Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1043 Source: Userenv

Source
Level
Description
Windows cannot access the registry information at C:\WINDOWS\System32\GroupPolicy\Machine\registry.pol. (Access is denied).
Comments
 
This problem occurs when one or more of the following conditions are true:
1. There is a sharing violation on the registry.pol file. This makes the registry.pol file inaccessible to the other processes.
2. Access to parse the registy.pol file is denied through NTFS permissions.
3. Network connectivity fails when the registry.pol file is parsed.
See ME930597 for a hotfix applicable to Microsoft Windows XP.
You need to check permissions on the "registry.pol" file in the following locations:
%systemroot%\sysvol\domain\machine
%systemroot%\sysvol\domain\user
1. Right click the "registry.pol" file, click Properties, and then click the Security tab.
2. Click the Everyone group. If the Everyone group is not listed, you can add the group by clicking Add.
3. In Permissions, click Allow for Read & Execute.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...