Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Maintenance: Recommended maintenance tasks for Windows servers|
The machine wide group policy <policy> Limits security descriptor is invalid. The security descriptor is defined as an invalid Security Descriptor Definitions Language (SDDL) string. The requested action was therefore not performed. Please contact your administrator to get the security descriptor corrected in the Group Policy settings.
|English: Request a translation of the event description in plain English.|
From a newsgroup post: "The problem was in the "DCOM: Machine Access Restrictions" and "DCOM: Machine Launch Restrictions". These had been modified and not even the Admins could change them back through gpedit.msc. It caused all sorts of problems. I tried all the solutions from the web to no result. After a lot of research I found the registry settings that alter this. They are:
These 2 keys should not be there by default so on a PC they can be deleted. On the server I was afraid to delete them (it is a production server) so I added (A;;CCDCLC;;;WD) on the first key and (A;;CCDCLCSWRP;;;WD) on the second one. This change included the "Everyone" group on both restrictions. The best thing is to reboot (although on the production server I just left it to synchronise by itself). Everything is working smoothly now and no other problems have emerged (and I can now change policy settings and access DCOM and WMI applications)".
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (1) - More links...|
Send comments or solutions
- Notify me when updated