Guest Dough Posted December 6, 2007 Posted December 6, 2007 Dell PE2950 server, Win2003 R2 SP2, 64 bit Xeon, domain controller, current windows updates. Security Configuration Wizard gets the error. Extension NameMicrosoft.OS.Services - 0x80070005 Error configuring C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf Access is denied. Running as domain admin, security shows full control of file/dir. Turned off anti-virus pgm, didn't help. Searching shows other folks with the same error but no resolutions. Any suggestions? Process monitor shows the following. Note the Buffer Overflow and Name Invalid lines... 135300 11:00:27.4559951 AM services.exe 400 ReadFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached 135301 11:00:27.4561061 AM services.exe 400 ReadFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS Offset: 4,096, Length: 4,096, I/O Flags: Non-cached 135302 11:00:27.4562143 AM services.exe 400 CloseFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS 135304 11:00:27.4566644 AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Write Through, No Buffering, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135305 11:00:27.4568190 AM services.exe 400 QueryInformationVolume C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS VolumeCreationTime: 8/14/2007 3:52:20 PM, VolumeSerialNumber: 9063-CE5A, SupportsObjects: True, VolumeLabel: OS 135306 11:00:27.4568414 AM services.exe 400 QueryAllInformationFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb BUFFER OVERFLOW CreationTime: 12/6/2007 10:42:24 AM, LastAccessTime: 12/6/2007 11:00:27 AM, LastWriteTime: 12/6/2007 11:00:27 AM, ChangeTime: 12/6/2007 11:00:27 AM, FileAttributes: A, AllocationSize: 1,056,768, EndOfFile: 1,056,768, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x900000000596c, EaSize: 0, Access: Generic Read, Position: 0, Mode: Write Through, No Buffering, AlignmentRequirement: Byte 135307 11:00:27.4571977 AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135308 11:00:27.4572666 AM services.exe 400 CloseFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS 135310 11:00:27.4576070 AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135311 11:00:27.4576730 AM services.exe 400 CloseFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS 135313 11:00:27.4580079 AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135314 11:00:27.4580655 AM services.exe 400 DeviceIoControl C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb FAST IO DISALLOWED Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME 135315 11:00:27.4580792 AM services.exe 400 DeviceIoControl C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb INVALID PARAMETER Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME 135316 11:00:27.4580989 AM services.exe 400 CloseFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS 135318 11:00:27.4584583 AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb NAME INVALID Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin 135319 11:00:27.4587925 AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles IS DIRECTORY Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin 135320 11:00:27.4591258 AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135321 11:00:27.4591870 AM services.exe 400 FileSystemControl C:\WINDOWS\security\msscw\ConfigureFiles NOT REPARSE POINT Control: FSCTL_GET_REPARSE_POINT 135322 11:00:27.4592152 AM services.exe 400 CloseFile C:\WINDOWS\security\msscw\ConfigureFiles SUCCESS 135324 11:00:27.4595462 AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135325 11:00:27.4596041 AM services.exe 400 CloseFile C:\WINDOWS\security\msscw\ConfigureFiles SUCCESS 135327 11:00:27.4599272 AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135328 11:00:27.4599813 AM services.exe 400 DeviceIoControl C:\WINDOWS\security\msscw\ConfigureFiles FAST IO DISALLOWED Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME 135329 11:00:27.4599943 AM services.exe 400 DeviceIoControl C:\WINDOWS\security\msscw\ConfigureFiles INVALID PARAMETER Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME 135330 11:00:27.4600137 AM services.exe 400 CloseFile C:\WINDOWS\security\msscw\ConfigureFiles SUCCESS 135332 11:00:27.4603452 AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135333 11:00:27.4604027 AM services.exe 400 FileSystemControl C:\WINDOWS\security\msscw\ConfigureFiles NOT REPARSE POINT Control: FSCTL_GET_REPARSE_POINT 135334 11:00:27.4604269 AM services.exe 400 CloseFile C:\WINDOWS\security\msscw\ConfigureFiles SUCCESS 135336 11:00:27.4607572 AM services.exe 400 CreateFile C:\WINDOWS\security\msscw IS DIRECTORY Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin 135337 11:00:27.4610823 AM services.exe 400 CreateFile C:\WINDOWS\security\msscw SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135338 11:00:27.4611404 AM services.exe 400 FileSystemControl C:\WINDOWS\security\msscw NOT REPARSE POINT Control: FSCTL_GET_REPARSE_POINT 135339 11:00:27.4611650 AM services.exe 400 CloseFile C:\WINDOWS\security\msscw SUCCESS 135341 11:00:27.4614931 AM services.exe 400 CreateFile C:\WINDOWS\security\msscw SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135342 11:00:27.4615502 AM services.exe 400 CloseFile C:\WINDOWS\security\msscw SUCCESS 135344 11:00:27.4618738 AM services.exe 400 CreateFile C:\WINDOWS\security\msscw SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135345 11:00:27.4619319 AM services.exe 400 DeviceIoControl C:\WINDOWS\security\msscw FAST IO DISALLOWED Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME 135346 11:00:27.4619441 AM services.exe 400 DeviceIoControl C:\WINDOWS\security\msscw INVALID PARAMETER Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME 135347 11:00:27.4619631 AM services.exe 400 CloseFile C:\WINDOWS\security\msscw SUCCESS 135349 11:00:27.4622884 AM services.exe 400 CreateFile C:\WINDOWS\security\msscw SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135350 11:00:27.4623455 AM services.exe 400 FileSystemControl C:\WINDOWS\security\msscw NOT REPARSE POINT Control: FSCTL_GET_REPARSE_POINT 135351 11:00:27.4623699 AM services.exe 400 CloseFile C:\WINDOWS\security\msscw SUCCESS 135353 11:00:27.4626374 AM services.exe 400 CreateFile C:\WINDOWS\security IS DIRECTORY Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin 135354 11:00:27.4628964 AM services.exe 400 CreateFile C:\WINDOWS\security SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135355 11:00:27.4629544 AM services.exe 400 FileSystemControl C:\WINDOWS\security NOT REPARSE POINT Control: FSCTL_GET_REPARSE_POINT 135356 11:00:27.4629786 AM services.exe 400 CloseFile C:\WINDOWS\security SUCCESS 135358 11:00:27.4632413 AM services.exe 400 CreateFile C:\WINDOWS\security SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135359 11:00:27.4632980 AM services.exe 400 CloseFile C:\WINDOWS\security SUCCESS 135361 11:00:27.4635587 AM services.exe 400 CreateFile C:\WINDOWS\security SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135362 11:00:27.4636129 AM services.exe 400 DeviceIoControl C:\WINDOWS\security FAST IO DISALLOWED Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME 135363 11:00:27.4636250 AM services.exe 400 DeviceIoControl C:\WINDOWS\security INVALID PARAMETER Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME 135364 11:00:27.4636442 AM services.exe 400 CloseFile C:\WINDOWS\security SUCCESS 135366 11:00:27.4639080 AM services.exe 400 CreateFile C:\WINDOWS\security SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135367 11:00:27.4639645 AM services.exe 400 FileSystemControl C:\WINDOWS\security NOT REPARSE POINT Control: FSCTL_GET_REPARSE_POINT 135368 11:00:27.4639883 AM services.exe 400 CloseFile C:\WINDOWS\security SUCCESS 135370 11:00:27.4641796 AM services.exe 400 CreateFile C:\WINDOWS IS DIRECTORY Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin 135371 11:00:27.4643750 AM services.exe 400 CreateFile C:\WINDOWS SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135372 11:00:27.4644316 AM services.exe 400 FileSystemControl C:\WINDOWS NOT REPARSE POINT Control: FSCTL_GET_REPARSE_POINT 135373 11:00:27.4644561 AM services.exe 400 CloseFile C:\WINDOWS SUCCESS 135375 11:00:27.4646433 AM services.exe 400 CreateFile C:\WINDOWS SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135376 11:00:27.4646991 AM services.exe 400 CloseFile C:\WINDOWS SUCCESS 135378 11:00:27.4648943 AM services.exe 400 CreateFile C:\WINDOWS SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135379 11:00:27.4649495 AM services.exe 400 DeviceIoControl C:\WINDOWS FAST IO DISALLOWED Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME 135380 11:00:27.4649615 AM services.exe 400 DeviceIoControl C:\WINDOWS INVALID PARAMETER Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME 135381 11:00:27.4649804 AM services.exe 400 CloseFile C:\WINDOWS SUCCESS 135383 11:00:27.4651681 AM services.exe 400 CreateFile C:\WINDOWS SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135384 11:00:27.4652229 AM services.exe 400 FileSystemControl C:\WINDOWS NOT REPARSE POINT Control: FSCTL_GET_REPARSE_POINT 135385 11:00:27.4652472 AM services.exe 400 CloseFile C:\WINDOWS SUCCESS 135387 11:00:27.4654220 AM services.exe 400 CreateFile C:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened 135388 11:00:27.4654753 AM services.exe 400 QuerySizeInformationVolume C:\ SUCCESS TotalAllocationUnits: 17,739,776, AvailableAllocationUnits: 10,030,997, SectorsPerAllocationUnit: 8, BytesPerSector: 512 135389 11:00:27.4654967 AM services.exe 400 CloseFile C:\ SUCCESS Thanks, Dough
Recommended Posts