Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4265
  • Last Modified:

SACL Watcher error after Exch 2010 SP1 upgrade

Getting the following Warning in my Application events log after Exchange 2010 upgrade to SP1:
SACL Watcher servicelet found that the SeSecurityPrivilege privilege is removed from account S-1-5-21-4238427144-3071849471-1614350421-3235.
0
dcsned
Asked:
dcsned
  • 10
  • 4
1 Solution
 
steinmtoCommented:
To resolve: Added the group having problems to the Manage Auditing and
 security log user right on the default domain controllers policy in
 group policy management.
 
0
 
dcsnedAuthor Commented:
Steinmto,

Thank you for your response.  I saw this solution online, and went to Group Policy and didn't know how to do what you stated.  Could you walk me through this?

thanks!
0
 
steinmtoCommented:
Group Policy
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
steinmtoCommented:
That is where you would add the group at.
0
 
steinmtoCommented:
Do you know what account S-1-5-21-4238427144-3071849471-1614350421-3235 is?  
0
 
steinmtoCommented:
It sounds like it is a deleted account since it is not showing the username.  Here is a tool to show the username to sid name.

http://technet.microsoft.com/en-us/sysinternals/bb897417
0
 
dcsnedAuthor Commented:
Thank you...that was very helpful.
How do I find out which group the SID refers to?
0
 
steinmtoCommented:
Here is a list of all sids that are default in windows.

http://support.microsoft.com/kb/243330
0
 
steinmtoCommented:
This is most likely an account that was deleted.
0
 
dcsnedAuthor Commented:
The SID was for "Exchange Servers"
In my "Manage auditing and Security Log" the group "Exchange Enterprise Servers" is in there.
Do I also add the "Exchange servers" group to that policy?
0
 
steinmtoCommented:
Yes
0
 
dcsnedAuthor Commented:
Thanks!  You have been very helpful!

0
 
steinmtoCommented:
Glad to help.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

  • 10
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now