Previous Topic: centOS Agent Appears as RHEL5 in Connector Deployment ScreensNext Topic: Limitation on Port Configuration


Domain Level Event Source Configuration Fails

Symptom:

Configuring any connector to access a Windows event source and read its logs involves creating a low-privileged user account and assigning it the needed permissions. When the event source is a Windows Server 2003 SP1 host, one of the steps is to set the local security policy, Impersonate a client after authentication. When this user right is set locally, no problem occurs. However, if this setting is applied as a domain policy to all servers, the global application has the affect of removing the existing local assignments for other users, namely Administrators and SERVICE.

A Microsoft support article states that "... problems occur when a Group Policy setting that defines the Impersonate a client after authentication user right is linked to the domain. This user right should be linked only to a site or to an organizational unit (OU)."

Solution:

See the Microsoft Knowledge Base article ID 930220 for the recommendation to restore full unsecured TPC/IP connectivity by disabling the IPSec services and restarting the computer and the steps to add back the Administrators and SERVICE groups as a Group Policy setting. Try the following link:

http://support.microsoft.com/kb/930220

Microsoft also recommends the following methods to resolve problems caused by applying the setting Impersonate a client after authentication as a group policy:

See the Microsoft Knowledge Base article ID: 911801 for the steps to implement both recommended resolutions. Try the following link:

http://support.microsoft.com/kb/911801