Server refreshes its security policy with wrong values
- From: "Alexander Groß" <PLEASEAlexanderGrossREMOVETHIS@xxxxxx>
- Date: Sun, 9 Jul 2006 14:29:27 +0200
Hello everybody,
I've got a new Windows Server 2003 R2 set up. The Audit Policy is set to
enable successful and failed logons. These settings are applied by me but
after some time, i.e. 8 AM the next morning the server logs the following
policy change.
Event ID: 612
User: NT AUTHORITY\SYSTEM
Audit Policy Change:
New Policy:
Success Failure
- - Logon/Logoff
- - Object Access
- - Privilege Use
- - Account Management
- - Policy Change
- + System
- - Detailed Tracking
- - Directory Service Access
- - Account Logon
Changed By:
User Name: ARWEN$
Domain Name: WG
Logon ID: (0x0,0x3E7)
This basically means that my previously applied Logon/Logoff audit was
turned off. I'm not sure which process triggered the update, it seems to
come from a system process as the User Name ARWEN$ (the server name)
suggests.
The server is a standalone server, AD is not installed. Does anyone know why
this happens and how I could fix the wrong policy update?
Best regards,
Alex
--
_______________________________________
Alexander Groß
Dipl.-Ing. (BA) für Informationstechnik
PLEASEAlexanderGrossREMOVETHIS@xxxxxx
http://www.it99.org/axl/
ICQ# 36765668
_______________________________________
.
- Follow-Ups:
- Re: Server refreshes its security policy with wrong values
- From: Steven L Umbach
- Re: Server refreshes its security policy with wrong values
- From: Caledai
- Re: Server refreshes its security policy with wrong values
- Prev by Date: Re: Whats wrong with my CAPolicy.inf file?
- Next by Date: Re: Server refreshes its security policy with wrong values
- Previous by thread: "Official" errata on Brian Komar's Windows Server 2003 PKI & Certificate Security book
- Next by thread: Re: Server refreshes its security policy with wrong values
- Index(es):
Relevant Pages
|
|
