Solved: Sharepoint MOSS 2007 issue with single user receiving 403 error

We've got a few sharepoint farms in our company, a single prod unit, and multiple test and staging environments. our staging server is giving us trouble with a single test account that we can't seem to shake out. The user simply cannot log in to sharepoint. They are a simple domain user with minimal domain rights, but standard user level access in sharepoint. We've been down the path of trying to work with services permissions to fix this issue -- but as a sharepoint user, what local service permissions should this user even have? authenticated users in general should have only the slightest control over services, right?

This failure message is sporadic and unpredictable. It may have even completely gone away with my efforts to make more relaxed permissions on MSDTC. At the end of the day, that one individual user is still given SIMPLE 403 FORBIDDEN errors from IIS upon logging in. Strangely enough, it takes 3 login attempts to generate this message. Any ideas?

Event Type:	Failure Audit
Event Source:	Security
Event Category:	Object Access 
Event ID:	560
Date:		10/6/2009
Time:		2:55:20 PM
User:		domain\SP_CBP_Test_00749
Computer:	somecomputer
Description:
Object Open:
 	Object Server:	SC Manager
 	Object Type:	SERVICE OBJECT
 	Object Name:	WinHttpAutoProxySvc
 	Handle ID:	-
 	Operation ID:	{0,475837461}
 	Process ID:	432
 	Image File Name:	C:\WINDOWS\system32\services.exe
 	Primary User Name:	somecomputernameSTAGING$
 	Primary Domain:	somedomain
 	Primary Logon ID:	(0x0,0x3E7)
 	Client User Name:	SP_CBP_Test_00749
 	Client Domain:	ALS
 	Client Logon ID:	(0x0,0x1C5CACEA)
 	Accesses:	Query status of service 
			Start the service 
			Query information from service 
 	Privileges:	-
 	Restricted Sid Count:	0
 	Access Mask:	0x94

Open in new window