失败原因审计 [英] Cause of Failure Audit
问题描述
我有一个导致失败审核的应用程序。显然,根据审计,我要求完全控制工作流对象。
事情是我无法弄清楚如何。我已经在解决方案中搜索了任何"许可"。或"安全"或相关,我找不到一行代码或配置语句,
要求完全控制任何对象。如果要求这样的权利,我找不到它。
任何人都可以建议一种搜索模式,我可以用它来查找我的代码可能会导致审核失败的原因吗?
活动类型:     失败审核
活动来源:     安全性
< span style ="font-family:'Arial','sans-serif'; font-size:10pt">活动类别: &NBSP; &NBSP; 对象访问
事件ID: &NBSP; &NBSP; 560
< span style ="font-family:'Arial','sans-serif'; font-size:10pt">日期: &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; 2013年10月3日
时间: &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; 9:00:20 AM
用户: &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; NT AUTHORITY\SYSTEM
计算机: &NBSP; &NBSP; W3VMOMSWH02D
< span style ="font-family:'Arial','sans-serif'; font-size:10pt">描述:
对象打开:
&NBSP; &NBSP; &NBSP; 对象服务器: &NBSP; &NBSP; 安全性
< span style ="font-family:'Arial','sans-serif'; font-size:10pt"> &NBSP; &NBSP; &NBSP; 对象类型: &NBSP; &NBSP; Mutant
< span style ="font-family:'Arial','sans-serif'; font-size:10pt"> &NBSP; &NBSP; &NBSP; 对象名称: &NBSP; &NBSP; \ BaseNamedObjects \windows workflow foundation 3.0.0.0
&NBSP; &NBSP; &NBSP; 处理ID: &NBSP; &NBSP; -
< span style ="font-family:'Arial','sans-serif'; font-size:10pt"> &NBSP; &NBSP; &NBSP; 操作ID: &NBSP; &NBSP; {5,2797104351}
&NBSP; &NBSP; &NBSP; 流程ID: &NBSP; &NBSP; 11188
< span style ="font-family:'Arial','sans-serif'; font-size:10pt"> &NBSP; &NBSP; &NBSP; 图片文件名称: &NBSP; &NBSP; E:\Ventyx \ POBIMT.WORLD \runtime\Obvient.OSIS.WWF.Runtime.exe
&NBSP; &NBSP; &NBSP; 主要用户名: &NBSP; &NBSP; W3VMOMSWH02D $
&NBSP; &NBSP; &NBSP; 主域名: &NBSP; &NBSP; FENETWORK
< span style ="font-family:'Arial','sans-serif'; font-size:10pt"> &NBSP; &NBSP; &NBSP; 主要登录ID: &NBSP; &NBSP; (0x0,0x3E7)
&NBSP; &NBSP; &NBSP; 客户用户名: &NBSP; &NBSP; -
< span style ="font-family:'Arial','sans-serif'; font-size:10pt"> &NBSP; &NBSP; &NBSP; 客户域名: &NBSP; &NBSP; -
< span style ="font-family:'Arial','sans-serif'; font-size:10pt"> &NBSP; &NBSP; &NBSP; 客户登录ID: &NBSP; &NBSP; -
< span style ="font-family:'Arial','sans-serif'; font-size:10pt"> &NBSP; &NBSP; &NBSP; 访问: &NBSP; &NBSP; DELETE
< span style ="font-family:'Arial','sans-serif'; font-size:10pt"> &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; READ_CONTROL
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; WRITE_DAC
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; WRITE_OWNER
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; SYNCHRONIZE
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP;查询突变状态
Rob
您好rhenry74,
欢迎来到MSDN论坛!
根据您的描述,我建议您发布此问题
https://social.technet.microsoft .com /论坛/ zh-CN / home
如果下一篇文章无用,可以获得更专业的回复。
配置审核策略:
http://technet.microsoft.com/en-us/library/dd277403.aspx
审核安全事件最佳做法:
http://technet.microsoft.com/en-us/library/cc778162(v=ws.10).aspx
问候!
I have an application that is causing a failure audit. Apparently, according to the audit I am asking for full control of the workfow object.
The thing is I can't figure out how. I have searched the solution for anything "permission" or "security" releted and I cannot find a line of code or a config statement that asks for full control of any objects. If such a right is requested I can't find it.
Can anyone suggest a search pattern that I can use to find what my code could be calling to cause this audit failure?
Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 10/3/2013
Time: 9:00:20 AM
User: NT AUTHORITY\SYSTEM
Computer: W3VMOMSWH02D
Description:
Object Open:
Object Server: Security
Object Type: Mutant
Object Name: \BaseNamedObjects\windows workflow foundation 3.0.0.0
Handle ID: -
Operation ID: {5,2797104351}
Process ID: 11188
Image File Name: E:\Ventyx\POBIMT.WORLD\runtime\Obvient.OSIS.WWF.Runtime.exe
Primary User Name: W3VMOMSWH02D$
Primary Domain: FENETWORK
Primary Logon ID: (0x0,0x3E7)
Client User Name: -
Client Domain: -
Client Logon ID: -
Accesses: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
SYNCHRONIZE
Query mutant state
Rob
Hi rhenry74,
Welcome to MSDN forum!
According to your description, I advise you to post this issue on
https://social.technet.microsoft.com/Forums/en-US/home
for more professional response if the next article is unhelpful.
Configuring Audit Policies: http://technet.microsoft.com/en-us/library/dd277403.aspx
Auditing Security Events Best practices: http://technet.microsoft.com/en-us/library/cc778162(v=ws.10).aspx
Regards!
这篇关于失败原因审计的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!