L
lsass
The lsass process is doing constant I/O. Process Monitor describes the
action as:
56 1:32:41.6962584
AM lsass.exe 740 RegOpenKey HKLM\SECURITY\Policy SUCCESS Desired Access:
Read/Write
57 1:32:41.6962737
AM lsass.exe 740 RegOpenKey HKLM\SECURITY\Policy\SecDesc SUCCESS Desired
Access: Read
58 1:32:41.6962867
AM lsass.exe 740 RegQueryValue HKLM\SECURITY\Policy\SecDesc\(Default) BUFFER
OVERFLOW Length: 12
59 1:32:41.6962992
AM lsass.exe 740 RegCloseKey HKLM\SECURITY\Policy\SecDesc SUCCESS
60 1:32:41.6963103
AM lsass.exe 740 RegOpenKey HKLM\SECURITY\Policy\SecDesc SUCCESS Desired
Access: Read
61 1:32:41.6963228
AM lsass.exe 740 RegQueryValue HKLM\SECURITY\Policy\SecDesc\(Default) SUCCESS Type: REG_NONE, Length: 200, Data:
62 1:32:41.6963351
AM lsass.exe 740 RegCloseKey HKLM\SECURITY\Policy\SecDesc SUCCESS
63 1:32:41.6964635 AM lsass.exe 740 RegCloseKey HKLM\SECURITY\Policy SUCCESS
Any ideas what is going on? Note, the old XP trick of disabling Terminal
Services does not have an effect. This is Vista with the latest updates.
action as:
56 1:32:41.6962584
AM lsass.exe 740 RegOpenKey HKLM\SECURITY\Policy SUCCESS Desired Access:
Read/Write
57 1:32:41.6962737
AM lsass.exe 740 RegOpenKey HKLM\SECURITY\Policy\SecDesc SUCCESS Desired
Access: Read
58 1:32:41.6962867
AM lsass.exe 740 RegQueryValue HKLM\SECURITY\Policy\SecDesc\(Default) BUFFER
OVERFLOW Length: 12
59 1:32:41.6962992
AM lsass.exe 740 RegCloseKey HKLM\SECURITY\Policy\SecDesc SUCCESS
60 1:32:41.6963103
AM lsass.exe 740 RegOpenKey HKLM\SECURITY\Policy\SecDesc SUCCESS Desired
Access: Read
61 1:32:41.6963228
AM lsass.exe 740 RegQueryValue HKLM\SECURITY\Policy\SecDesc\(Default) SUCCESS Type: REG_NONE, Length: 200, Data:
62 1:32:41.6963351
AM lsass.exe 740 RegCloseKey HKLM\SECURITY\Policy\SecDesc SUCCESS
63 1:32:41.6964635 AM lsass.exe 740 RegCloseKey HKLM\SECURITY\Policy SUCCESS
Any ideas what is going on? Note, the old XP trick of disabling Terminal
Services does not have an effect. This is Vista with the latest updates.