On this computer I have regular Event 1530 reports referring to lsass.exe. Investigating using Process Monitor I find references to the Registry key HKLM\SAM\SAM\DOMAINS\etc where the task is "Desired Access Read and the Result is Name not found. The computer is a Workstation and HKLM\SAM\SAM has no Domain entries. How do you backtrack to find what causes whatever it is to look for Domain entries on a Workstation? TIA, Gerry

This error has been cured in pre Vista/W 7 operating system with UPHclean. This correcting functionality has been build into Vista and UPHclean is incompatible with Vista and W 7. Description of this error is in KB http://support.microsoft.com/kb/947238/en-us Regards Milos

Milos KB947238 says "The application that is listed in the event detail is leaving the registry handle open and should be investigated." That is what I am trying to do! Hope this helps, Gerry

Hi, Based on my research, this problem may occur when event tracing for Security Accounts Manager (SAM) events is enabled. To work around this problem, please try to disable event tracing for SAM events and see how it works. You can use Logman command or Trace Log Tool to disable it. Hope this helps. Jeremy Wu TechNet Community Support

Hi, Based on my research, this problem may occur when event tracing for Security Accounts Manager (SAM) events is enabled. To work around this problem, please try to disable event tracing for SAM events and see how it works. You can use Logman command or Trace Log Tool to disable it. Hope this helps. Jeremy Wu TechNet Community Support