RE: Sysprep'd image, event 10020
Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance
"David" wrote:
>
>
> "Joe" wrote:
>
> > I setup a machine, and included IIS. Then Sysprep'd. All machines brought
> > to life with this image are logging the following error in the event log.
> >
> > I assume this has something to do with the machines being renamed during the
> > imaging process? Any fix for this? is this "bad"?
> >
>
> > Thanks,
> >
> > Joe
> >
> >
> > Event Type: Error
> > Event Source: DCOM
> > Event Category: None
> > Event ID: 10020
> > Date: 26-Jan-06
> > Time: 10:14:45
> > User: N/A
> > Computer: ZATHRAS
> > Description:
> > The machine wide Default Launch and Activation security descriptor is
> > invalid. It contains Access Control Entries with permissions that are
> > invalid. The requested action was therefore not performed. This security
> > permission can be corrected using the Component Services administrative
> > tool.
> >
> > For more information, see Help and Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> >
> >
> >
>
> Joe - I've had a post on this for at least 6 month - no resposes at all -
> especially from Microsoft people.
>
> The problem seems to be the IWAM account. I can manually fix it by the
> following steps:
> start -> Settings -> Control Panel -> Administrative Tools -> Component
> Services -> Component Services -> Computers -> My Computer
>
> Right click My Computer -> Properties -> Com Security tab -> Launch and
> Activation Permissions -> Edit Default -> remove "Launch IIS Process Account"
> -> add IWAM_... account
>
> I'm trying te see if there is a way to programmatically change the account
> entry in dcom.
>
> Interestingly though is that on a clean installation (no sysprep use) with
> IIS there is no IWAM_ ... account listed. So this may just be a wild goose
> chase.
>
> Have you had any luck? Have you found that this causes any problems?
>
> I'm at a Computer Science school and the image will be used in teaching labs
> so I would like to know it works properly.
>
>
One other thing I just noticed is that in addition to the IWAM_... account,
the IUSR_ ... account has also been added by the sysprep process.
Again - I have no idea if either of these two accounts is needed but as they
weren't before using sysprep, I assume that they are not needed.
.
Relevant Pages
- Re: Unlock acct permissions
... Joe is one of the best in the world. ... How do I get DSACLS to run on a specific account? ... The permissions in the security do not seem>>> to ... The correct permissions are on the security group, ...
(microsoft.public.win2000.active_directory) - Re: Unlock acct permissions
... It may actually be the best of the bunch but it is very old now so it is mostly about those GOOD FUNDAMENTALS that one needs and which Joe referenced. ... >>>Overall you appear to be a very "green" admin and you should buy one or more>>>books and learn this stuff before you do too much more. ... >>>Joe Richards Microsoft MVP Windows Server Directory Services ... How do I get DSACLS to run on a specific account? ...
(microsoft.public.win2000.active_directory) - Re: Service running as Local system account Unable to map drive on
... Hi Joe and Phillip ... account has full permissions on both the share and the file system itself. ... Security Eventlog: ...
(microsoft.public.security) - Re: Password Expired Query
... issue their own LDAP query to do this. ... If you just want to get this done, Joe R's tool is very easy. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The problem is there isn't a flag saying the account is expired, ...
(microsoft.public.windows.server.active_directory) - Re: Question about login script
... "Joe" wrote: ... > Is something wrong with my SQL statement? ... >>> I have a login page. ... he needs to activate his account. ...
(microsoft.public.dotnet.framework.aspnet) |
|
