Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
Windows cannot access the registry information at C:\WINDOWS\System32\GroupPolicy\Machine\registry.pol. (Access is denied).
|English: Request a translation of the event description in plain English.|
This problem occurs when one or more of the following conditions are true:
1. There is a sharing violation on the registry.pol file. This makes the registry.pol file inaccessible to the other processes.
2. Access to parse the registy.pol file is denied through NTFS permissions.
3. Network connectivity fails when the registry.pol file is parsed.
See ME930597 for a hotfix applicable to Microsoft Windows XP.
You need to check permissions on the "registry.pol" file in the following locations:
1. Right click the "registry.pol" file, click Properties, and then click the Security tab.
2. Click the Everyone group. If the Everyone group is not listed, you can add the group by clicking Add.
3. In Permissions, click Allow for Read & Execute.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated