Sign in with
Sign up | Sign in
Your question

What does this winlogon.log message mean?!

Last response: in Windows 2000/NT
Share
Anonymous
November 3, 2004 8:56:07 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I found the following in winlogon.log and I'm a bit worried. Any idea what
it means?

Invoke Registry Value Delay Filter.
Analyze machine\software\microsoft\windows
nt\currentversion\setup\recoveryconsole\securitylevel.
Analyze machine\software\microsoft\windows
nt\currentversion\setup\recoveryconsole\setcommand.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\allocatecdroms.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\allocatedasd.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\allocatefloppies.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\cachedlogonscount.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\passwordexpirywarning.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\scremoveoption.
Analyze
machine\software\microsoft\windows\currentversion\policies\system\disablecad
..
Analyze
machine\software\microsoft\windows\currentversion\policies\system\dontdispla
ylastusername.
Analyze
machine\software\microsoft\windows\currentversion\policies\system\legalnotic
ecaption.
Analyze
machine\software\microsoft\windows\currentversion\policies\system\legalnotic
etext.
Analyze
machine\software\microsoft\windows\currentversion\policies\system\shutdownwi
thoutlogon.
Analyze machine\system\currentcontrolset\control\lsa\auditbaseobjects.
Analyze machine\system\currentcontrolset\control\lsa\crashonauditfail.
Analyze machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Analyze machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
Analyze machine\system\currentcontrolset\control\lsa\restrictanonymous.
Analyze machine\system\currentcontrolset\control\print\providers\lanman
print services\servers\addprinterdrivers.
Analyze machine\system\currentcontrolset\control\session manager\memory
management\clearpagefileatshutdown.
Analyze machine\system\currentcontrolset\control\session
manager\protectionmode.
Analyze
machine\system\currentcontrolset\services\lanmanserver\parameters\autodiscon
nect.
Analyze
machine\system\currentcontrolset\services\lanmanserver\parameters\enableforc
edlogoff.
Analyze
machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecu
ritysignature.
Analyze
machine\system\currentcontrolset\services\lanmanserver\parameters\requiresec
uritysignature.
Analyze
machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
eplaintextpassword.
Analyze
machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
esecuritysignature.
Analyze
machine\system\currentcontrolset\services\lanmanworkstation\parameters\requi
resecuritysignature.
Analyze
machine\system\currentcontrolset\services\netlogon\parameters\disablepasswor
dchange.
Analyze
machine\system\currentcontrolset\services\netlogon\parameters\requiresignors
eal.
Analyze
machine\system\currentcontrolset\services\netlogon\parameters\requirestrongk
ey.
Analyze
machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechan
nel.
Analyze
machine\system\currentcontrolset\services\netlogon\parameters\signsecurechan
nel.
Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
Copy local policy.
----Configuration engine is initialized successfully.----

----Reading Configuration template info...


----Configure User Rights...
Configure S-1-6-32-545.
Configure S-1-6-32-542.
Configure S-1-6-21-1933862763-1390167357-839552115-1002.
Configure S-1-6-21-1933862763-1390167357-839552115-1001.
Configure S-1-6-32-548.
Configure S-1-6-32-546.
Configure S-1-1-1.
Configure S-1-6-7.
Configure S-1-6-21-1933862763-1390167357-839552115-501.
Configure S-1-6-21-1933862763-1390167357-839552115-1000.

User Rights configuration completed successfully.

More about : winlogon log message

Anonymous
November 3, 2004 10:41:34 PM

Archived from groups: microsoft.public.win2000.security (More info?)

This is the logging the scecli.dll component does when applying security
policy to the computer.
The configure user rights is perfrectly normal.

I haven't seen the "analyze" entries before.
I suspect someone ran the "security configuration and analysis" wizard to
analyze the security policies on the computer.

Doesn't appear to be anything of concern to me.

Incidently, this log file is helpful when troubleshooting security policy
application.

Glenn L

"Robert Paris" <rpjava@hotmail.com> wrote in message
news:%23roHEgfwEHA.3620@TK2MSFTNGP09.phx.gbl...
>I found the following in winlogon.log and I'm a bit worried. Any idea what
> it means?
>
> Invoke Registry Value Delay Filter.
> Analyze machine\software\microsoft\windows
> nt\currentversion\setup\recoveryconsole\securitylevel.
> Analyze machine\software\microsoft\windows
> nt\currentversion\setup\recoveryconsole\setcommand.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\allocatecdroms.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\allocatedasd.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\allocatefloppies.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\cachedlogonscount.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\passwordexpirywarning.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\scremoveoption.
> Analyze
> machine\software\microsoft\windows\currentversion\policies\system\disablecad
> .
> Analyze
> machine\software\microsoft\windows\currentversion\policies\system\dontdispla
> ylastusername.
> Analyze
> machine\software\microsoft\windows\currentversion\policies\system\legalnotic
> ecaption.
> Analyze
> machine\software\microsoft\windows\currentversion\policies\system\legalnotic
> etext.
> Analyze
> machine\software\microsoft\windows\currentversion\policies\system\shutdownwi
> thoutlogon.
> Analyze machine\system\currentcontrolset\control\lsa\auditbaseobjects.
> Analyze machine\system\currentcontrolset\control\lsa\crashonauditfail.
> Analyze
> machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
> Analyze machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
> Analyze machine\system\currentcontrolset\control\lsa\restrictanonymous.
> Analyze machine\system\currentcontrolset\control\print\providers\lanman
> print services\servers\addprinterdrivers.
> Analyze machine\system\currentcontrolset\control\session manager\memory
> management\clearpagefileatshutdown.
> Analyze machine\system\currentcontrolset\control\session
> manager\protectionmode.
> Analyze
> machine\system\currentcontrolset\services\lanmanserver\parameters\autodiscon
> nect.
> Analyze
> machine\system\currentcontrolset\services\lanmanserver\parameters\enableforc
> edlogoff.
> Analyze
> machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecu
> ritysignature.
> Analyze
> machine\system\currentcontrolset\services\lanmanserver\parameters\requiresec
> uritysignature.
> Analyze
> machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
> eplaintextpassword.
> Analyze
> machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
> esecuritysignature.
> Analyze
> machine\system\currentcontrolset\services\lanmanworkstation\parameters\requi
> resecuritysignature.
> Analyze
> machine\system\currentcontrolset\services\netlogon\parameters\disablepasswor
> dchange.
> Analyze
> machine\system\currentcontrolset\services\netlogon\parameters\requiresignors
> eal.
> Analyze
> machine\system\currentcontrolset\services\netlogon\parameters\requirestrongk
> ey.
> Analyze
> machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechan
> nel.
> Analyze
> machine\system\currentcontrolset\services\netlogon\parameters\signsecurechan
> nel.
> Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
> Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
> Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
> Copy local policy.
> ----Configuration engine is initialized successfully.----
>
> ----Reading Configuration template info...
>
>
> ----Configure User Rights...
> Configure S-1-6-32-545.
> Configure S-1-6-32-542.
> Configure S-1-6-21-1933862763-1390167357-839552115-1002.
> Configure S-1-6-21-1933862763-1390167357-839552115-1001.
> Configure S-1-6-32-548.
> Configure S-1-6-32-546.
> Configure S-1-1-1.
> Configure S-1-6-7.
> Configure S-1-6-21-1933862763-1390167357-839552115-501.
> Configure S-1-6-21-1933862763-1390167357-839552115-1000.
>
> User Rights configuration completed successfully.
>
>
!