Re: Security Log Event 529
- From: HeadNerd <HeadNerd@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 12 Jun 2009 20:56:01 -0700
All users log in with a domain account. The AV was a push from the server,
including the IE6 machine. The reason I expect the problem to be related to
IE, ISA or what ever is that it only seems to occur when the users are
accessing the web. It happens during business hours, and that is when the
users are accessing the various web sites necessary to do business. The
configs on the work stations did NOT change. Only the server was replaced
with new hardware. SAME AD (swing migration). Nothing was ever installed on
the workstations using the local administrator account, which is why this
doesn't make much sense.
"Ace Fekay [Microsoft Certified Trainer]" wrote:
"HeadNerd" <HeadNerd@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message.
news:BE912778-CCC3-418C-B7C7-EDBDB7764708@xxxxxxxxxxxxxxxx
Password is the same. Also, the VPC is the one using IE6, the rest of the
systems use IE7. It appears to be the administrator of each WORKSTATION
that
is creating the errors as shown in the event log entry. I doubt it is a
scheduled task, as I have set up none on the work stations except a
virus/malware scan which is configured and scheduled from the server to
run
after hours. Also, when the errors occur, they are clustered at intervals
of
1 or 2 seconds apart, and the frequency drops from many hundreds or even
thousands per hour to just one or two an hour once everybody leaves for
the
day. They also correlate to internet activity related to the line of
business
(again on IE7 machines not the single IE6 system) I'm sure it's something
related to GPO or IIS, but I'm just not sure where to start looking. I was
hoping that somebody had seen something similar and had a fix. I'd be
willing
to bet it will be one setting that needs to be changed or reset.
Ok, so you narrowed down to at least the local workstation administrator
account, not the domain admin account. That's a start.
Are the users logging on to the workstation with the local admin account, or
their domain accounts?
How about the workstation AV installation? Was that installed with a domain
admin account or the local admin machine account?
I'm not sure if it has anything to do with IE at this point, or even a GPO
or IIS (is IIS installed on the workstations? if so, why?), but rather a
config or something different on the workstations that is different than the
VPC machine. Possibly the AV?
Ace
- Follow-Ups:
- Re: Security Log Event 529
- From: Ace Fekay [Microsoft Certified Trainer]
- Re: Security Log Event 529
- References:
- Security Log Event 529
- From: HeadNerd
- Re: Security Log Event 529
- From: Larry Struckmeyer [SBS MVP]
- Re: Security Log Event 529
- From: HeadNerd
- Re: Security Log Event 529
- From: Larry Struckmeyer [SBS-MVP]
- Re: Security Log Event 529
- From: HeadNerd
- Re: Security Log Event 529
- From: Ace Fekay [Microsoft Certified Trainer]
- Re: Security Log Event 529
- From: HeadNerd
- Re: Security Log Event 529
- From: Ace Fekay [Microsoft Certified Trainer]
- Security Log Event 529
- Prev by Date: Re: Security Log Event 529
- Next by Date: Re: Security Log Event 529
- Previous by thread: Re: Security Log Event 529
- Next by thread: Re: Security Log Event 529
- Index(es):
Relevant Pages
|
