How do I trace a batch process?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I know logon type 4 is a batch process, like scheduled tasks. This looks like
a hack job, how can I find out where this is coming from? Below is the event
log. TIA

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 534
Date: 10/13/2006
Time: 11:40:48 AM
User: NT AUTHORITY\SYSTEM
Computer: EMPIRE
Description:
Logon Failure:
Reason: The user has not been granted the requested
logon type at this machine
User Name: IWAM_EMPIRE
Domain: CLAIMLINE
Logon Type: 4
Logon Process: DCOMSCM
Authentication Package: Negotiate
Workstation Name: EMPIRE
 
What is your actual issue ?
The event message seems to be saying that you have
IIS installed on machine named EMPIRE but that its
IWam_EMPIRE account is not granted the batch logon
user right (which it needs). However, it also appears
that the account is not EMPIRE\IWam_EMPIRE as one
would expect in a normal (unmodified) setup of IIS on
a member in domain CLAIMLINE, but instead it appears
to be configured to use CLAIMLINE\IWam_EMPIRE.
This makes be think perhaps that EMPIRE is a DC and
IIS was installed before dcpromo, rather than after as
should be done.
 
Back
Top