Results 1 to 5 of 5
  1. #1
    Star Lounger
    Join Date
    May 2002
    Location
    Charlotte, North Carolina, USA
    Posts
    54
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Failure Audit 577 Filling up Security Log (XP SP1? )

    We have recently begun converting users to XP and have run into a problem three times now where the users Security Log is filled up with Failure Audits. Event ID 577. I am not finding a whole lot at Microsoft's site for XP, just NT and 2000. Anyone run into this here?

  2. #2
    Star Lounger
    Join Date
    May 2002
    Location
    Charlotte, North Carolina, USA
    Posts
    54
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Failure Audit 577 Filling up Security Log (XP SP1? )

    Thanks. I am planning to have that change made already. I am just trying to figure out what is causing the error.
    It's always something... :-)

  3. #3
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Failure Audit 577 Filling up Security Log (XP SP1? )

    Mary

    First thing to do would be to alter the settings on that Event Log to cause "Overwrite events as needed" (Right click on the log in Event Viewer and click on properties). That means it just wraps round without causing the machine to stop. All logs on all machines should be set like this, IMHO...

    The only thing I can find on TechNet is:

    <font color=blue>[/b]577 A user attempted to perform a privileged system service operation.

    Parameters: Privileged service called, server, service, primary user name, primary domain, primary logon ID, client user name, client domain, client logon ID, privileges.
    Configurable Information: Success or Failure
    Formal name: SE_AUDITID_ PRIVILEGED_SERVICE
    Callers of PrivilegedServiceAuditAlarm generate this event. [/b]</font color=blue>

    I'm not sure that helps much. Is there anyhing in common between the three users/their machines/the software they run that would point you at something?
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  4. #4
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Failure Audit 577 Filling up Security Log (XP SP1? )

    I have hunted down the only other reference as Creating a Member Server Baseline.
    See the section "Audit privilege use Table 3.14 Settings".

    <font color=blue>"Enabling privilege auditing generates a very large number of event records. For this reason, each security environment defined in this guide has unique recommendations for these settings. Failed use of a user right is an indicator of a general network problem and often can be a sign of an attempted security breach. Corporations should set the Audit privilege use setting to Enable only if there is a specific business reason to do so."</font color=blue>

    Roughly translated, it appears to me that someone/something has turned on a part of auditing, which gives rise to those messages. Probably you want to get "your technical chaps/ms-chaps" to turn it off...

    But what do I know? <img src=/S/shrug.gif border=0 alt=shrug width=39 height=15>
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  5. #5
    Star Lounger
    Join Date
    May 2002
    Location
    Charlotte, North Carolina, USA
    Posts
    54
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Failure Audit 577 Filling up Security Log (XP SP1? )

    Thanks. I have put them on it. For now we changed Group Policy to "Overwrite Events as Needed", but I think we really need to figure out what is causing the events.
    I really appreciate your help! <img src=/S/thankyou.gif border=0 alt=thankyou width=40 height=15>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •