[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntbugtraq
Subject:    LSA2-FIX breaks apps that access the Security Event Log
From:       Paul Whelan-PA <whelan.pa () PG ! COM>
Date:       1998-09-30 17:09:04
[Download RAW message or body]

I have been working with Microsoft on an issue with LSA2-fix that may be of
interest to this audience.  I noticed that after applying LSA2, a REXX
script I had written to manage the NT event logs began failing.  After
looking at the MS KB, I found an article (Q183770) on how LSA2 broke this
same functionality in a module of SMS.  It seems that the LSA2 fix (by
design see Q184017) introduces in EVENTLOG.DLL the requirement that calling
programs have a new privilege (SE_SECURITY_NAME) to access the security
event logs.  I believe this will effect every 3rd party app out there that
is analyzing/dumping/reporting on the security event logs including
scripting languages like Perl as well.  I also tested DUMPEL from the NT
resource kit and it fails.  I don't believe there is general awareness that
SP4 is going to break this functionality.   Anyone else have info to the
contrary?

Paul Whelan
whelan.pa@pg.com

[prev in list] [next in list] [prev in thread] [next in thread]