失败原因审计 [英] Cause of Failure Audit

查看：60 发布时间：2019/6/17 15:12:42 windowsgeneraldevelopmentissues

本文介绍了失败原因审计的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我有一个导致失败审核的应用程序。显然，根据审计，我要求完全控制工作流对象。

事情是我无法弄清楚如何。我已经在解决方案中搜索了任何"许可"。或"安全"或相关，我找不到一行代码或配置语句，
要求完全控制任何对象。如果要求这样的权利，我找不到它。

任何人都可以建议一种搜索模式，我可以用它来查找我的代码可能会导致审核失败的原因吗？

活动类型： &NBSP; &NBSP; 失败审核

活动来源： &NBSP; &NBSP; 安全性

活动类别： &NBSP; &NBSP; 对象访问

事件ID： &NBSP; &NBSP; 560

日期： &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; 2013年10月3日

时间： &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; 9：00：20 AM

用户： &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; NT AUTHORITY\SYSTEM

计算机： &NBSP; &NBSP; W3VMOMSWH02D

描述：

对象打开：

&NBSP; &NBSP; &NBSP; 对象服务器： &NBSP; &NBSP; 安全性

 &NBSP; &NBSP; &NBSP; 对象类型： &NBSP; &NBSP; Mutant

 &NBSP; &NBSP; &NBSP; 对象名称： &NBSP; &NBSP; \ BaseNamedObjects \windows workflow foundation 3.0.0.0

&NBSP; &NBSP; &NBSP; 处理ID： &NBSP; &NBSP; -

 &NBSP; &NBSP; &NBSP; 操作ID： &NBSP; &NBSP; {5,2797104351}

&NBSP; &NBSP; &NBSP; 流程ID： &NBSP; &NBSP; 11188

 &NBSP; &NBSP; &NBSP; 图片文件名称： &NBSP; &NBSP; E：\Ventyx \ POBIMT.WORLD \runtime\Obvient.OSIS.WWF.Runtime.exe

&NBSP; &NBSP; &NBSP; 主要用户名： &NBSP; &NBSP; W3VMOMSWH02D $

&NBSP; &NBSP; &NBSP; 主域名： &NBSP; &NBSP; FENETWORK

 &NBSP; &NBSP; &NBSP; 主要登录ID： &NBSP; &NBSP; （0x0,0x3E7）

&NBSP; &NBSP; &NBSP; 客户用户名： &NBSP; &NBSP; -

 &NBSP; &NBSP; &NBSP; 客户域名： &NBSP; &NBSP; -

 &NBSP; &NBSP; &NBSP; 客户登录ID： &NBSP; &NBSP; -

 &NBSP; &NBSP; &NBSP; 访问： &NBSP; &NBSP; DELETE

 &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; READ_CONTROL

&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; WRITE_DAC

&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; WRITE_OWNER

&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; SYNCHRONIZE

&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP;查询突变状态

Rob

解决方案

您好rhenry74，

欢迎来到MSDN论坛！

根据您的描述，我建议您发布此问题

https://social.technet.microsoft .com /论坛/ zh-CN / home

如果下一篇文章无用，可以获得更专业的回复。

配置审核策略：
http://technet.microsoft.com/en-us/library/dd277403.aspx

审核安全事件最佳做法：
http://technet.microsoft.com/en-us/library/cc778162(v=ws.10).aspx

问候！

I have an application that is causing a failure audit. Apparently, according to the audit I am asking for full control of the workfow object.

The thing is I can't figure out how. I have searched the solution for anything "permission" or "security" releted and I cannot find a line of code or a config statement that asks for full control of any objects. If such a right is requested I can't find it.

Can anyone suggest a search pattern that I can use to find what my code could be calling to cause this audit failure?

Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 10/3/2013
Time: 9:00:20 AM
User: NT AUTHORITY\SYSTEM
Computer: W3VMOMSWH02D
Description:
Object Open:
Object Server: Security
Object Type: Mutant
Object Name: \BaseNamedObjects\windows workflow foundation 3.0.0.0
Handle ID: -
Operation ID: {5,2797104351}
Process ID: 11188
Image File Name: E:\Ventyx\POBIMT.WORLD\runtime\Obvient.OSIS.WWF.Runtime.exe
Primary User Name: W3VMOMSWH02D$
Primary Domain: FENETWORK
Primary Logon ID: (0x0,0x3E7)
Client User Name: -
Client Domain: -
Client Logon ID: -
Accesses: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
SYNCHRONIZE
Query mutant state

Rob

解决方案

Hi rhenry74,

Welcome to MSDN forum!

According to your description, I advise you to post this issue on

https://social.technet.microsoft.com/Forums/en-US/home

for more professional response if the next article is unhelpful.

Configuring Audit Policies: http://technet.microsoft.com/en-us/library/dd277403.aspx

Auditing Security Events Best practices: http://technet.microsoft.com/en-us/library/cc778162(v=ws.10).aspx

Regards!

这篇关于失败原因审计的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

失败原因审计 [英] Cause of Failure Audit

问题描述

相关文章

其他开发语言最新文章

热门教程

热门工具

登录关闭

失败原因审计 [英] Cause of Failure Audit

问题描述

相关文章

其他开发语言最新文章

热门教程

热门工具

登录 关闭

登录关闭