[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Failure Audit with Event ID 577 Being Logged Every 10 Seconds

Posted on 2004-08-23
9
Medium Priority
?
13,149 Views
Last Modified: 2013-12-04
Hi,

I am currently getting these events being logged every 10 seconds. This seems to occur when the user logs in through terminal services to an application server we have set up. I have checked over the user profile and there is nothing I can see that would cause this. This is starting to cause problems as once this starts it will eventually slow the machine to a crawl and require a reboot. The only thing the user is doing is running Outlook 2003 in Exchange Mode, and running some of the ERP programs. Both programs are run by other users on the box without problems. The event information is below.

Privileged Service Called:
       Server:            Security
       Service:            -
       Primary User Name:      XXXXXXXX
       Primary Domain:      SANDVINE
       Primary Logon ID:      (0x0,0xB66B81F)
       Client User Name:      -
       Client Domain:      -
       Client Logon ID:      -
       Privileges:      SeIncreaseBasePriorityPrivilege

Thanks for your help in advance,

Keith Hall
0
Comment
Question by:sandvine
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 

Author Comment

by:sandvine
ID: 11874343
There is another event I have noticed as well. Its from the same user. I am not sure what to make of this one. Its another 577 Failure.

Privileged Service Called:
       Server:            Security
       Service:            -
       Primary User Name:      XXXXXXXX
       Primary Domain:      XXXXXXXX
       Primary Logon ID:      (0x0,0x3E7)
       Client User Name:      XXXXXXXX
       Client Domain:      XXXXXXXX
       Client Logon ID:      (0x0,0xB66B81F)
       Privileges:      SeCreateGlobalPrivilege
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11874405
As per Microsoft: "This problem may occur when all the following conditions are true:
1. A program that is installed on your Windows XP-based computer makes a call to the SetProcessWorkingSetSize function to release the working set.
2. Auditing of the Audit privilege use category is turned on.
3. Your user account does not have the SeIncreaseBasePriorityPrivilege user right, also known as Increase Scheduling Priority”. See Q831905 for a hotfix.

Event ID 577 appears repeatedly in the security event log of your Windows XP-based computer
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q831905
0
 

Author Comment

by:sandvine
ID: 11874627
The machine this is occuring is a Windows 2000 Server with Service Pack 4. The user does not have administrative rights and can't change the Scheduling Priority. This being a server only administrators should be able to do that. Is there anyway to get information out of the machine that will tell me what process is trying to make the SeIncreaseBasePriorityPrivilege or SeCreateGlobalPrivilege call?

Thanks.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 15

Expert Comment

by:Yan_west
ID: 11874788
Did this start after applying SP4?
0
 

Author Comment

by:sandvine
ID: 11874809
This machine has had SP4 from day one so I'm not too sure about that.
It hasn't caused any problems until recently.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11874810
The "Create Global Objects" User Right (SeCreateGlobalPrivilege)
The "Create global objects" user right (SeCreateGlobalPrivilege) is a Windows 2000 security setting that was first introduced in Windows 2000 SP4. The user right is required for a user account to create global objects in a Terminal Services session. Note that users can still create session-specific objects without being assigned this user right. By default, members of the Administrators group, the System account, and Services that are started by the Service Control Manager are assigned the "Create global objects" user right.

0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11874831
Related to SeCreateGlobalPrivilege.. check it out..

http://support.microsoft.com/default.aspx?kbid=821546#6

check the troubleshooting part, may be related.

0
 
LVL 15

Accepted Solution

by:
Yan_west earned 2000 total points
ID: 11874891
"Windows 2000 Service Pack 4 (SP4) introduces two new rights that tighten Win2K’s security model and make it compatible with Windows Server 2003. To avoid problems with installed programs, you need to understand how these new rights restrict previously allowed activity."


http://www.winnetmag.com/articles/index.cfm?articleid=39534
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11874901
the last article point directly to your awnser I think.. Both of these rights are directly involved in your problem..
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question