Re: Bug check: 0x000000d1 (0x77f68b33, 0x000000ff, 0x00000000, 0x77f68b33)

From: Kristofer Gafvert (kgafvert_at_NEWSilopia.com)
Date: 05/27/04 

Date: Thu, 27 May 2004 23:39:13 +0200

Hi George!

I think that this was "just a" blue screen. I don't think that you need to
worry about the policy being changed, this is normal, also see:

http://www.eventid.net/display.asp?eventid=612&eventno=208&source=Security&phase=1

I tried to get the name of the file that caused your blue screen, using
windbg, but it doesn't seem to include the information i need for that (i
suppose i do not have the same drivers on my machine, as you have on yours).

Since you were using the sound card, a guess is that something is not
working properly with your sound card driver. Is an update available? 

-- 
Regards,
Kristofer Gafvert - IIS MVP
http://www.ilopia.com - When you need help!
"George Valkov" <null@somewhere.com> wrote in message
news:%23UclC4AREHA.3660@tk2msftngp13.phx.gbl...
> The server is up to date. Only one renamed Admiinstrator account. Helluva
> strong NTLM account passwords for all accounts (built in Admin, Power User
> and User) with LM hash disabled.
> I was loged on as a limmited user and saving a wav file to non system
> partition disk with Sony Sound Forge 7. Sound file properties: 192 kHz, 32
> bit floating point.
> Running programs:
> Media Player 9, jetAudio 6, Media Encoder 9 (broadcating live audio
captured
> from line-in on Sound Blaster Audio PCI 128), Command Prompt run as built
> in administrator.
>
> [System Log] PM 07:48:13
> The previous system shutdown at 07:46:25 on 27.5.2004 Ç. was unexpected.
>
> [System Log] PM 07:48:14
> The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1
> (0x77f68b33, 0x000000ff, 0x00000000, 0x77f68b33). A dump was saved in:
> F:\WINDOWS\Minidump\Mini052704-01.dmp.
>
> [Security Log]
> No suspictious events. Only anonymous and guest logon events.
>
> First security event after restart:
> [Security Log] PM 07:48:13
> Audit Policy Change:
>  New Policy:
>   Success Failure
>       +     + Logon/Logoff
>       -     - Object Access
>       -     - Privilege Use
>       +     + Account Management
>       +     + Policy Change
>       -     - System
>       -     - Detailed Tracking
>       -     - Directory Service Access
>       +     + Account Logon
>
>  Changed By:
>     User Name: THE-BOSS$
>     Domain Name: 59
>     Logon ID: (0x0,0x3E7)
>
> [comment]
> Why the hell the system it self changes the security policy?
> This server is absolutely free from any viruses and malicious code.
>
>
> George Valkov
>
>
>
>
>