Home All Groups Group Topic Archive Search About

How do I trace a batch process?

microsoft.public.win2000.security
Author
31 Oct 2006 9:00 PM
Greg
I know logon type 4 is a batch process, like scheduled tasks. This looks like
a hack job, how can I find out where this is coming from? Below is the event
log. TIA

Event Type:    Failure Audit
Event Source:    Security
Event Category:    Logon/Logoff
Event ID:    534
Date:        10/13/2006
Time:        11:40:48 AM
User:        NT AUTHORITY\SYSTEM
Computer:    EMPIRE
Description:
Logon Failure:
    Reason:    The user has not been granted the requested
        logon type at this machine
    User Name:    IWAM_EMPIRE
    Domain:        CLAIMLINE
    Logon Type:    4
    Logon Process:    DCOMSCM
    Authentication Package:    Negotiate
    Workstation Name:    EMPIRE

Author
3 Nov 2006 10:17 AM
Roger Abell [MVP]
What is your actual issue ?
The event message seems to be saying that you have
IIS installed on machine named EMPIRE but that its
IWam_EMPIRE account is not granted the batch logon
user right (which it needs).  However, it also appears
that the account is not EMPIRE\IWam_EMPIRE as one
would expect in a normal (unmodified) setup of IIS on
a member in domain CLAIMLINE, but instead it appears
to be configured to use CLAIMLINE\IWam_EMPIRE.
This makes be think perhaps that EMPIRE is a DC and
IIS was installed before dcpromo, rather than after as
should be done.

Show quoteHide quote
"Greg" <G***@discussions.microsoft.com> wrote in message
news:A03F9FD2-36AC-4E81-8372-3437C1BC1B4E@microsoft.com...
>I know logon type 4 is a batch process, like scheduled tasks. This looks
>like
> a hack job, how can I find out where this is coming from? Below is the
> event
> log. TIA
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 534
> Date: 10/13/2006
> Time: 11:40:48 AM
> User: NT AUTHORITY\SYSTEM
> Computer: EMPIRE
> Description:
> Logon Failure:
>  Reason: The user has not been granted the requested
>  logon type at this machine
>  User Name: IWAM_EMPIRE
>  Domain: CLAIMLINE
>  Logon Type: 4
>  Logon Process: DCOMSCM
>  Authentication Package: Negotiate
>  Workstation Name: EMPIRE
>
>



Post Other interesting topics
Account Logon Time Restriction
Changing process priorities of normal users
Mystery Directories
security and pipes explained
Autoenrollment of Certificate
Certificate FQDN example.local domain using example.com certificate
ISA 2000
L2TP VPN question
How to keep track of files and directories
manual certificate enrollment with a Windows 2000 CA?