How can I determined who did this...

Discussion in 'Networking & Security' started by jadams, Aug 18, 2011.

  1. jadams

    jadams 2[H]4U

    Messages:
    4,088
    Joined:
    Mar 14, 2010
    Our software requires a service user to have certain rights in the Local Security Policy. One of them of course being "Log on as a service".

    Today I got a call saying our software wasnt working at one of our customer's locations. Error message was a logon failure. After verifying credentials werent changed I checked the LSP and sure enough our user was taken out of the several objects it needed to be in.

    Tried looking through the event viewer. If its in there I probably missed it. Not entirely sure what I'm looking for in there. Google was no help.

    Thanks.
     
  2. ShadowStriker

    ShadowStriker [H]ard|Gawd

    Messages:
    1,671
    Joined:
    Oct 8, 2009
    Is there a GPO resetting your other GPOs? Or affecting services in general?
     
  3. jadams

    jadams 2[H]4U

    Messages:
    4,088
    Joined:
    Mar 14, 2010
    Not sure.

    We try to keep everything local. Local user. Local Security Policy. I understand that some domain level GPO's can effect these things. But we have less issues and less troubleshooting when everythings local.

    Its much more of a PITA with our customers who want everything done on the domain level. Things get changed, and it affects our servers.

    but of course regardless of domain/local we always get the "we are has done nuffin to teh serverz, why they no work???"

    And now I'm trying to play detective to find out who did it.