sandvine
asked on
Failure Audit with Event ID 577 Being Logged Every 10 Seconds
Hi,
I am currently getting these events being logged every 10 seconds. This seems to occur when the user logs in through terminal services to an application server we have set up. I have checked over the user profile and there is nothing I can see that would cause this. This is starting to cause problems as once this starts it will eventually slow the machine to a crawl and require a reboot. The only thing the user is doing is running Outlook 2003 in Exchange Mode, and running some of the ERP programs. Both programs are run by other users on the box without problems. The event information is below.
Privileged Service Called:
Server: Security
Service: -
Primary User Name: XXXXXXXX
Primary Domain: SANDVINE
Primary Logon ID: (0x0,0xB66B81F)
Client User Name: -
Client Domain: -
Client Logon ID: -
Privileges: SeIncreaseBasePriorityPriv
Thanks for your help in advance,
Keith Hall
I am currently getting these events being logged every 10 seconds. This seems to occur when the user logs in through terminal services to an application server we have set up. I have checked over the user profile and there is nothing I can see that would cause this. This is starting to cause problems as once this starts it will eventually slow the machine to a crawl and require a reboot. The only thing the user is doing is running Outlook 2003 in Exchange Mode, and running some of the ERP programs. Both programs are run by other users on the box without problems. The event information is below.
Privileged Service Called:
Server: Security
Service: -
Primary User Name: XXXXXXXX
Primary Domain: SANDVINE
Primary Logon ID: (0x0,0xB66B81F)
Client User Name: -
Client Domain: -
Client Logon ID: -
Privileges: SeIncreaseBasePriorityPriv
Thanks for your help in advance,
Keith Hall
As per Microsoft: "This problem may occur when all the following conditions are true:
1. A program that is installed on your Windows XP-based computer makes a call to the SetProcessWorkingSetSize function to release the working set.
2. Auditing of the Audit privilege use category is turned on.
3. Your user account does not have the SeIncreaseBasePriorityPriv
Event ID 577 appears repeatedly in the security event log of your Windows XP-based computer
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q831905
1. A program that is installed on your Windows XP-based computer makes a call to the SetProcessWorkingSetSize function to release the working set.
2. Auditing of the Audit privilege use category is turned on.
3. Your user account does not have the SeIncreaseBasePriorityPriv
Event ID 577 appears repeatedly in the security event log of your Windows XP-based computer
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q831905
ASKER
The machine this is occuring is a Windows 2000 Server with Service Pack 4. The user does not have administrative rights and can't change the Scheduling Priority. This being a server only administrators should be able to do that. Is there anyway to get information out of the machine that will tell me what process is trying to make the SeIncreaseBasePriorityPriv
Thanks.
Thanks.
Did this start after applying SP4?
ASKER
This machine has had SP4 from day one so I'm not too sure about that.
It hasn't caused any problems until recently.
It hasn't caused any problems until recently.
The "Create Global Objects" User Right (SeCreateGlobalPrivilege)
The "Create global objects" user right (SeCreateGlobalPrivilege) is a Windows 2000 security setting that was first introduced in Windows 2000 SP4. The user right is required for a user account to create global objects in a Terminal Services session. Note that users can still create session-specific objects without being assigned this user right. By default, members of the Administrators group, the System account, and Services that are started by the Service Control Manager are assigned the "Create global objects" user right.
The "Create global objects" user right (SeCreateGlobalPrivilege) is a Windows 2000 security setting that was first introduced in Windows 2000 SP4. The user right is required for a user account to create global objects in a Terminal Services session. Note that users can still create session-specific objects without being assigned this user right. By default, members of the Administrators group, the System account, and Services that are started by the Service Control Manager are assigned the "Create global objects" user right.
Related to SeCreateGlobalPrivilege.. check it out..
http://support.microsoft.com/default.aspx?kbid=821546#6
check the troubleshooting part, may be related.
http://support.microsoft.com/default.aspx?kbid=821546#6
check the troubleshooting part, may be related.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
the last article point directly to your awnser I think.. Both of these rights are directly involved in your problem..
ASKER
Privileged Service Called:
Server: Security
Service: -
Primary User Name: XXXXXXXX
Primary Domain: XXXXXXXX
Primary Logon ID: (0x0,0x3E7)
Client User Name: XXXXXXXX
Client Domain: XXXXXXXX
Client Logon ID: (0x0,0xB66B81F)
Privileges: SeCreateGlobalPrivilege