policies on the computer.

Doesn't appear to be anything of concern to me.

Incidently, this log file is helpful when troubleshooting security policy
application.

Glenn L

"Robert Paris" <rpjava@hotmail.com> wrote in message
news:%23roHEgfwEHA.3620@TK2MSFTNGP09.phx.gbl...
>I found the following in winlogon.log and I'm a bit worried. Any idea what
> it means?
>
> Invoke Registry Value Delay Filter.
> Analyze machine\software\microsoft\windows
> nt\currentversion\setup\recoveryconsole\securitylevel.
> Analyze machine\software\microsoft\windows
> nt\currentversion\setup\recoveryconsole\setcommand.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\allocatecdroms.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\allocatedasd.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\allocatefloppies.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\cachedlogonscount.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\passwordexpirywarning.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\scremoveoption.
> Analyze
> machine\software\microsoft\windows\currentversion\policies\system\disablecad
> .
> Analyze
> machine\software\microsoft\windows\currentversion\policies\system\dontdispla
> ylastusername.
> Analyze
> machine\software\microsoft\windows\currentversion\policies\system\legalnotic
> ecaption.
> Analyze
> machine\software\microsoft\windows\currentversion\policies\system\legalnotic
> etext.
> Analyze
> machine\software\microsoft\windows\currentversion\policies\system\shutdownwi
> thoutlogon.
> Analyze machine\system\currentcontrolset\control\lsa\auditbaseobjects.
> Analyze machine\system\currentcontrolset\control\lsa\crashonauditfail.
> Analyze
> machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
> Analyze machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
> Analyze machine\system\currentcontrolset\control\lsa\restrictanonymous.
> Analyze machine\system\currentcontrolset\control\print\providers\lanman
> print services\servers\addprinterdrivers.
> Analyze machine\system\currentcontrolset\control\session manager\memory
> management\clearpagefileatshutdown.
> Analyze machine\system\currentcontrolset\control\session
> manager\protectionmode.
> Analyze
> machine\system\currentcontrolset\services\lanmanserver\parameters\autodiscon
> nect.
> Analyze
> machine\system\currentcontrolset\services\lanmanserver\parameters\enableforc
> edlogoff.
> Analyze
> machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecu
> ritysignature.
> Analyze
> machine\system\currentcontrolset\services\lanmanserver\parameters\requiresec
> uritysignature.
> Analyze
> machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
> eplaintextpassword.
> Analyze
> machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
> esecuritysignature.
> Analyze
> machine\system\currentcontrolset\services\lanmanworkstation\parameters\requi
> resecuritysignature.
> Analyze
> machine\system\currentcontrolset\services\netlogon\parameters\disablepasswor
> dchange.
> Analyze
> machine\system\currentcontrolset\services\netlogon\parameters\requiresignors
> eal.
> Analyze
> machine\system\currentcontrolset\services\netlogon\parameters\requirestrongk
> ey.
> Analyze
> machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechan
> nel.
> Analyze
> machine\system\currentcontrolset\services\netlogon\parameters\signsecurechan
> nel.
> Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
> Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
> Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
> Copy local policy.
> ----Configuration engine is initialized successfully.----
>
> ----Reading Configuration template info...
>
>
> ----Configure User Rights...
> Configure S-1-6-32-545.
> Configure S-1-6-32-542.
> Configure S-1-6-21-1933862763-1390167357-839552115-1002.
> Configure S-1-6-21-1933862763-1390167357-839552115-1001.
> Configure S-1-6-32-548.
> Configure S-1-6-32-546.
> Configure S-1-1-1.
> Configure S-1-6-7.
> Configure S-1-6-21-1933862763-1390167357-839552115-501.
> Configure S-1-6-21-1933862763-1390167357-839552115-1000.
>
> User Rights configuration completed successfully.
>
>

Relevant Pages

  • Re: Security Config and Analysis issue
    ... I have member servers that we want to roll out a custom security template ... We created the template and verified the settings. ... when we re analyze we see a green check mark but when we go to the ... (not in the mmc), we still see power users and others that should have ...
    (microsoft.public.windows.server.security)
  • Re: Senior IDS/Secruity Research Analyst role in Colombia, MD
    ... >security capabilities into the Dragon product. ... >COMMUNICATION SKILLS: ... analyze and interpret common scientific and technical ... >or members of the business community. ...
    (comp.security.firewalls)
  • Re: SceCli Error 1202 filling up the Event Log!
    ... I have never seen "Error deleting SCP" and don't really know specifically ... This is just a member server right? ... the database contains out of the box security settings. ...
    (microsoft.public.win2000.advanced_server)
  • Security Config and Analysis issue
    ... I have member servers that we want to roll out a custom security template ... We created the template and verified the settings. ... when we re analyze we see a green check mark but when we go to the location ... (not in the mmc), we still see power users and others that should have been ...
    (microsoft.public.windows.server.security)
  • Re: SVC vs APF and other privileged code
    ... to provide source code for SVC routines to analyze it from security point of view. ... Or rather, why the SVC code is so important, while APF-authorized libraries are not subject to analyze. ... AFAIK APF-authorized program can bypass security rules, ...
    (bit.listserv.ibm-main)