IIS Admin service changing GP permissions for IUSR_Machine name
We have GP to only allow certain account logon as batch and logonover the network. After a few IIS servers restart GP is applied but then changed by IIS Admin. Once a normal refresh happens a few hours later the permission is removed. How do I stop this before we are scanned for compliance? It starts with Event ID 808 by System, Source Name IIS-Metabase and Process ID which points to IISADMIN Service. Then below is registered in event and if you check local policy the changes are made.
Event Type: Success Audit
Event Source: Security
Event Category: Policy Change
Event ID: 621
Date: 11/18/2009
Time: 6:36:44 PM
User: NT AUTHORITY\SYSTEM
Computer: SERVERNAMEDescription:
System Security Access Granted:
Access Granted: SeBatchLogonRight
Account Modified: ServerNAME\IWAM_Servername
November 20th, 2009 12:26am
Hi dcindy8,As the issue seems to be related to IIS, it is recommend you to initial a new thread in the IIS discussion forum. The engineers and the community members have more knowledge of it and can help you in a more efficient way.
IIS Discussion forum
http://forums.iis.net/
Hope the issue will be resolved soon.
This posting is provided "AS IS" with no warranties, and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
November 23rd, 2009 1:10pm