SoftTree Technologies Technical Support Forums Register • Search • FAQ • Memberlist • Usergroups • Log in Errors running jobs with non-administrative account Goto page Previous  1, 2, 3  Next      SoftTree Technologies Forum Index » 24x7 Scheduler, Event Server, Automation Suite View previous topic View next topic Errors running jobs with non-administrative account Author Message SysOp Site Admin Joined: 26 Nov 2006 Posts: 7952 Out of curiosity, which tool did you use to capture this output? Also, this output indicates that everything is ok, I don't understand why Windows reports that CreateProcess fails. When you run a command like "cmd /C copy C:\windows\win.ini c:\win.ini.bak" does it copy the file before reporting CreateProcess failed? Mon Jun 01, 2009 2:02 pm Whatanut Joined: 26 May 2009 Posts: 50 That was captured using SysInternal's Process Monitor http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx And no, a file is not copied. Nothing actually happens. A successful run of the executable is much much more involved. The same command when run as an administrator produces the following ruesults: Code: Sequence   Time of Day   Process Name   PID   Operation   Path   Result 33869   26:15.5   cmd.exe   3680   Process Start      SUCCESS 33870   26:15.5   cmd.exe   3680   Thread Create      SUCCESS 34145   26:15.5   cmd.exe   3680   Load Image   C:\Windows\System32\cmd.exe   SUCCESS 34147   26:15.5   cmd.exe   3680   Load Image   C:\Windows\System32\ntdll.dll   SUCCESS 34157   26:15.5   cmd.exe   3680   CreateFile   C:\   SUCCESS 34160   26:15.5   cmd.exe   3680   Load Image   C:\Windows\System32\kernel32.dll   SUCCESS 34247   26:15.5   cmd.exe   3680   Load Image   C:\Windows\System32\advapi32.dll   SUCCESS 34249   26:15.5   cmd.exe   3680   Load Image   C:\Windows\System32\rpcrt4.dll   SUCCESS 34252   26:15.5   cmd.exe   3680   Load Image   C:\Windows\System32\msvcrt.dll   SUCCESS 34254   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon   SUCCESS 34255   26:15.5   cmd.exe   3680   RegQueryValue   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack   NAME NOT FOUND 34256   26:15.5   cmd.exe   3680   RegCloseKey   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon   SUCCESS 34257   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\System\Setup   SUCCESS 34258   26:15.5   cmd.exe   3680   RegQueryValue   HKLM\SYSTEM\Setup\SystemSetupInProgress   SUCCESS 34259   26:15.5   cmd.exe   3680   RegCloseKey   HKLM\SYSTEM\Setup   SUCCESS 34260   26:15.5   cmd.exe   3680   RegOpenKey   HKLM   SUCCESS 34261   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics   NAME NOT FOUND 34266   26:15.5   cmd.exe   3680   QueryNameInformationFile   C:\Windows\System32\cmd.exe   SUCCESS 34268   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\Software\Policies\Microsoft\MUI\Settings   NAME NOT FOUND 34269   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34270   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Software\Policies\Microsoft\Control Panel\Desktop   NAME NOT FOUND 34271   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop   SUCCESS 34272   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop\LanguageConfiguration   SUCCESS 34275   26:15.5   cmd.exe   3680   RegEnumValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop\LanguageConfiguration   NO MORE ENTRIES 34277   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop\LanguageConfiguration   SUCCESS 34278   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop   SUCCESS 34279   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34280   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\Software\Policies\Microsoft\MUI\Settings   NAME NOT FOUND 34282   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34283   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Software\Policies\Microsoft\Control Panel\Desktop   NAME NOT FOUND 34285   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop   SUCCESS 34287   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34288   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop\PreferredUILanguages   NAME NOT FOUND 34291   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop   SUCCESS 34336   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\Software\Policies\Microsoft\MUI\Settings   NAME NOT FOUND 34337   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34338   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop   SUCCESS 34342   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34344   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop\CachedMachinePreferredUILanguages   NAME NOT FOUND 34345   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\System\CurrentControlSet\Control\MUI\Settings   REPARSE 34346   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\System\CurrentControlSet\Control\MUI\Settings   SUCCESS 34347   26:15.5   cmd.exe   3680   RegQueryValue   HKLM\System\CurrentControlSet\Control\MUI\Settings\PreferredUILanguages   NAME NOT FOUND 34348   26:15.5   cmd.exe   3680   RegCloseKey   HKLM\System\CurrentControlSet\Control\MUI\Settings   SUCCESS 34349   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop   SUCCESS 34355   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\Software\Policies\Microsoft\MUI\Settings   NAME NOT FOUND 34356   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34357   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Software\Policies\Microsoft\Control Panel\Desktop   NAME NOT FOUND 34358   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop   SUCCESS 34359   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34360   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop\PreferredUILanguages   NAME NOT FOUND 34361   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop   SUCCESS 34363   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34364   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Software\Policies\Microsoft\Windows\System   NAME NOT FOUND 34369   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\Software\Microsoft\Command Processor   SUCCESS 34370   26:15.5   cmd.exe   3680   RegQueryValue   HKLM\SOFTWARE\Microsoft\Command Processor\DisableUNCCheck   NAME NOT FOUND 34371   26:15.5   cmd.exe   3680   RegQueryValue   HKLM\SOFTWARE\Microsoft\Command Processor\EnableExtensions   SUCCESS 34372   26:15.5   cmd.exe   3680   RegQueryValue   HKLM\SOFTWARE\Microsoft\Command Processor\DelayedExpansion   NAME NOT FOUND 34373   26:15.5   cmd.exe   3680   RegQueryValue   HKLM\SOFTWARE\Microsoft\Command Processor\DefaultColor   SUCCESS 34374   26:15.5   cmd.exe   3680   RegQueryValue   HKLM\SOFTWARE\Microsoft\Command Processor\CompletionChar   SUCCESS 34375   26:15.5   cmd.exe   3680   RegQueryValue   HKLM\SOFTWARE\Microsoft\Command Processor\PathCompletionChar   SUCCESS 34376   26:15.5   cmd.exe   3680   RegQueryValue   HKLM\SOFTWARE\Microsoft\Command Processor\AutoRun   NAME NOT FOUND 34377   26:15.5   cmd.exe   3680   RegCloseKey   HKLM\SOFTWARE\Microsoft\Command Processor   SUCCESS 34378   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Software\Microsoft\Command Processor   SUCCESS 34379   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Software\Microsoft\Command Processor\DisableUNCCheck   NAME NOT FOUND 34380   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Software\Microsoft\Command Processor\EnableExtensions   SUCCESS 34381   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Software\Microsoft\Command Processor\DelayedExpansion   NAME NOT FOUND 34382   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Software\Microsoft\Command Processor\DefaultColor   SUCCESS 34383   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Software\Microsoft\Command Processor\CompletionChar   SUCCESS 34384   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Software\Microsoft\Command Processor\PathCompletionChar   SUCCESS 34385   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Software\Microsoft\Command Processor\AutoRun   NAME NOT FOUND 34386   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Software\Microsoft\Command Processor   SUCCESS 34387   26:15.5   cmd.exe   3680   QueryOpen   C:\   FAST IO DISALLOWED 34388   26:15.5   cmd.exe   3680   CreateFile   C:\   SUCCESS 34389   26:15.5   cmd.exe   3680   QueryBasicInformationFile   C:\   SUCCESS 34390   26:15.5   cmd.exe   3680   CloseFile   C:\   SUCCESS 34391   26:15.5   cmd.exe   3680   IRP_MJ_CLOSE   C:\   SUCCESS 34392   26:15.5   cmd.exe   3680   CreateFile   C:\   SUCCESS 34393   26:15.5   cmd.exe   3680   CloseFile   C:\   SUCCESS 34394   26:15.5   cmd.exe   3680   IRP_MJ_CLOSE   C:\   SUCCESS 34395   26:15.5   cmd.exe   3680   QueryOpen   C:\   FAST IO DISALLOWED 34396   26:15.5   cmd.exe   3680   CreateFile   C:\   SUCCESS 34397   26:15.5   cmd.exe   3680   QueryBasicInformationFile   C:\   SUCCESS 34398   26:15.5   cmd.exe   3680   CloseFile   C:\   SUCCESS 34399   26:15.5   cmd.exe   3680   IRP_MJ_CLOSE   C:\   SUCCESS 34400   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34401   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34402   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34403   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\Locale   SUCCESS 34404   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34405   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\System\CurrentControlSet\Control\Nls\CustomLocale   REPARSE 34406   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\System\CurrentControlSet\Control\Nls\CustomLocale   SUCCESS 34407   26:15.5   cmd.exe   3680   RegQueryValue   HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-US   NAME NOT FOUND 34408   26:15.5   cmd.exe   3680   RegCloseKey   HKLM\System\CurrentControlSet\Control\Nls\CustomLocale   SUCCESS 34409   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale   REPARSE 34410   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale   NAME NOT FOUND 34411   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34412   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34413   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34414   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\LocaleName   SUCCESS 34415   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34416   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34417   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34418   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34419   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\sTimeFormat   SUCCESS 34420   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34421   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34422   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34423   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34424   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\sShortDate   SUCCESS 34425   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34426   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34427   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34428   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34429   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\sDecimal   SUCCESS 34430   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34431   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34432   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34433   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34434   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\sThousand   SUCCESS 34435   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34436   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\System\CurrentControlSet\Control\Nls\Locale   REPARSE 34437   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\System\CurrentControlSet\Control\Nls\Locale   SUCCESS 34438   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts   REPARSE 34439   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts   SUCCESS 34440   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\System\CurrentControlSet\Control\Nls\Language Groups   REPARSE 34441   26:15.5   cmd.exe   3680   RegOpenKey   HKLM\System\CurrentControlSet\Control\Nls\Language Groups   SUCCESS 34442   26:15.5   cmd.exe   3680   RegQueryValue   HKLM\System\CurrentControlSet\Control\Nls\Locale\00000409   SUCCESS 34443   26:15.5   cmd.exe   3680   RegQueryValue   HKLM\System\CurrentControlSet\Control\Nls\Language Groups\1   SUCCESS 34444   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34445   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34446   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34447   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\sCurrency   SUCCESS 34448   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34449   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34450   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34451   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34452   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\sMonDecimalSep   SUCCESS 34453   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34454   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34455   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34456   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34457   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\sMonThousandSep   SUCCESS 34458   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34459   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34460   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34461   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34462   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\sMonGrouping   SUCCESS 34463   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34464   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34465   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34466   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34467   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\sPositiveSign   SUCCESS 34468   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34469   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34470   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34471   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34472   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\sNegativeSign   SUCCESS 34473   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34474   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34475   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34476   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34477   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\iCurrDigits   SUCCESS 34478   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34479   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34480   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34481   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34482   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\iCurrency   SUCCESS 34483   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34484   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34485   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34486   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34487   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\iNegCurr   SUCCESS 34488   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34489   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34490   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34491   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34492   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\sGrouping   SUCCESS 34493   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34495   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34496   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34497   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34498   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\s1159   SUCCESS 34499   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34500   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34502   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34506   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34509   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\s2359   SUCCESS 34510   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34511   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34512   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34513   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34514   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\sLongDate   SUCCESS 34517   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34518   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34519   26:15.5   cmd.exe   3680   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 34520   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 34521   26:15.5   cmd.exe   3680   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International\iCalendarType   SUCCESS 34522   26:15.5   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\International   SUCCESS 35005   26:17.8   cmd.exe   3680   RegOpenKey   HKLM\System\CurrentControlSet\Control\Session Manager   REPARSE 35006   26:17.8   cmd.exe   3680   RegOpenKey   HKLM\System\CurrentControlSet\Control\Session Manager   SUCCESS 35007   26:17.8   cmd.exe   3680   RegQueryValue   HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode   NAME NOT FOUND 35008   26:17.8   cmd.exe   3680   Thread Exit      SUCCESS 35009   26:17.8   cmd.exe   3680   Process Exit      SUCCESS 35010   26:17.8   cmd.exe   3680   CloseFile   C:\   SUCCESS 35011   26:17.8   cmd.exe   3680   IRP_MJ_CLOSE   C:\   SUCCESS 35012   26:17.8   cmd.exe   3680   RegCloseKey   HKLM   SUCCESS 35013   26:17.8   cmd.exe   3680   RegCloseKey   HKLM\System\CurrentControlSet\Control\Nls\Locale   SUCCESS 35014   26:17.8   cmd.exe   3680   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 35015   26:17.8   cmd.exe   3680   RegCloseKey   HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts   SUCCESS 35016   26:17.8   cmd.exe   3680   RegCloseKey   HKLM\System\CurrentControlSet\Control\Nls\Language Groups   SUCCESS 35017   26:17.8   cmd.exe   3680   RegCloseKey   HKLM\System\CurrentControlSet\Control\Session Manager   SUCCESS Mon Jun 01, 2009 2:09 pm Whatanut Joined: 26 May 2009 Posts: 50 I've created a very simple executable that does nothing more than print some text and exit. The same error. Simple app: Code: #include <stdio> int main(void) {     printf("Hello, World!\n");     return 0; } Results in the same error: Code: D:\24x7Scripts\hello>"c:\Program Files\24x7_Scheduler\runas.exe" .\ScriptRunner P@ssw0rd "hello.exe" RunAs version 2.3.2 Copyright (c) 2003-2008  SoftTree Technologies, Inc. Logging in as .\ScriptRunner... Setting user environment... Logged in. Impersonating... Starting process hello.exe... Waiting for process to complete... Process completed with exit code -1073741502 With the same access attempts: Code: Sequence   Time of Day   Process Name   PID   Operation   Path   Result 38092   34:02.4   hello.exe   3652   Process Start      SUCCESS 38093   34:02.4   hello.exe   3652   Thread Create      SUCCESS 38524   34:02.5   hello.exe   3652   Load Image   D:\24x7Scripts\hello\hello.exe   SUCCESS 38527   34:02.5   hello.exe   3652   Load Image   C:\Windows\System32\ntdll.dll   SUCCESS 38535   34:02.5   hello.exe   3652   CreateFile   D:\24x7Scripts\hello   SUCCESS 38539   34:02.5   hello.exe   3652   Load Image   C:\Windows\System32\kernel32.dll   SUCCESS 46986   34:06.0   hello.exe   3652   Thread Exit      SUCCESS 46989   34:06.0   hello.exe   3652   Process Exit      SUCCESS 46992   34:06.0   hello.exe   3652   CloseFile   D:\24x7Scripts\hello   SUCCESS 46994   34:06.0   hello.exe   3652   IRP_MJ_CLOSE   D:\24x7Scripts\hello   SUCCESS Mon Jun 01, 2009 2:49 pm SysOp Site Admin Joined: 26 Nov 2006 Posts: 7952 I've got that tool too but and older version which doesn't support such output. Anyway... So it looks it fails to load advapi32.dll or likely one of the dependent DLLs for advapi32.dll. Basically it has 3 dependencies – ntdll.dll, kernel32.dll, rpcrt4.dll and secur32.dll. We know that first 2 are loading, so it should be either rpcrt4.dll or secur32.dll. Something makes me think it is the last one. secur32.dll is "Security Support Provider Interface" and it is used to hook to antivrus and other local security products which can use this hook for advanced process control. Also please take a look at http://support.microsoft.com/kb/155357 The symptoms are the same, the solution MS is suggesting it to give the user explicit permissions for reading files in system32 folder. I'm unsure whether this solution will work for your, the process had no problems loading kerrnel32.dll from the directory. I'd suggest to pursue trail leading to the antivurus or other security product and try to stop it for a little while just to check if that interferes somehow with the RunAs processing Mon Jun 01, 2009 2:52 pm SysOp Site Admin Joined: 26 Nov 2006 Posts: 7952 Correction, according to MS docs, secur32.dll is "multiple authentication provider that implements SSPI for user mode applications" Mon Jun 01, 2009 3:00 pm Whatanut Joined: 26 May 2009 Posts: 50 Well, the anti-virus was a compelling idea that might have made a difference. I uninstalled the virus scanner entirely but it has made no difference. The same errors are produced. Microsoft has severely locked down permissions under system32 with Windows Server 2008. Administrators don't even have rights to change permissions on the system32 folder itself. It's locked down pretty tight. Same appears to be true for system dlls. The permissions on kernel32.dll, for instance, can't be changed. So that's not proving to be something I can easily do. However, as you stated, it is loading other dlls from the system32 folder so I tend to believe it's not a file permissions issue. I would also expect an access denied to be logged by process monitor. Which I'm not seeing. Mon Jun 01, 2009 3:44 pm SysOp Site Admin Joined: 26 Nov 2006 Posts: 7952 Hmm... just another guess, the secur32.dll is looking for security providers which I'm pretty sure have been entered somewhere in the system registry. Under different privileges, the runas user and the dll aren't seeing that part of the registry, and as a result, the dll loading aborts with a soft "not found" error, not an access permissions error. The rest is a chain reaction to that. I wander if this info is stored under HKEY_LOCAL_MACHINE which allows the admin group member to read it and also when the process is run from a service with LocalSystem account, but not when runnign under low privileged user account. I think SysInternals also had a registry monitor utility to watch for the registry access. Mon Jun 01, 2009 4:07 pm Whatanut Joined: 26 May 2009 Posts: 50 The Process Monitor utility does capture registry access attempts. It does not appear that the process makes any calls to the registry prior to the process exiting. When run as an administrator the process loads a few more dlls before making it's first registry queries. Not sure if this is interesting or not. But I was running another capture and noticed that there actually is a process that runs successfully under the same credentials. When the called application fails with the dll load error it fires off a windows error reporting module that appears to run fine. I'm not sure why the one would initialize properly and the other would not. Unless it somehow runs it outside of the context which the original executable is running under. Code: Sequence   Time of Day   User   Process Name   PID   Operation   Path   Result 145132   11:55.6   AUSLYNCAS53\ScriptRunner   hello.exe   3036   Process Start      SUCCESS 145133   11:55.6   AUSLYNCAS53\ScriptRunner   hello.exe   3036   Thread Create      SUCCESS 145785   11:55.6   AUSLYNCAS53\ScriptRunner   hello.exe   3036   Load Image   D:\24x7Scripts\hello\hello.exe   SUCCESS 145831   11:55.6   AUSLYNCAS53\ScriptRunner   hello.exe   3036   Load Image   C:\Windows\System32\ntdll.dll   SUCCESS 145844   11:55.6   AUSLYNCAS53\ScriptRunner   hello.exe   3036   CreateFile   D:\24x7Scripts\hello   SUCCESS 145847   11:55.6   AUSLYNCAS53\ScriptRunner   hello.exe   3036   Load Image   C:\Windows\System32\kernel32.dll   SUCCESS 146501   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Process Start      SUCCESS 146502   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Thread Create      SUCCESS 146580   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\WerFault.exe   SUCCESS 146582   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\ntdll.dll   SUCCESS 146583   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32   SUCCESS 146599   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\kernel32.dll   SUCCESS 146606   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\advapi32.dll   SUCCESS 146620   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\rpcrt4.dll   SUCCESS 146628   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\user32.dll   SUCCESS 146630   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\gdi32.dll   SUCCESS 146637   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\msvcrt.dll   SUCCESS 146639   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\ole32.dll   SUCCESS 146641   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\oleaut32.dll   SUCCESS 146643   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\shlwapi.dll   SUCCESS 146645   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\imm32.dll   SUCCESS 146647   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\msctf.dll   SUCCESS 146648   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryOpen   C:\Windows\System32\ncrypt.dll   FAST IO DISALLOWED 146649   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\ncrypt.dll   SUCCESS 146650   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryBasicInformationFile   C:\Windows\System32\ncrypt.dll   SUCCESS 146651   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\ncrypt.dll   SUCCESS 146653   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\ncrypt.dll   SUCCESS 146660   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\System\CurrentControlSet\Control\SafeBoot\Option   REPARSE 146661   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\System\CurrentControlSet\Control\SafeBoot\Option   NAME NOT FOUND 146662   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers   SUCCESS 146663   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegQueryValue   HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled   NAME NOT FOUND 146664   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegCloseKey   HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers   SUCCESS 146665   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers   NAME NOT FOUND 146666   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\ncrypt.dll   SUCCESS 146669   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\ncrypt.dll   SUCCESS 146670   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryOpen   C:\Windows\System32\crypt32.dll   FAST IO DISALLOWED 146671   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\crypt32.dll   SUCCESS 146672   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryBasicInformationFile   C:\Windows\System32\crypt32.dll   SUCCESS 146673   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\crypt32.dll   SUCCESS 146675   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\crypt32.dll   SUCCESS 146682   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\crypt32.dll   SUCCESS 146685   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\crypt32.dll   SUCCESS 146686   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryOpen   C:\Windows\System32\msasn1.dll   FAST IO DISALLOWED 146687   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\msasn1.dll   SUCCESS 146688   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryBasicInformationFile   C:\Windows\System32\msasn1.dll   SUCCESS 146689   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\msasn1.dll   SUCCESS 146691   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\msasn1.dll   SUCCESS 146698   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\msasn1.dll   SUCCESS 146701   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\msasn1.dll   SUCCESS 146702   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryOpen   C:\Windows\System32\userenv.dll   FAST IO DISALLOWED 146703   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\userenv.dll   SUCCESS 146704   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryBasicInformationFile   C:\Windows\System32\userenv.dll   SUCCESS 146705   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\userenv.dll   SUCCESS 146707   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\userenv.dll   SUCCESS 146714   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\userenv.dll   SUCCESS 146717   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\userenv.dll   SUCCESS 146718   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryOpen   C:\Windows\System32\secur32.dll   FAST IO DISALLOWED 146719   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\secur32.dll   SUCCESS 146720   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryBasicInformationFile   C:\Windows\System32\secur32.dll   SUCCESS 146721   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\secur32.dll   SUCCESS 146723   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\secur32.dll   SUCCESS 146730   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\secur32.dll   SUCCESS 146733   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\secur32.dll   SUCCESS 146735   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryOpen   C:\Windows\System32\bcrypt.dll   FAST IO DISALLOWED 146736   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\bcrypt.dll   SUCCESS 146737   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryBasicInformationFile   C:\Windows\System32\bcrypt.dll   SUCCESS 146738   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\bcrypt.dll   SUCCESS 146740   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\bcrypt.dll   SUCCESS 146747   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\bcrypt.dll   SUCCESS 146750   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\bcrypt.dll   SUCCESS 146751   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryOpen   C:\Windows\System32\wer.dll   FAST IO DISALLOWED 146753   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\wer.dll   SUCCESS 146754   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryBasicInformationFile   C:\Windows\System32\wer.dll   SUCCESS 146755   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\wer.dll   SUCCESS 146758   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\wer.dll   SUCCESS 146770   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\wer.dll   SUCCESS 146775   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\wer.dll   SUCCESS 146779   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\Software\Policies\Microsoft\MUI\Settings   NAME NOT FOUND 146781   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 146784   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Software\Policies\Microsoft\Control Panel\Desktop   NAME NOT FOUND 146785   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop   SUCCESS 146787   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop\LanguageConfiguration   SUCCESS 146788   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegEnumValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop\LanguageConfiguration   NO MORE ENTRIES 146789   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop\LanguageConfiguration   SUCCESS 146790   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop   SUCCESS 146792   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 146793   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\Software\Policies\Microsoft\MUI\Settings   NAME NOT FOUND 146795   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 146796   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Software\Policies\Microsoft\Control Panel\Desktop   NAME NOT FOUND 146797   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop   SUCCESS 146798   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 146799   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop\PreferredUILanguages   NAME NOT FOUND 146800   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop   SUCCESS 146801   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\Software\Policies\Microsoft\MUI\Settings   NAME NOT FOUND 146802   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 146803   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop   SUCCESS 146804   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001   SUCCESS 146805   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegQueryValue   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop\CachedMachinePreferredUILanguages   NAME NOT FOUND 146806   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\System\CurrentControlSet\Control\MUI\Settings   REPARSE 146808   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\System\CurrentControlSet\Control\MUI\Settings   SUCCESS 146809   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegQueryValue   HKLM\System\CurrentControlSet\Control\MUI\Settings\PreferredUILanguages   NAME NOT FOUND 146810   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegCloseKey   HKLM\System\CurrentControlSet\Control\MUI\Settings   SUCCESS 146811   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegCloseKey   HKU\S-1-5-21-4088556270-3446615736-1490327605-1001\Control Panel\Desktop   SUCCESS 146817   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide   SUCCESS 146819   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegQueryValue   HKLM\COMPONENTS\PreferExternalManifest   NAME NOT FOUND 146820   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegCloseKey   HKLM\COMPONENTS   SUCCESS 146822   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\wer.dll   SUCCESS 146823   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryBasicInformationFile   C:\Windows\System32\wer.dll   SUCCESS 146825   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\wer.dll   SUCCESS 146827   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryOpen   C:\Windows\System32\SensApi.dll   FAST IO DISALLOWED 146828   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\SensApi.dll   SUCCESS 146829   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryBasicInformationFile   C:\Windows\System32\SensApi.dll   SUCCESS 146830   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\SensApi.dll   SUCCESS 146832   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\SensApi.dll   SUCCESS 146839   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\SensApi.dll   SUCCESS 146842   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\SensApi.dll   SUCCESS 146843   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryOpen   C:\Windows\System32\oleacc.dll   FAST IO DISALLOWED 146845   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\oleacc.dll   SUCCESS 146846   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryBasicInformationFile   C:\Windows\System32\oleacc.dll   SUCCESS 146847   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\oleacc.dll   SUCCESS 146856   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\oleacc.dll   SUCCESS 146863   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\oleacc.dll   SUCCESS 146866   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\oleacc.dll   SUCCESS 146867   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryOpen   C:\Windows\System32\Faultrep.dll   FAST IO DISALLOWED 146868   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\Faultrep.dll   SUCCESS 146869   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryBasicInformationFile   C:\Windows\System32\Faultrep.dll   SUCCESS 146870   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\Faultrep.dll   SUCCESS 146872   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\Faultrep.dll   SUCCESS 146879   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\Faultrep.dll   SUCCESS 146882   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\Faultrep.dll   SUCCESS 146883   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryOpen   C:\Windows\System32\version.dll   FAST IO DISALLOWED 146884   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\version.dll   SUCCESS 146885   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryBasicInformationFile   C:\Windows\System32\version.dll   SUCCESS 146886   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\version.dll   SUCCESS 146888   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\version.dll   SUCCESS 146895   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\version.dll   SUCCESS 146898   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\version.dll   SUCCESS 146900   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Load Image   C:\Windows\System32\psapi.dll   SUCCESS 146901   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon   SUCCESS 146902   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegQueryValue   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack   NAME NOT FOUND 146903   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegCloseKey   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon   SUCCESS 146904   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\System\Setup   SUCCESS 146905   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegQueryValue   HKLM\SYSTEM\Setup\SystemSetupInProgress   SUCCESS 146906   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegCloseKey   HKLM\SYSTEM\Setup   SUCCESS 146907   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM   SUCCESS 146908   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics   NAME NOT FOUND 146909   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\System\CurrentControlSet\Control\Session Manager   REPARSE 146910   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\System\CurrentControlSet\Control\Session Manager   SUCCESS 146911   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegQueryValue   HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode   NAME NOT FOUND 146912   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryOpen   C:\Windows\System32\imm32.dll   FAST IO DISALLOWED 146913   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\imm32.dll   SUCCESS 146914   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryBasicInformationFile   C:\Windows\System32\imm32.dll   SUCCESS 146915   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\imm32.dll   SUCCESS 146917   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryOpen   C:\Windows\System32\imm32.dll   FAST IO DISALLOWED 146918   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CreateFile   C:\Windows\System32\imm32.dll   SUCCESS 146919   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   QueryBasicInformationFile   C:\Windows\System32\imm32.dll   SUCCESS 146920   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32\imm32.dll   SUCCESS 146922   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\System\CurrentControlSet\Control\Error Message Instrument   REPARSE 146923   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\System\CurrentControlSet\Control\Error Message Instrument   NAME NOT FOUND 146924   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize   SUCCESS 146925   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegQueryValue   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles   NAME NOT FOUND 146926   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegCloseKey   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize   SUCCESS 146927   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32   SUCCESS 146928   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegQueryValue   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\WerFault   NAME NOT FOUND 146929   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegCloseKey   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32   SUCCESS 146930   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegOpenKey   HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility   NAME NOT FOUND 147053   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Thread Exit      SUCCESS 147057   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   Process Exit      SUCCESS 147071   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   CloseFile   C:\Windows\System32   SUCCESS 147099   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegCloseKey   HKLM   SUCCESS 147100   11:56.9   AUSLYNCAS53\ScriptRunner   WerFault.exe   3796   RegCloseKey   HKLM\System\CurrentControlSet\Control\Session Manager   SUCCESS 147151   11:56.9   AUSLYNCAS53\ScriptRunner   hello.exe   3036   Thread Exit      SUCCESS 147152   11:56.9   AUSLYNCAS53\ScriptRunner   hello.exe   3036   Process Exit      SUCCESS 147154   11:56.9   AUSLYNCAS53\ScriptRunner   hello.exe   3036   CloseFile   D:\24x7Scripts\hello   SUCCESS Mon Jun 01, 2009 4:27 pm SysOp Site Admin Joined: 26 Nov 2006 Posts: 7952 Are you sure you cleared admin group membership? I see advapi32 loaded in this list which didn't happen for other processes, but before, that there was a spawned or a separately started process 146606 11:56.9 AUSLYNCAS53\ScriptRunner WerFault.exe 3796 Load Image C:\Windows\System32\advapi32.dll SUCCESS Does hello.exe start WerFault.exe process or something else does? Mon Jun 01, 2009 4:50 pm Whatanut Joined: 26 May 2009 Posts: 50 Yes. Admin membership is cleared. That is why I was surprised to see WerFault.exe fire successfully. WerFault.exe is part of the Windows Error Reporting feature. I believe it is responsible for displaying the error message regarding hello.exe failing to initialize. I suspect that it is being called on behalf of the ScriptRunner user but since it is being triggered by windows it is running in a different context. There is something about the context of the call to hello.exe by the runas.exe app which is causing the error. I'm just not sure what that is, exactly. Tue Jun 02, 2009 8:07 am SysOp Site Admin Joined: 26 Nov 2006 Posts: 7952 Maybe we should try again adding privileges one by one . For beginning, let's try to grant "Replace a process level token", "Impersonate a client after authentication", "Load and unload device drivers" and Create global objects" - these are the privileges I see granted to local Administrators on W2003K server by default. Sorry at the moment I don't have 2008 server available for testing this stuff, your 2008 system may have additional more granular privileges. Tue Jun 02, 2009 8:44 am Whatanut Joined: 26 May 2009 Posts: 50 The user already has most permissions available applied. The permissions in 2008 are pretty similar to the ones in 2003. The ScriptRunner user currently has the following permissions: Act as part of the operating system Adjust memory quotas for a process Allow log on locally Allow log on through Terminal Services Bypass traverse checking Create a pagefile Create a token object Create global objects Create symbolic links Debug programs Enable computer and user accounts to be trusted for delegation Impersonate a client after authentication Increase scheduling priority Load and unload device drivers Log on as a batch job Manage auditing and security log Modify firmware environment values Perform volume maintenance tasks Profile single process Profile system performance Remove computer from docking station Replace a process level token Restore files and directories Take ownership of files and other objects The available permissions left that haven't been applied are: Access Credential Manager as a trusted caller Access this computer from the network Add workstations to domain Back up files and directories Change system time Change the time zone Create permanent shared objects Deny access to this computer from the network Deny log on as a batch job Deny log on as a service Deny log on locally Deny log on through Terminal Services Force shutdown from a remote system Generate security audits Increase a process working set Lock pages in memory Log on as a service Modify an object label Shut down the system Synchronize directory service data I can start applying the rest of permissions and see if we get lucky (not including the Deny permissions, of course). Tue Jun 02, 2009 9:10 am Whatanut Joined: 26 May 2009 Posts: 50 Alright. I've granted both the ScriptRunner and interactive user every right except the Deny privileges. No change. Tue Jun 02, 2009 9:13 am SysOp Site Admin Joined: 26 Nov 2006 Posts: 7952 Just a status update, I'm looking for hidden privileges not exposed directly in GPO. Can you confirm that when you set permissions, you use ADM tools to change domain user settings for AUSLYNCAS53\ScriptRunner user? But when you change group membership, you actually add this user to the local admin group. Did I get it correctly? Tue Jun 02, 2009 3:28 pm Whatanut Joined: 26 May 2009 Posts: 50 I use gpedit.msc on the local server to change permissions. The script runner is a local user. Not a domain user. We do not have any domain policies that modify the local security policy. And yes, group membership is modified by adding the local user to the local admin group. Wed Jun 03, 2009 8:30 am Display posts from previous:  All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year  Oldest FirstNewest First     SoftTree Technologies Forum Index » 24x7 Scheduler, Event Server, Automation Suite All times are GMT - 4 Hours Goto page Previous  1, 2, 3  Next Page 2 of 3   Jump to:  Select a forum ----------------SQL AssistantDB Audit, DB Mail, DB Tools24x7 Scheduler, Event Server, Automation SuiteTips & Snippets Repository You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum     Powered by phpBB © 2001, 2005 phpBB Group Design by Freestyle XL / Flowers Online.