Re: Scheduled Tasks - Strange Permissions Issue

"e v t" <msnewsacct@xxxxxxxxxxxxxx> wrote in message
news:OySkR2iEHHA.1196@xxxxxxxxxxxxxxxxxxxxxxx
Hi Roger,
Thanks for the info. What I don't understand is why it works perfectly
when the task is run as Administrator. I've tried assigning the account
I'm using to be in the Administrators group, removing all other groups,
and assigning the permissions in Local Security Policy. I'm trying to
figure out what other permissions the Administrator has that are not
obvious. Does this make sense?


Hi Eric,

Your words make sense, the behavior they describe does not.

There are very few things hardwired for the Administrator SID,
like not being able to be locked out from login (although this may
require safe mode boot to use). I am not sure whether there is a
list of the hard-wired to be found anywhere.

Roger



Roger Abell [MVP] wrote:
I have seen that odd, unicode-ish, proc id in these failure events
on W2k3 R2 systems. In each case I have tracked it only so
far as due to excessive network restrictions (ipsec, firewall)
on communications either by the machine with itself or with
the domain controllers. I have not pinned it down to exactly
what, which protocol/ports. Similarly when I last attempted
searches for info on the failure with odd logon process id,
I turned up nothing specific.


"e v t" <msnewsacct@xxxxxxxxxxxxxx> wrote in message
news:u8MTWSxDHHA.1748@xxxxxxxxxxxxxxxxxxxxxxx
I have a question about Scheduled Tasks on Windows 2003 Server. I've
got several scheduled tasks that are exhibiting some strange behavior.
They appear to run and don't issue any errors in the scheduled tasks
log, yet they seem to be having permissions problems. Here's an
example...

There's a job that's configured to run under a specific user. The user
has "Log on as a service" and "Log on as a batch job" permissions. When
I run the job, no errors are reported in the 'SchedLgU.txt' file.
However, the application that I'm running via the Scheduled Task has its
own log which states, "Access is denied". When I change the user to
'Administrator', the job works just fine. I've tried adding the user
who runs the job into the Administrators group, but this doesn't appear
to work, either. I notice in the Security Event Log that when the job
is run under the other user, the following shows up:

Logon Failure:
Reason: An error occurred during logon
User Name: task_user
Domain: SERVER1C
Logon Type: 3
Logon Process: Ðùl
Authentication Package: NTLM
Workstation Name: SERVER1C
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.1.20

The only strange thing I can see above is the 'Logon Process' output.
What's up with that?

The scheduled jobs worked fine under Windows 2000. I've been pulling my
hair out over this for the past two days and I know it's got to be
something simple. Can anyone assist, please?

Thanks in advance for any assistance you can provide.

-evt


.

Relevant Pages

  • Errors After Changing Administrator Password
    ... We had to change our domain administrator password, ... DCOM got error "Logon failure: unknown user name or bad password. ... Caller User Name: BRADFORDDC01$ ... Once in DCOM Config, I looked for the application ID referenced in the ...
    (microsoft.public.windows.server.sbs)
  • Re: Security issue
    ... How to configure remote access client account lockout in Windows Server 2003 ... 10 time a username and password (Mostly if it's administrator) then the ... Logon Failure: ... Caller User Name: PRANA$ ...
    (microsoft.public.windows.server.sbs)
  • Re: Scheduled Tasks - Strange Permissions Issue
    ... I'm trying to figure out what other permissions the Administrator has that are not obvious. ... They appear to run and don't issue any errors in the scheduled tasks log, yet they seem to be having permissions problems. ... Logon Failure: ... Caller User Name: - ...
    (microsoft.public.windows.server.security)
  • Re: Help needed with Critical Errors in Security Log
    ... Logon Failure: Account locked out ... How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com ... Caller User Name: administrator ... Caller Domain: BARSANADHAM ...
    (microsoft.public.windows.server.sbs)
  • Re: Is it really true that NTFS is secure?
    ... > and failure auditing starting with "Audit Account Management," and also try ... > The account Group got put back in the Administrator group again. ... > The logon to account: ...
    (microsoft.public.security)