Re: Logon Error - Event ID 533

Tecknomage

Do not click on any links this person provider as he is the worst troll current lurking in this newsgroups.

The suggestion regarding security logs should not apply if the overwrite option has been selected and you have the default maximum of 512 kb. You have received the failure report and no doubt later events are recorded in the Security log. The comments by the Real Truth Imposter are contradicted by the continuing recording of events.

How to Set Log Size and Overwrite Options
To specify log size and overwrite options, follow these steps:
Click Start, and then click Control Panel. Click Performance and Maintenance, then click Administrative Tools, and then double-click Computer Management. Or, open the MMC containing the Event Viewer snap-in.
In the console tree, expand Event Viewer, and then right-click the log in which you want to set size and overwrite options.
Under Log size, type the size that you want in the Maximum log size box.
Under When maximum log size is reached, click the overwrite option that you want.
If you want to clear the log contents, click Clear Log.
Click OK.
Source: http://support.microsoft.com/kb/308427/en-us

Take care Real Truth is plausible and many get taken in by him. Normally he posts simple comments but on this occasion his remarks are more complex.


--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~


Tecknomage wrote:
I'll double check, but I'm sure we overwrite every 30-days. Anyway,
we clear/save all Audit Logs every week, so a full log should not be
the problem.

Also, 2 days ago, I created a dummy account, member Users Group, for
testing. The user cannot logon and no Profile folder is made, as I
would expect.




On Wed, 3 Jun 2009 18:00:09 -0700, "The Real Truth MVP" <trt@xxxxxxxx>
wrote:

Your security Audit log may be full, log in as an admin and delete
it. If that is not it then check out this policy
Computer Configuration\Windows Settings\Security Settings\Local
Policies\Security Options
If this policy is enabled, it causes the system to halt if a
security audit cannot be logged for any reason. Typically, an event
will fail to be logged when the security audit log is full and the
retention method specified for the security log is either Do Not
Overwrite Events or Overwrite Events by Days. The DOD configuration
may have their own modifications to that policy.





--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do
not waste your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.




"MageMaster" <tecknode@xxxxxxx> wrote in message
news:cc113a7d-ee03-4b6c-b33e-e27527997cc7@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Neither. This is a DoD system, used where I work. This is why I
stated in my original post that all Security Settings are DoD
mandated. No network connection allowed. Win Updates via our Slip-
Stream CD use in our OEM product. AntiVirus Updates via CD, Symantec
Intelligent Updater.

As stated on my original post, WinXP SP3 was installed from scratch
(WinXP SP2 CD -> SP3 upgrade via CD). I have done this numerous
times.


On Jun 3, 1:39 pm, "Gerry" <ge...@xxxxxxxxxx> wrote:
MageMaster

I am confused. What is this computer to be used for? Is it a home or
office computer?

Have you just installed Windows XP? Have you answered these
questions
incorrectly?http://pcsupport.about.com/od/operatingsystems/ss/instxpclean3_2.htm

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~



MageMaster wrote:
The "Domain: (deleted)" = "Domain: IS00002"

The system is default WORKGROUP

Both keyboard & mouse are connected directly to this standalone
PS/2. This is a local keyboard, mouse, monitor.

I am assuming the error showing "Domain: IS00002" is what you get
when using a local logon. So, SHOULD a logon to a non-networked
standalone in a WORKGROUP, have a "Domain" name listed in this
type of Event Error?

OR, is that the error, something in WinXP thinks "Users" are
logging into an actual Domain? BUT, when ANYONE is a member of
Administrators, they do NOT have a logon problem.

On Jun 3, 10:45 am, "Gerry" <ge...@xxxxxxxxxx> wrote:
MageMaster

What version of Windows XP?

Logon Type 2 - Interactive
This is what occurs to you first when you think of logons, that
is, a logon at the console of a computer. You'll see type 2
logons when a user attempts to log on at the local keyboard and
screen whether with a domain account or a local account from the
computer's local SAM. To tell the difference between an attempt
to logon with a local or domain account look for the domain or
computer name preceding the user name in the event's description.
Don't forget that logon's through an KVM over IP component or a
server's proprietary "lights-out" remote KVM feature are still
interactive logons from the standpoint of Windows and will be
logged as
such.http://www.windowsecurity.com/articles/Logon-Types.html

http://www.microsoft.com/resources/documentation/windows/xp/all/prodd...

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

MageMaster wrote:
Gerry, the references do not apply. The fixes are for systems
using Domain Servers, NOT un-networked standalones.

On Jun 3, 9:39 am, "Gerry" <ge...@xxxxxxxxxx> wrote:
MageMaster

Some possibilities for you to
consider:http://www.eventid.net/display.asp?eventid=533&eventno=191&source=Sec...

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

MageMaster wrote:
WinXP SP3, System is standalone, not connected to a network

This is the text of the event:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 533
Date: 6/3/2009
Time: 08:14:05
User: NT AUTHORITY\SYSTEM
Computer: IS00002

Description:
Logon Failure:
Reason: User not allowed to logon at this computer
User Name: dummy
Domain: (deleted)
Logon Type: 2
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: (deleted)

--------------------------------------------------
The "deleted" text is for security purposes.

1) "Dummy" is member of "Users" Group

2) Local Security Settings, Log on locally = Users,
Administrators

Note all Security Settings are DoD mandated.

Even if I create a new account like "Dummy" I get this error.

ONLY if I make a user (ANY user) a member of Administrators can
they logon.

I found the MS TeckNet article:
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=W...

Also found many hits using Google.

Problem, none provided a fix or even a hint that applies in
this case (Users in Log on locally).

So, WHAT is the fix?- Hide quoted text -

- Show quoted text -- Hide quoted text -

- Show quoted text -- Hide quoted text -

- Show quoted text -

.