dcsned
asked on
SACL Watcher error after Exch 2010 SP1 upgrade
Getting the following Warning in my Application events log after Exchange 2010 upgrade to SP1:
SACL Watcher servicelet found that the SeSecurityPrivilege privilege is removed from account S-1-5-21-4238427144-307184 9471-16143 50421-3235 .
SACL Watcher servicelet found that the SeSecurityPrivilege privilege is removed from account S-1-5-21-4238427144-307184
ASKER
Steinmto,
Thank you for your response. I saw this solution online, and went to Group Policy and didn't know how to do what you stated. Could you walk me through this?
thanks!
Thank you for your response. I saw this solution online, and went to Group Policy and didn't know how to do what you stated. Could you walk me through this?
thanks!
That is where you would add the group at.
Do you know what account S-1-5-21-4238427144-307184 9471-16143 50421-3235 is?
It sounds like it is a deleted account since it is not showing the username. Here is a tool to show the username to sid name.
http://technet.microsoft.com/en-us/sysinternals/bb897417
http://technet.microsoft.com/en-us/sysinternals/bb897417
ASKER
Thank you...that was very helpful.
How do I find out which group the SID refers to?
How do I find out which group the SID refers to?
This is most likely an account that was deleted.
Here is a soultion I found on technet.
http://social.technet.microsoft.com/Forums/en/exchange2010/thread/f699b6f1-2945-46f9-94f5-26e6e1572946
http://social.technet.microsoft.com/Forums/en/exchange2010/thread/f699b6f1-2945-46f9-94f5-26e6e1572946
ASKER
The SID was for "Exchange Servers"
In my "Manage auditing and Security Log" the group "Exchange Enterprise Servers" is in there.
Do I also add the "Exchange servers" group to that policy?
In my "Manage auditing and Security Log" the group "Exchange Enterprise Servers" is in there.
Do I also add the "Exchange servers" group to that policy?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks! You have been very helpful!
Glad to help.
security log user right on the default domain controllers policy in
group policy management.