windows2003 security change on instal?

Discussion in 'other security issues & news' started by alaria, May 18, 2005.

Thread Status:
Not open for further replies.
  1. alaria

    alaria Registered Member

    Joined:
    May 16, 2005
    Posts:
    2
    windows2003 security change on instal

    Is this normal for the first logs that my dedicated server show. I am particularly curious about what happened between 1:08 and 1:13 with the passport manager and it creating a new key and the existing security policy was backed up and deleted.

    This could be perfectly normal but it seems odd that the computer would install the operating system with 1 policy but then delete it a little bit later and use another one. Thanks for the help.
    Code:
    application	5/4/2005	1:19:03 PM	WinMgmt	Warning	None	62	N/A	XXXXXXX-67567	WMI ADAP was unable to process the .NET CLR Networking performance library since one of the data blobs reported to have classes but had zero size
application	5/4/2005	1:19:03 PM	WinMgmt	Warning	None	62	N/A	XXXXXXX-67567	WMI ADAP was unable to process the .NET CLR Data performance library since one of the data blobs reported to have classes but had zero size
application	5/4/2005	1:16:03 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:16:03 PM	LoadPerf	Information	None	1001	N/A	XXXXXXX-67567	Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
application	5/4/2005	1:15:03 PM	MsiInstaller	Information	None	11707	N/A	XXXXXXX-67567	Product: Remote Administration Tools -- Installation operation completed successfully.
application	5/4/2005	1:14:52 PM	WinMgmt	Warning	None	63	NT AUTHORITY\SYSTEM	XXXXXXX-67567	"A provider, Microsoft_SA_DiskProvider, has been registered in the WMI namespace, ROOT\CIMV2, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests."
application	5/4/2005	1:14:52 PM	WinMgmt	Warning	None	63	NT AUTHORITY\SYSTEM	XXXXXXX-67567	"A provider, Microsoft_SA_DiskProvider, has been registered in the WMI namespace, ROOT\CIMV2, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests."
application	5/4/2005	1:14:52 PM	WinMgmt	Warning	None	63	NT AUTHORITY\SYSTEM	XXXXXXX-67567	"A provider, ApplianceManager, has been registered in the WMI namespace, ROOT\CIMV2, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests."
application	5/4/2005	1:14:52 PM	WinMgmt	Error	None	24	N/A	XXXXXXX-67567	"Event provider attempted to register query ""select * from Microsoft_SA_AlertEvent"" whose target class ""Microsoft_SA_AlertEvent"" does not exist. The query will be ignored."
application	5/4/2005	1:14:52 PM	WinMgmt	Error	None	24	N/A	XXXXXXX-67567	"Event provider attempted to register query ""select * from Microsoft_SA_AlertEvent"" whose target class ""Microsoft_SA_AlertEvent"" does not exist. The query will be ignored."
application	5/4/2005	1:14:52 PM	WinMgmt	Warning	None	63	NT AUTHORITY\SYSTEM	XXXXXXX-67567	"A provider, ApplianceManager, has been registered in the WMI namespace, ROOT\CIMV2, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests."
application	5/4/2005	1:14:52 PM	WinMgmt	Warning	None	63	NT AUTHORITY\SYSTEM	XXXXXXX-67567	"A provider, ApplianceManager, has been registered in the WMI namespace, ROOT\CIMV2, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests."
application	5/4/2005	1:14:32 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:14:32 PM	LoadPerf	Information	None	1001	N/A	XXXXXXX-67567	Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
application	5/4/2005	1:13:17 PM	MSDTC	Information	TM	4097	N/A	XXXXXXX-67567	MS DTC started with the following settings:
application									
application	  Security Configuration (OFF = 0 and ON = 1):								
application	"      Network Administration of Transactions = 0,"								
application	"      Network Clients = 0,"								
application	"      Distributed Transactions using Native MSDTC Protocol = 0,"								
application	"      Transaction Internet Protocol (TIP) = 0,"								
application	      XA Transactions = 1								
application	5/4/2005	1:11:33 PM	PassportManager	Information	PassportManager 	5001	N/A	XXXXXXX-67567	Passport Manager process was stopped.
application	5/4/2005	1:08:52 PM	SceCli	Information	None	1500	N/A	XXXXXXX-67567	Security configuration was backed up to C:\WINDOWS\security\templates\setup security.inf.
application	5/4/2005	1:08:25 PM	DSReplicationProvider	Information	None	1	N/A	XXXXXXX-67567	The DS WMI Replication provider (Replprov) MOF file was successfully compiled into the WMI repository.
application	5/4/2005	1:08:25 PM	TrustMonitor	Information	None	1	N/A	XXXXXXX-67567	The TrustMon MOF file was successfully compiled into the WMI repository.
application	5/4/2005	1:08:22 PM	WmdmPmSN	Information	None	100	N/A	XXXXXXX-67567	The WmdmPmSN service was installed.
application	5/4/2005	1:08:10 PM	PassportManager	Information	PassportManager 	5008	N/A	XXXXXXX-67567	Passport Manager configuration ok.
application	5/4/2005	1:08:10 PM	PassportManager	Information	PassportManager 	5008	N/A	XXXXXXX-67567	Passport Manager configuration ok.
application	5/4/2005	1:08:10 PM	PassportManager	Information	PassportManager 	5008	N/A	XXXXXXX-67567	Passport Manager configuration ok.
application	5/4/2005	1:08:10 PM	PassportManager	Information	PassportManager 	5011	N/A	XXXXXXX-67567	A new key has been installed.
application	5/4/2005	1:08:10 PM	PassportManager	Information	PassportManager 	5000	N/A	XXXXXXX-67567	Passport Manager process started successfully.
application	5/4/2005	1:07:26 PM	LoadPerf	Information	None	1002	N/A	XXXXXXX-67567	"Performance counters for the IPSec (IPSEC driver) service are already in Performance Registry, no need to re-install again."
application	5/4/2005	1:06:04 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the ISAPISearch (ISAPISearch) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:06:04 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the ContentFilter (ContentFilter) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:06:04 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the ContentIndex (ContentIndex) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:06:03 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the ntfsdrv (ntfsdrv) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:06:03 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the SmtpSvc (Simple Mail Transfer Protocol (SMTP)) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:05:42 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the ASP (ASP) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:05:42 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the W3SVC (World Wide Web Publishing Service) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:05:38 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the inetinfo (inetinfo) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:05:31 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the .NETFramework (.NETFramework) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:05:05 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the .NET CLR Networking (.NET CLR Networking) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:05:05 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the .NET CLR Data (.NET CLR Data) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:04:41 PM	COM+	Information	-113	4156	N/A	XXXXXXX-67567	String message: RegisterComSystemAppEventData() succeeded!  Will re-try CoCreateInstance(CLSID_ComSystemAppEventData).
application	5/4/2005	1:04:41 PM	COM+	Information	-113	4156	N/A	XXXXXXX-67567	String message: Added EventClass(CLSID_ComSystemAppEventData) to event system!..
application	5/4/2005	1:04:41 PM	COM+	Information	-113	4156	N/A	XXXXXXX-67567	String message: Remove old EventClass(CLSID_ComSystemAppEventData) from event system!..
application	5/4/2005	1:04:41 PM	COM+	Information	-113	4156	N/A	XXXXXXX-67567	String message: First attemp to CoCreateInstance(CLSID_ComSystemAppEventData) failed!.
application	5/4/2005	1:04:17 PM	MSDTC	Information	TM	4097	N/A	XXXXXXX-67567	MS DTC started with the following settings:
application									
application	  Security Configuration (OFF = 0 and ON = 1):								
application	"      Network Administration of Transactions = 0,"								
application	"      Network Clients = 0,"								
application	"      Distributed Transactions using Native MSDTC Protocol = 0,"								
application	"      Transaction Internet Protocol (TIP) = 0,"								
application	      XA Transactions = 1								
application	5/4/2005	1:04:17 PM	MSDTC	Information	SVC	4104	N/A	XXXXXXX-67567	The Microsoft Distributed Transaction Coordinator service was successfully installed.
application	5/4/2005	1:04:13 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the MSDTC (MSDTC) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:03:57 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:03:57 PM	LoadPerf	Information	None	1001	N/A	XXXXXXX-67567	Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
application	5/4/2005	1:03:56 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:03:52 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the TermService (Terminal Services) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:01:30 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the RemoteAccess (Routing and Remote Access) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	1:00:37 PM	LoadPerf	Information	None	1000	N/A	XXXXXXX-67567	Performance counters for the IPSec (IPSEC driver) service were loaded successfully. The Record Data contains the new index values assigned to this service.
application	5/4/2005	5:56:06 AM	ESENT	Information	General 	100	N/A	MACHINENAME	svchost (584) The database engine 5.02.3790.0000 started.
     
    alaria, May 18, 2005
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...