windows2003 security change on instal?

Discussion in 'other security issues & news' started by alaria, May 18, 2005.

Thread Status:
Not open for further replies.
  1. alaria

    alaria Registered Member

    Joined:
    May 16, 2005
    Posts:
    2
    windows2003 security change on instal

    Is this normal for the first logs that my dedicated server show. I am particularly curious about what happened between 1:08 and 1:13 with the passport manager and it creating a new key and the existing security policy was backed up and deleted.

    This could be perfectly normal but it seems odd that the computer would install the operating system with 1 policy but then delete it a little bit later and use another one. Thanks for the help.
    Code:
    application	5/4/2005	1:19:03 PM	WinMgmt	Warning	None	62	N/A	XXXXXXX-67567	WMI ADAP was unable to process the .NET CLR Networking performance library since one of the data blobs reported to have classes but had zero size
    application	5/4/2005	1:19:03 PM	WinMgmt	Warning	None	62	N/A	XXXXXXX-67567	WMI ADAP was unable to process the .NET CLR Data performance library since one of the data blobs reported to have classes but had zero size
    application	5/4/2005	1:16:03 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:16:03 PM	LoadPerf	Information	None	1001	N/A	XXXXXXX-67567	Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
    application	5/4/2005	1:15:03 PM	MsiInstaller	Information	None	11707	N/A	XXXXXXX-67567	Product: Remote Administration Tools -- Installation operation completed successfully.
    application	5/4/2005	1:14:52 PM	WinMgmt	Warning	None	63	NT AUTHORITY\SYSTEM	XXXXXXX-67567	"A provider, Microsoft_SA_DiskProvider, has been registered in the WMI namespace, ROOT\CIMV2, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests."
    application	5/4/2005	1:14:52 PM	WinMgmt	Warning	None	63	NT AUTHORITY\SYSTEM	XXXXXXX-67567	"A provider, Microsoft_SA_DiskProvider, has been registered in the WMI namespace, ROOT\CIMV2, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests."
    application	5/4/2005	1:14:52 PM	WinMgmt	Warning	None	63	NT AUTHORITY\SYSTEM	XXXXXXX-67567	"A provider, ApplianceManager, has been registered in the WMI namespace, ROOT\CIMV2, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests."
    application	5/4/2005	1:14:52 PM	WinMgmt	Error	None	24	N/A	XXXXXXX-67567	"Event provider attempted to register query ""select * from Microsoft_SA_AlertEvent"" whose target class ""Microsoft_SA_AlertEvent"" does not exist. The query will be ignored."
    application	5/4/2005	1:14:52 PM	WinMgmt	Error	None	24	N/A	XXXXXXX-67567	"Event provider attempted to register query ""select * from Microsoft_SA_AlertEvent"" whose target class ""Microsoft_SA_AlertEvent"" does not exist. The query will be ignored."
    application	5/4/2005	1:14:52 PM	WinMgmt	Warning	None	63	NT AUTHORITY\SYSTEM	XXXXXXX-67567	"A provider, ApplianceManager, has been registered in the WMI namespace, ROOT\CIMV2, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests."
    application	5/4/2005	1:14:52 PM	WinMgmt	Warning	None	63	NT AUTHORITY\SYSTEM	XXXXXXX-67567	"A provider, ApplianceManager, has been registered in the WMI namespace, ROOT\CIMV2, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests."
    application	5/4/2005	1:14:32 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:14:32 PM	LoadPerf	Information	None	1001	N/A	XXXXXXX-67567	Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
    application	5/4/2005	1:13:17 PM	MSDTC	Information	TM	4097	N/A	XXXXXXX-67567	MS DTC started with the following settings:
    application									
    application	  Security Configuration (OFF = 0 and ON = 1):								
    application	"      Network Administration of Transactions = 0,"								
    application	"      Network Clients = 0,"								
    application	"      Distributed Transactions using Native MSDTC Protocol = 0,"								
    application	"      Transaction Internet Protocol (TIP) = 0,"								
    application	      XA Transactions = 1								
    application	5/4/2005	1:11:33 PM	PassportManager	Information	PassportManager 	5001	N/A	XXXXXXX-67567	Passport Manager process was stopped.
    application	5/4/2005	1:08:52 PM	SceCli	Information	None	1500	N/A	XXXXXXX-67567	Security configuration was backed up to C:\WINDOWS\security\templates\setup security.inf.
    application	5/4/2005	1:08:25 PM	DSReplicationProvider	Information	None	1	N/A	XXXXXXX-67567	The DS WMI Replication provider (Replprov) MOF file was successfully compiled into the WMI repository.
    application	5/4/2005	1:08:25 PM	TrustMonitor	Information	None	1	N/A	XXXXXXX-67567	The TrustMon MOF file was successfully compiled into the WMI repository.
    application	5/4/2005	1:08:22 PM	WmdmPmSN	Information	None	100	N/A	XXXXXXX-67567	The WmdmPmSN service was installed.
    application	5/4/2005	1:08:10 PM	PassportManager	Information	PassportManager 	5008	N/A	XXXXXXX-67567	Passport Manager configuration ok.
    application	5/4/2005	1:08:10 PM	PassportManager	Information	PassportManager 	5008	N/A	XXXXXXX-67567	Passport Manager configuration ok.
    application	5/4/2005	1:08:10 PM	PassportManager	Information	PassportManager 	5008	N/A	XXXXXXX-67567	Passport Manager configuration ok.
    application	5/4/2005	1:08:10 PM	PassportManager	Information	PassportManager 	5011	N/A	XXXXXXX-67567	A new key has been installed.
    application	5/4/2005	1:08:10 PM	PassportManager	Information	PassportManager 	5000	N/A	XXXXXXX-67567	Passport Manager process started successfully.
    application	5/4/2005	1:07:26 PM	LoadPerf	Information	None	1002	N/A	XXXXXXX-67567	"Performance counters for the IPSec (IPSEC driver) service are already in Performance Registry, no need to re-install again."
    application	5/4/2005	1:06:04 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the ISAPISearch (ISAPISearch) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:06:04 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the ContentFilter (ContentFilter) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:06:04 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the ContentIndex (ContentIndex) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:06:03 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the ntfsdrv (ntfsdrv) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:06:03 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the SmtpSvc (Simple Mail Transfer Protocol (SMTP)) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:05:42 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the ASP (ASP) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:05:42 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the W3SVC (World Wide Web Publishing Service) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:05:38 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the inetinfo (inetinfo) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:05:31 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the .NETFramework (.NETFramework) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:05:05 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the .NET CLR Networking (.NET CLR Networking) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:05:05 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the .NET CLR Data (.NET CLR Data) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:04:41 PM	COM+	Information	-113	4156	N/A	XXXXXXX-67567	String message: RegisterComSystemAppEventData() succeeded!  Will re-try CoCreateInstance(CLSID_ComSystemAppEventData).
    application	5/4/2005	1:04:41 PM	COM+	Information	-113	4156	N/A	XXXXXXX-67567	String message: Added EventClass(CLSID_ComSystemAppEventData) to event system!..
    application	5/4/2005	1:04:41 PM	COM+	Information	-113	4156	N/A	XXXXXXX-67567	String message: Remove old EventClass(CLSID_ComSystemAppEventData) from event system!..
    application	5/4/2005	1:04:41 PM	COM+	Information	-113	4156	N/A	XXXXXXX-67567	String message: First attemp to CoCreateInstance(CLSID_ComSystemAppEventData) failed!.
    application	5/4/2005	1:04:17 PM	MSDTC	Information	TM	4097	N/A	XXXXXXX-67567	MS DTC started with the following settings:
    application									
    application	  Security Configuration (OFF = 0 and ON = 1):								
    application	"      Network Administration of Transactions = 0,"								
    application	"      Network Clients = 0,"								
    application	"      Distributed Transactions using Native MSDTC Protocol = 0,"								
    application	"      Transaction Internet Protocol (TIP) = 0,"								
    application	      XA Transactions = 1								
    application	5/4/2005	1:04:17 PM	MSDTC	Information	SVC	4104	N/A	XXXXXXX-67567	The Microsoft Distributed Transaction Coordinator service was successfully installed.
    application	5/4/2005	1:04:13 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the MSDTC (MSDTC) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:03:57 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:03:57 PM	LoadPerf	Information	None	1001	N/A	XXXXXXX-67567	Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
    application	5/4/2005	1:03:56 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:03:52 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the TermService (Terminal Services) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:01:30 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the RemoteAccess (Routing and Remote Access) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	1:00:37 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the IPSec (IPSEC driver) service were loaded successfully. The Record Data contains the new index values assigned to this service.
    application	5/4/2005	5:56:06 AM	ESENT	Information	General 	100	N/A	MACHINENAME	svchost (584) The database engine 5.02.3790.0000 started.
     
Loading...
Thread Status:
Not open for further replies.