RE: Event ID 643

From: Rebecca Chen [MSFT] (v-rebc_at_online.microsoft.com)
Date: 01/31/05 

Date: Mon, 31 Jan 2005 11:15:05 GMT

Hi Steve,

Thanks for the event log!

After researching the event log, I have found the Caller User Name is
CSMONITOR$ in the security log, it seems the system has raised this error.
In addition, the caller Domain is DATACENTERNYC, I am a little unclear
about this situation since you have stated it is a stand-alone machine.
Please let me know DATACENTERNYC refers to a domain?

An important cent is that I have found the corresponding application log
"Event log 1704".

Event log 1704 has indicated that security policy in the Group policy
objects has been applied successfully. You can notice that at this time,
security log 643 has been recorded in the security log.

In the conclusion, one policy on CSMONITOR has been changed so that event
log 1704 has been recorded in the application log and the corresponding
security log 643.

This is a normal behavior in a domain environment, please double check if
the machine is in a domain (In My Computer's Properties->Computer Name tab,
you can see the domain name). If it is a stand-alone machine, please
compare the gpttmpl.inf file as I have mentioned to find out which policy
has been changed.

Please use the steps to check the status and post back if you have any
update.

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Relevant Pages

  • Re: Subject: Security Event Log reading by Domain Users
    ... our "program" is a SQL script run trough Microsoft Log Parser. ... > account will also be able to clear the security log. ... Event Log under Domain User account? ...
    (microsoft.public.win2000.security)
  • Re: Subject: Security Event Log reading by Domain Users
    ... account will also be able to clear the security log. ... Event Log under Domain User account? ... > Adding a "Manage auditing and sec. log" and "Act as the part of oper. ... > I added all possible rights to the Domain User account, from "Create a Token Object" to "Generate> Security audits", but no luck. ...
    (microsoft.public.win2000.security)
  • RE: Event ID 643
    ... I set up another machine in a lab the same way as our DATACENTERNYC machines ... with IIS and the local security policy. ... > Thanks for the event log! ... > CSMONITOR$ in the security log, it seems the system has raised this error. ...
    (microsoft.public.win2000.security)
  • Write event log entries from host to domain controller
    ... event log to another machine (like a domain controller)? ... entries from the host's log were written to the DC's security log! ... I could always have this security event log forwarder ...
    (microsoft.public.scripting.vbscript)
  • Re: Default Domain Controller Policy being overwritten
    ... I do have the event log size defined. ... the log file and filling up in a few days. ... It's almost like I change the policy on the ... >> errors relating to this in the event logs on either domain controller. ...
    (microsoft.public.windows.server.active_directory)