RE: ISA 2004 REPORT FAILURE
- From: Chris <Chris@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 19 Sep 2006 21:06:02 -0700
Did as you suggested and turned auditing on for the system and folders
as you suggested there was too many audit logs to determine what
was happening over a long period of time.
what i did observer was then i ran the gpupdate /force command
the NETWORK SERVICE properties was REMOVED from the
program files directory and all below including the ISAlog and summaries
directories, and ISA reports do not now work.
This lends me to believe that something is wrong with the group policy
that is setting the wrong permissions of the folders
your comments re above thanks.
""Crina Li"" wrote:
Hi Chris,.
Thanks for your update.
From the current situation, you may try to restart the computer in Safe
Mode to see if the problem also occurs in this mode. And you can enable the
Audit on the 2 folders to see who change the permission.
Thanks for your time and I look forward to hearing from you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: ISA 2004 REPORT FAILURE
| thread-index: AcbYzY+GhE06GR+NQ7eJITd03yiw/A==
| X-WBNR-Posting-Host: 58.169.129.168
| From: =?Utf-8?B?Q2hyaXM=?= <Chris@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <FF4294D7-2EF1-40CA-81FA-E9CB39034A78@xxxxxxxxxxxxx>
<ILUZLSj0GHA.4548@xxxxxxxxxxxxxxxxxxxxx>
<07BEA69F-B40E-48D3-AE5B-0ED4C159E081@xxxxxxxxxxxxx>
<RNDvMux0GHA.4220@xxxxxxxxxxxxxxxxxxxxx>
<6A9614B3-A043-4BAB-910A-841342CBDAD6@xxxxxxxxxxxxx>
<E656A05E-0C97-41F8-9AA8-DDFD556C1D43@xxxxxxxxxxxxx>
<8gyZBeV1GHA.4280@xxxxxxxxxxxxxxxxxxxxx>
<8E1EAD7C-1659-4705-A8F4-04082878759E@xxxxxxxxxxxxx>
<152F6CA4-140E-409E-AD45-D2133110A214@xxxxxxxxxxxxx>
<qhczxTx1GHA.2156@xxxxxxxxxxxxxxxxxxxxx>
<E6DC629E-C6F4-4568-92A9-79DCA771D0D0@xxxxxxxxxxxxx>
<dDwPA$91GHA.4280@xxxxxxxxxxxxxxxxxxxxx>
<898E5028-B1E3-42D0-B31F-E103668C0B04@xxxxxxxxxxxxx>
<WGNZdsH2GHA.4464@xxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: ISA 2004 REPORT FAILURE
| Date: Fri, 15 Sep 2006 06:48:01 -0700
| Lines: 332
| Message-ID: <4E9F4A5B-8BE6-46F9-B0D5-78EDEEBDAC49@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGXA01.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:297809
| NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Unfortunately the problem still remains
| the ISA Reports still fail because
| the permissions on the working folders
| are changed after a period of time.
|
| I can change the permissions manually
| on the ISALogs and ISASummaries folders
| to include the NETWORK SERVICES account
| when I do this the reports run fine
|
| The permissions remain intact even after
| a server reboot.
|
| What happens is that after a period of time
| mostly overnight, when I return the next
| morning the NETWORK SERVICES permissions
| are missing from the two folders and
| the ISA reports fail
|
| I suspect that the SceCli program is the cause
| but dont know why or how to fix it.
|
| What are your thoughts on this ? or do you know
| of any other reason why the system would be
| removing the permissions from those directories
|
| Thanks again for your patience.
|
| Chris
|
| ""Crina Li"" wrote:
|
| > Hi Chris,
| >
| > Thanks for your update.
| >
| > If the issue has disappeared, you may not do that.
| >
| > Thanks for your time.
| >
| > Best regards,
| >
| > Crina Li (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| >
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| > --------------------
| > | Thread-Topic: ISA 2004 REPORT FAILURE
| > | thread-index: AcbX5K7y0vj61H/WTvyzV/+QhR+Bmw==
| > | X-WBNR-Posting-Host: 58.169.129.168
| > | From: =?Utf-8?B?Q2hyaXM=?= <Chris@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <FF4294D7-2EF1-40CA-81FA-E9CB39034A78@xxxxxxxxxxxxx>
| > <ILUZLSj0GHA.4548@xxxxxxxxxxxxxxxxxxxxx>
| > <07BEA69F-B40E-48D3-AE5B-0ED4C159E081@xxxxxxxxxxxxx>
| > <RNDvMux0GHA.4220@xxxxxxxxxxxxxxxxxxxxx>
| > <6A9614B3-A043-4BAB-910A-841342CBDAD6@xxxxxxxxxxxxx>
| > <E656A05E-0C97-41F8-9AA8-DDFD556C1D43@xxxxxxxxxxxxx>
| > <8gyZBeV1GHA.4280@xxxxxxxxxxxxxxxxxxxxx>
| > <8E1EAD7C-1659-4705-A8F4-04082878759E@xxxxxxxxxxxxx>
| > <152F6CA4-140E-409E-AD45-D2133110A214@xxxxxxxxxxxxx>
| > <qhczxTx1GHA.2156@xxxxxxxxxxxxxxxxxxxxx>
| > <E6DC629E-C6F4-4568-92A9-79DCA771D0D0@xxxxxxxxxxxxx>
| > <dDwPA$91GHA.4280@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: RE: ISA 2004 REPORT FAILURE
| > | Date: Thu, 14 Sep 2006 03:01:01 -0700
| > | Lines: 319
| > | Message-ID: <898E5028-B1E3-42D0-B31F-E103668C0B04@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | Path: TK2MSFTNGXA01.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:297490
| > | NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Sorry for being unclear,
| > | The permissions remained intact after the reboot
| > | that is I set NETWORK SERVICES on the program files
| > | directory (and all sub folders) and it remained there
| > | after the reboot.
| > |
| > |
| > | I have a very strong suspission that SceCli is resetting the
| > | permissions when it runs.
| > |
| > | Is it still worth while looking into the auditing ?
| > |
| > | Thanks for the response, I do appreciate the info greatly
| > |
| > | Chris.
| > |
| > |
| > | ""Crina Li"" wrote:
| > |
| > | > Hi Chris,
| > | >
| > | > Thanks for your update.
| > | >
| > | > Do you mean the NETWORK SERVICES permissions are still missing from
the
| > ISA
| > | > folders after a clean boot? If so, I suggest we restart the
computer in
| > | > Safe Mode with Network to see if the problem also occurs in this
mode.
| > Safe
| > | > Mode loads a minimally protected-mode configuration, disabling
Windows
| > | > device drivers and using the standard VGA display adapter.
| > | >
| > | > 1. Restart the computer.
| > | > 2. Keep pressing F8 key until the Windows Startup menu appears.
| > | > 3. Choose the Safe Mode with Network, and press Enter.
| > | >
| > | > Note: Some third party applications and hardware devices cannot be
used
| > | > during Safe Mode.
| > | >
| > | > Also you can enable Audit log in Event log to do so. I provide the
| > detailed
| > | > steps on SBS for your reference:
| > | >
| > | > 1. Click Start, click Run, type "gpmc.msc" and click OK.
| > | > 2. Expand Domains -> your domain -> Domain Controllers.
| > | > 3. Right-click Small Business Server Auditing Policy and click Edit.
| > | > 4. Expand Computer Configuration -> Windows Settings -> Security
| > Settings
| > | > -> Local Policies -> Audit Policy.
| > | > 5. In the right pane, double-click "Audit object access".
| > | > 6. To audit successful access of specified files, folders, select
the
| > | > Success check box.
| > | > 7. To audit unsuccessful access to these objects, select the
Failure
| > check
| > | > box.
| > | > 8. To enable auditing of both, select both check boxes.
| > | > 9. Click OK.
| > | > 10. Run "gpupdate /force" or restart the computer so that the
policy
| > takes
| > | > effect on SBS.
| > | >
| > | > After you enable auditing, you need to specify the files, folders
that
| > you
| > | > want audited. To do so:
| > | >
| > | > 1. In Windows Explorer, locate the file or folder you want to
audit.
| > | > 2. Right-click the file, folder that you want to audit, and then
click
| > | > Properties.
| > | > 3. Click the Security tab, and then click Advanced.
| > | > 4. Click the Auditing tab, and then click Add.
| > | > 5. In the "Enter the object name to select" box, type the name of
the
| > user
| > | > or group whose access you want to audit. You can browse the
computer
| > for
| > | > names by clicking Advanced, and then clicking Find Now in the
"Select
| > User
| > | > or Group" dialog box.
| > | > 6. Click OK.
| > | > 7. Select the Successful or Failed check boxes for the actions you
want
| > to
| > | > audit, and then click OK.
| > | > 8. Click OK, and then click OK.
| > | >
| > | > After that, you may check the Security event log to find who change
the
| > | > permission.
- Follow-Ups:
- RE: ISA 2004 REPORT FAILURE
- From: "Crina Li"
- RE: ISA 2004 REPORT FAILURE
- References:
- RE: ISA 2004 REPORT FAILURE
- From: "Crina Li"
- RE: ISA 2004 REPORT FAILURE
- From: Chris
- RE: ISA 2004 REPORT FAILURE
- From: "Crina Li"
- RE: ISA 2004 REPORT FAILURE
- From: Chris
- RE: ISA 2004 REPORT FAILURE
- From: Chris
- RE: ISA 2004 REPORT FAILURE
- From: "Crina Li"
- RE: ISA 2004 REPORT FAILURE
- From: Chris
- RE: ISA 2004 REPORT FAILURE
- From: Chris
- RE: ISA 2004 REPORT FAILURE
- From: "Crina Li"
- RE: ISA 2004 REPORT FAILURE
- From: Chris
- RE: ISA 2004 REPORT FAILURE
- From: "Crina Li"
- RE: ISA 2004 REPORT FAILURE
- From: Chris
- RE: ISA 2004 REPORT FAILURE
- From: "Crina Li"
- RE: ISA 2004 REPORT FAILURE
- From: Chris
- RE: ISA 2004 REPORT FAILURE
- From: "Crina Li"
- RE: ISA 2004 REPORT FAILURE
- Prev by Date: RE: Admt version 2 : migration from windows server 2000 to sbs2003
- Next by Date: Re: Unable to receive some faxes
- Previous by thread: RE: ISA 2004 REPORT FAILURE
- Next by thread: RE: ISA 2004 REPORT FAILURE
- Index(es):
Relevant Pages
|
