After hardening a Production SQL Server Cluster, and reviewing the Secuirty Logs to make sure all was well, among many other strange things I saw SQL Server trying to do, I ran across this gem:
Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 2/16/2007
Time: 11:44:36 AM
User: DOMAIN\SQLServiceAccountName
Computer: COMPUTERNAME
Description:
Object Open:
Object Server: Security
Object Type: File
Object Name: C:\AUTOEXEC.BAT
Handle ID: -
Operation ID: {0,533511}
Process ID: 872
Image File Name:
Primary User Name: MACHINE$
Primary Domain: DOMAIN
Primary Logon ID: (0x0,0x3E7)
Client User Name: SQLServiceAccountName
Client Domain: DOMAIN
Client Logon ID: (0x0,0x822BB)
Accesses: READ_CONTROL
SYNCHRONIZE
ReadData (or ListDirectory)
ReadEA
ReadAttributes
Privileges: -
Restricted Sid Count: 0
Access Mask: 0x120089
Pretty cool, eh?
0 comments:
Post a Comment