Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: Service Control Manager|
The Root registry key denied access to system account program, so the service control manager took ownership of the registry key.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the role of the Service Control Manager?
As per Microsoft: "The current permissions on the specified key in the control set do not allow full access to programs running in the Local System account (such as the Service Control Manager)". See MSW2KDB, ME248445, ME255181, and ME317039 for information about this event.
See ME234918 for more information.
This Event ID appeared multiple times in the System log with entries for OEMSCSPP.INF&PPA3NT, OEMSCJT.INF&IOMEGNT, SCSIADAPTER, LogConf, Control, Zip, Clik, Legacy_Clikcard with the same description mentioned above. Just replace the word Root with any of the entries in the previous sentence.
Please note that other entries could appear in the System Log with the 7028 Event as each computer can have different devices attached. Areas of NT that were affected by this issue were as follows.
· Modems properties in the Control Panel could not be accessed.
· SCSI Drivers in the Control Panel could not be accessed.
· Telephony properties in the Control Panel could not be accessed.
This Event ID will cause the loss of functionality for all Dial Up Networking & RAS features. Also, any other Dial-in Software will be disabled as well. The solution for this problem is as follows.
1. Access the registry by the use of Regedt32.exe.
2. Go to the following Registry Entry and highlight the Enum key. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum
3. Click on the "Security" menu option and then click on "Permissions".
4. Add the local "Administrators" group with "Full Control". Please note that if the computer in question is part of a Domain, the Domain name will appear first. Click on the "Down Arrow" and select the local machine name before proceeding.
5. Before Clicking on "OK" button to complete this operation you must ensure that there is a check mark in the box for "Allow inheritable permissions from parent to propagate to this object". The Administrator group needs full access to the Enum Registry Entry.
6. Close Regedt32 and restart the workstation. After the restart, the computer should be fixed. To ensure that the changes worked, go the Event System Log and look for any additional 7028 Event ID's. Please note that this was worked on with Microsoft and has been validated by them. A knowledge base article is forth coming detailing this issue.
|Private comment: Subscribers only. See example of private comment|
|Links: ME234918, ME248445, ME255181, ME317039, MSW2KDB|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (1) - More links...|
Send comments or solutions
- Notify me when updated