zoukankan      html  css  js  c++  java

  • Giving Application Pools Event Log Access

    Giving Application Pools Event Log Access

    Overview

    When the database becomes inaccessible, Secret Server will try to log errors to the Windows event log. By default, network service and standard service accounts will not have permissions to the event log. Permissions must be added to specific event log registry keys.

    Required Registry Permissions

    The follow permissions are required for the identity configured on the SS application pool in IIS:

    HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > EventLog

    Applies to key and subkeys

    • Read permissions:

      • Query Value
      • Enumerate Subkeys
      • Notify
      • Read Control

    • Set Value permission

    • Create Subkey permission

    HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > EventLog > Security

    Applies to key and subkeys

    Read permissions:

    • Query Value
    • Enumerate Subkeys
    • Notify
    • Read Control

    Applying Windows Event Log Permissions

    1. Determine the account that is running SS:

      1. Log on SS.

      2. Go to Admin > Diagnostics.

      3. Look for any of the Thread Identity labels. These contain the identity of SS (often NT AUTHORITYNETWORK SERVICE or IIS APPPOOLSecretServer or the service account set up for IWA. See Running the IIS Application Pool As a Service Account.

        Note: You can also determine the identity by logging in and navigating to http://yoursecretserverurl/Installer.aspx. The first step of this page will tells you the application pool identity.

    2. Open the Windows registry editor on the machine running SS (regedit at the command prompt or Window search text box).

    3. On the left, navigate to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > EventLog.

    4. Right click the EventLog folder in your registry editor and select Permissions. A permissions dialog box appears.

    5. Click the Advanced button.

    6. On the Permissions tab, Click the Add button. A Permission Entry dialog appears.

    7. Click the Select a principal link. The Select User, Computer… dialog box appears.

    8. Find the account running SS, such as Thycotic_Service (svc_thycotic@test.com).

    9. Click the OK button. The dialog box closes.

    10. In the Basic Permissions section of the Permission Entry dialog, click to select the Read check box.

    11. Click the Show advanced permissions link. The pane switches.

    12. Click to select the Set Value and Create Subkey check boxes in the Advanced Permissions section.

    13. Click OK buttons on the remaining dialogs to apply the permissions. You are returned to the main registry editor window.

    14. Navigate to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > EventLog > Security, right-click and select “Permissions…“

    15. Right click Security folder and select Permissions. A permissions dialog box appears.

    16. Click the Add button.

    17. Find the account running SS.

    18. Click the OK button.

    19. Click to select the Read check box in the Allow column.

    20. Click the OK button to apply the permission.
  • 相关阅读:
    决策树算法小结
    低配置电脑播放 flash 视频时 占 cpu 资源过高的解决方法
    ts tp 高清播放软件 Elecard MPEG Player 6.0.130827
    KBS2 SBS MBC 高清播放地址 + mplayer 播放 录制
    MPlayer-ww 增加边看边剪切功能
    MPlayer 增加边看边剪切功能
    -fomit-frame-pointer 编译选项在gcc 4.8.2版本中的汇编代码研究
    ffplay mini 媒体播放器
    libavcodec/dxva2.h:40:5: error: unknown type name 'IDirectXVideoDecoder'
    ARGB32 to YUV12 利用 SDL1.2 SDL_ttf 在视频表面输出文本
  • 原文地址:https://www.cnblogs.com/chucklu/p/13381491.html
Copyright © 2011-2022 走看看