Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
Windows unloaded user NT AUTHORITY\NETWORK SERVICE registry when it received a notification that no other applications or services were using the profile.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the role of Userenv?
See ME949575 if you cannot start the Live Communications Server service on a Live Communications Server 2005 access proxy server.
This event indicates that the system was able to unload the user profile hive. It occurs because whatever process was holding up the hive has now released them. This event is always matched by an event 1517 from source Userenv. Event 1517 from source Userenv indicates that the system detected a service or system process that is preventing the unloading of a user profile hive. The service or system process does this by having a handle to the user profile hive even though the user is logging off.
|Private comment: Subscribers only. See example of private comment|
|Links: ME949575, Event 1517 from source Userenv|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated