SACL Watcher error after Exch 2010 SP1 upgrade

Getting the following Warning in my Application events log after Exchange 2010 upgrade to SP1:
SACL Watcher servicelet found that the SeSecurityPrivilege privilege is removed from account S-1-5-21-4238427144-3071849471-1614350421-3235.
dcsnedAsked:
Who is Participating?
 
steinmtoCommented:
Yes
0
 
steinmtoCommented:
To resolve: Added the group having problems to the Manage Auditing and
 security log user right on the default domain controllers policy in
 group policy management.
 
0
 
dcsnedAuthor Commented:
Steinmto,

Thank you for your response.  I saw this solution online, and went to Group Policy and didn't know how to do what you stated.  Could you walk me through this?

thanks!
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
steinmtoCommented:
Group Policy
0
 
steinmtoCommented:
That is where you would add the group at.
0
 
steinmtoCommented:
Do you know what account S-1-5-21-4238427144-3071849471-1614350421-3235 is?  
0
 
steinmtoCommented:
It sounds like it is a deleted account since it is not showing the username.  Here is a tool to show the username to sid name.

http://technet.microsoft.com/en-us/sysinternals/bb897417
0
 
dcsnedAuthor Commented:
Thank you...that was very helpful.
How do I find out which group the SID refers to?
0
 
steinmtoCommented:
Here is a list of all sids that are default in windows.

http://support.microsoft.com/kb/243330
0
 
steinmtoCommented:
This is most likely an account that was deleted.
0
 
dcsnedAuthor Commented:
The SID was for "Exchange Servers"
In my "Manage auditing and Security Log" the group "Exchange Enterprise Servers" is in there.
Do I also add the "Exchange servers" group to that policy?
0
 
dcsnedAuthor Commented:
Thanks!  You have been very helpful!

0
 
steinmtoCommented:
Glad to help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.