Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 7028 Source: ServiceControlManager

Level
Description
The Root registry key denied access to system account program, so the service control manager took ownership of the registry key.
Comments
 
As per Microsoft: "The current permissions on the specified key in the control set do not allow full access to programs running in the Local System account (such as the Service Control Manager)". See MSW2KDB, ME248445, ME255181, and ME317039 for information about this event.
See ME234918 for more information.
This Event ID appeared multiple times in the System log with entries for OEMSCSPP.INF&PPA3NT, OEMSCJT.INF&IOMEGNT, SCSIADAPTER, LogConf, Control, Zip, Clik, Legacy_Clikcard with the same description mentioned above. Just replace the word Root with any of the entries in the previous sentence.
Please note that other entries could appear in the System Log with the 7028 Event as each computer can have different devices attached. Areas of NT that were affected by this issue were as follows.
Modems properties in the Control Panel could not be accessed.
SCSI Drivers in the Control Panel could not be accessed.
Telephony properties in the Control Panel could not be accessed.
This Event ID will cause the loss of functionality for all Dial Up Networking & RAS features. Also, any other Dial-in Software will be disabled as well. The solution for this problem is as follows.
1. Access the registry by the use of Regedt32.exe.
2. Go to the following Registry Entry and highlight the Enum key. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum
3. Click on the "Security" menu option and then click on "Permissions".
4. Add the local "Administrators" group with "Full Control". Please note that if the computer in question is part of a Domain, the Domain name will appear first. Click on the "Down Arrow" and select the local machine name before proceeding.
5. Before Clicking on "OK" button to complete this operation you must ensure that there is a check mark in the box for "Allow inheritable permissions from parent to propagate to this object". The Administrator group needs full access to the Enum Registry Entry.
6. Close Regedt32 and restart the workstation. After the restart, the computer should be fixed. To ensure that the changes worked, go the Event System Log and look for any additional 7028 Event ID's. Please note that this was worked on with Microsoft and has been validated by them. A knowledge base article is forth coming detailing this issue.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...