U
UselessUser
Hi,
I was just wondering if anyone could help me with the following: I have
noticed the following errors in the userenv log (Set to 30002)..
It is coming up with this:
USERENV(670.690) 08:36:42:308 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(670.690) 08:36:42:308 GetUserNameAndDomain Failed to impersonate user
USERENV(670.690) 08:36:42:308 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(670.690) 08:36:42:308 GetUserDNSDomainName: Failed to impersonate user
USERENV(670.690) 08:36:42:308 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(670.690) 08:36:42:308 GetUserNameAndDomain Failed to impersonate user
USERENV(670.690) 08:36:42:308 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(670.690) 08:36:42:308 GetUserDNSDomainName: Failed to impersonate user
USERENV(670.690) 08:36:42:339 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(670.690) 08:36:42:339 GetUserNameAndDomain Failed to impersonate user
USERENV(670.690) 08:36:42:355 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(670.690) 08:36:42:355 GetUserDNSDomainName: Failed to impersonate user
USERENV(670.690) 08:36:42:386 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(670.690) 08:36:42:386 GetUserNameAndDomain Failed to impersonate user
USERENV(b7c.bc4) 08:36:42:386 GetProfileType: Profile already loaded.
USERENV(670.690) 08:36:42:386 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(b7c.bc4) 08:36:42:386 GetProfileType: ProfileFlags is 0
USERENV(670.690) 08:36:42:417 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(670.690) 08:36:42:417 GetUserNameAndDomain Failed to impersonate user
USERENV(670.690) 08:36:42:417 ImpersonateUser: Failed to impersonate user
with 5.
The 670 converted to decimal returns 1648, which in this case is the PID for
LSASS.exe, 690 returns 1680, which I cannot see in the process list anywhere.
Can anyone help me troubleshoot this further (e.g. is this normal to see
these events firstly, and secondly anyway of setting some kind of monitor to
track all processes from boot and write them into a log file with their PID,
so I can track it back that way?)...
Thanks in advance!
I was just wondering if anyone could help me with the following: I have
noticed the following errors in the userenv log (Set to 30002)..
It is coming up with this:
USERENV(670.690) 08:36:42:308 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(670.690) 08:36:42:308 GetUserNameAndDomain Failed to impersonate user
USERENV(670.690) 08:36:42:308 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(670.690) 08:36:42:308 GetUserDNSDomainName: Failed to impersonate user
USERENV(670.690) 08:36:42:308 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(670.690) 08:36:42:308 GetUserNameAndDomain Failed to impersonate user
USERENV(670.690) 08:36:42:308 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(670.690) 08:36:42:308 GetUserDNSDomainName: Failed to impersonate user
USERENV(670.690) 08:36:42:339 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(670.690) 08:36:42:339 GetUserNameAndDomain Failed to impersonate user
USERENV(670.690) 08:36:42:355 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(670.690) 08:36:42:355 GetUserDNSDomainName: Failed to impersonate user
USERENV(670.690) 08:36:42:386 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(670.690) 08:36:42:386 GetUserNameAndDomain Failed to impersonate user
USERENV(b7c.bc4) 08:36:42:386 GetProfileType: Profile already loaded.
USERENV(670.690) 08:36:42:386 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(b7c.bc4) 08:36:42:386 GetProfileType: ProfileFlags is 0
USERENV(670.690) 08:36:42:417 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(670.690) 08:36:42:417 GetUserNameAndDomain Failed to impersonate user
USERENV(670.690) 08:36:42:417 ImpersonateUser: Failed to impersonate user
with 5.
The 670 converted to decimal returns 1648, which in this case is the PID for
LSASS.exe, 690 returns 1680, which I cannot see in the process list anywhere.
Can anyone help me troubleshoot this further (e.g. is this normal to see
these events firstly, and secondly anyway of setting some kind of monitor to
track all processes from boot and write them into a log file with their PID,
so I can track it back that way?)...
Thanks in advance!