Windows 10: Windows Service will not execute fails Security Audit

Discus and support Windows Service will not execute fails Security Audit in Windows 10 Software and Apps to solve the problem; Hello I have a Visual Studio 2017 C# .Net Windows Service project that includes a Project installer. The service installs and executes fine in a... Discussion in 'Windows 10 Software and Apps' started by morelsc, Oct 11, 2018 at 2:32 PM.

  1. morelsc Win User

    Windows Service will not execute fails Security Audit


    Hello

    I have a Visual Studio 2017 C# .Net Windows Service project that includes a Project installer. The service installs and executes fine in a Windows 7 OS but will not execute when installed on a Windows 10 OS. When trying to start the service on a Windows 10 OS the Event Viewer Windows Logs Security captures an Audit Failure shown below;

    A privileged service was called.

    Subject:
    Security ID: NU\
    Account Name:
    Account Domain: NU
    Logon ID: 0x1FEE28C

    Service:
    Server: Security
    Service Name: -

    Process:
    Process ID: 0x1730
    Process Name: C:\Apps\EMSCheckActivity\EMSActivityChecker.exe

    Service Request Information:
    Privileges: SeTcbPrivilege


    After some research I discovered what I believe is the problem however I don’t know how to fix it. The Windows 10 OS Local Policies Security Options System Settings has “Use Certificate Rules on Windows Executables for Software Restriction Policies” Enabled. How do I incorporate a Certificate that will allow the service to execute?

    :)
     
  2. Alec§taar Win User

    Securing Windows 2000/XP/Server 2003 services HOW TO

    This is all i could save. I dont know if people can see what I can in the Wiki, but I got this article the others he deleted b4 he posted them in the wiki and i dont have the powers even in my sections to bring them back...perhaps a back up but Im not sure we have one ill go see. He did a damn good job at making sure nothing of his existed after he left...Im at school but when i get home ill email him and see if i can get him back im not done fighting yet.-Solaris17




    Securing Windows 2000/XP/Server 2003 services HOW TO
    I went at ALL of the services in Windows Server 2003 (some will not be in XP for instance, & Windows 2000 has no NETWORK SERVICE or LOCAL SERVICE as far as I know, but not sure, you can always make a limited privelege user too for this on 2000 if needed)...

    I did testing to see which services could be run/logged in as LOCAL SERVICE, or NETWORK SERVICE, rather than the default of LOCAL SYSTEM (which means Operating System entity level privileges - which CAN be "misused" by various spyware/malware/virus exploits).


    LOCAL SERVICE startable list (vs. LocalSystem Logon Default):


    --------------------------------------------------------------------------------

    Acronis Scheduler 2 Service
    Alerter (needs Workstation Service Running)
    COM+ System Application
    GHOST
    Indexing Service
    NVIDIA Display Driver Service
    Office Source Engine
    O&O Clever Cache
    Remote Registry
    Sandra Service
    Sandra Data Service
    SmartCard
    Tcp/IP NetBIOS Helper
    Telnet
    UserProfile Hive Cleanup Service
    Volume Shadowing Service
    Windows UserMode Drivers
    Windows Image Acquisition
    WinHTTP Proxy AutoDiscovery Service
    NETWORK SERVICE startable list (vs. LocalSystem Logon Default):


    --------------------------------------------------------------------------------

    ASP.NET State Service
    Application Layer Gateway
    Clipbook (needs Network DDE & Network DDE DSDM)
    Microsoft Shadow Copy Provider
    Executive Software Undelete
    DNS Client
    DHCP Client
    Error Reporting
    FileZilla Server
    Machine Debug Manager
    Merger
    NetMeeting Remote Desktop Sharing Service
    Network DDE
    Network DDE DSDM
    PDEngine (Raxco PerfectDisk)
    Performance Logs & Alerts
    RPC
    Remote Desktop Help Session Manager Service
    Remote Packet Capture Protocol v.0 (experimental MS service)
    Resultant Set of Policies Provider
    SAV Roam
    Symantec LiveUpdate
    Visual Studio 2005 Remote Debug
    PLEASE NOTE: Each service uses a BLANK password when reassigning their logon entity (when you change it from the default of LOCAL SYSTEM Account), because they use SID's as far as I know, not standard passwords.


    --------------------------------------------------------------------------------

    WHEN YOU TEST THIS, AFTER RESETTING THE LOGON USER ENTITY EACH SERVICE USES: Just run your system awhile, & if say, Norton Antivirus refuses to update, or run right? You KNOW you set it wrong... say, if one you test that I do NOT list won't run as LOCAL SERVICE? Try NETWORK SERVICE instead... if that fails? YOU ARE STUCK USING LOCAL SYSTEM!

    If you cannot operate properly while changing the security logon entity context of a service (should NOT happen w/ 3rd party services, & this article shows you which ones can be altered safely)?

    Boot to "Safe Mode", & reset that service's logon entity back to LOCAL SYSTEM again & accept it cannot do this security technique is all... it DOES happen!

    If that fails? There are commands in the "Recovery Console" (installed from your Windows installation CD as a bootup option while in Windows using this commandline -> D:\i386\winnt32.exe /cmdcons, where D is your CD-Rom driveletter (substitute in your dvd/cd driveletter for D of course)) of:

    ListSvc (shows services & drivers states of stopped or started)

    Enable (starts up a service &/or driver)

    Disable (stops a server &/or driver)

    Which can turn them back on if/when needed

    Last edited by APK on 03/04/2007
    I.E. -> I removed Telephony, Symantec AntiVirus, & Virtual Disk Service!

    (ON Virtual Disk Service being removed, specifically: This was done solely because, although it will run as LOCAL SERVICE, diskmgmt.msc will not be able to work! Even though the Logical Disk Manager service does not list VirtualDisk as a dependency, this occurs, so VirtualDisk service was pulled from BOTH the LOCAL SERVICE and NETWORK SERVICE lists here... apk)

    SECURING SERVICES @ THE ACL LEVEL VIA A SECURITY POLICY HOW-TO:

    STEP #1: CONFIGURE A CUSTOM Microsoft Management Console for this!

    Configuring yourself a "CUSTOM MMC.EXE (Microsoft Mgt. Console)" setup for security policy templates, here is how (these are NOT default Computer Mgt. tools, so you have to do this yourself, or run them by themselves, but this makes working w/ them convenient):

    ===============================================================
    The next part's per BelArcGuy of BELARC ADVISOR's advice (pun intended):
    ==============================================
    http://forums.techpowerup.com/showthread.php?p=282551#post282551

    ==============================================
    "Security Configuration and Analysis" is an MMC snap-in. To access the MMC, type in mmc to the Windows Run.. command to pop up the console. Then use it's File|Add/Remove Snap-in... command and click the Add button on the resulting dialog. Choose both "Security Configuration and Analysis" and "Security Templates", close that dialog, and OK. You'll end up with a management console that has both of those snap-ins enabled. The whole MMC mechanism is a bit weird, but does work"

    (It's easy, & it works, & is necessary for the actual steps to do this, below)


    --------------------------------------------------------------------------------

    (Next, is the actual "meat" of what we need to do, per Microsoft, to set ACLs)


    --------------------------------------------------------------------------------

    STEP #2: HOW TO: Define Security Templates By Using the Security Templates Snap-In in Windows Server 2003

    http://support.microsoft.com/kb/816297

    Create and Define a New Security Template

    (To define a new security template, follow these steps)

    1. In the console tree, expand Security Templates. 2. Right-click %SystemRoot%\Security\Templates, and then click New Template. 3. In the Template name box, type a name for the new template.

    (If you want, you can type a description in the Description box, and then click OK)

    The new security template appears in the list of security templates. Note that the security settings for this template are not yet defined. When you expand the new security template in the console tree, expand each component of the template, and then double-click each security setting that is contained in that component, a status of Not Defined appears in the Computer Setting column.

    1. To define a System Services policy, follow these steps: a. Expand System Services. b. In the right pane, double-click the service that you want to configure. c. Specify the options that you want, and then click OK.

    ==============================================
    )
    APK (added 03/08/2007)
     
  3. Jennifer Bri Win User
    Audit mode

    Hi Diane,

    Windows boots into Windows Welcome Mode and Audit Mode. Windows Welcome Mode
    is the first user experience while the Audit mode is used to add customization to Windows images. Sometimes, Windows keeps running in Audit Mode and user has no idea about it, just like in your case. While your machine is running Audit
    Mode when upgrading or reinstalling Windows 10, the upgrade won’t progress.

    Here's how to exit from Audit mode to reinstall Windows 10:

    • Open the administrative or elevated Command Prompt. Type cmd in the
      Search
      field at the taskbar.
    • Type the following command and press Enter key: sysprep /oobe /generalize
      DISCLAIMER: Running sysprep command each time resets Windows licensing state to default. So if your Windows is activated and you run this command, you’ll need to reactivate Windows after executing this command.

    • Once the command IS successfully executed, you’ll be out of Audit Mode. Now you can re-try to upgrade to Windows 10 and it should work.

    Let us know if the steps above worked for you.
     
    Jennifer Bri, Oct 11, 2018 at 2:35 PM
    #3
  4. Peeg Win User

    Windows Service will not execute fails Security Audit

    windows 8.1 is executing winsat.exe automatically even though its disabled in task scheduler.

    windows 8.1 is executing winsat.exe automatically even though its disabled in task scheduler. When Checking event viewer security logs it tells me someone logged into my computer even though I was already logged in but idle and executed winsat.exe. Is this normal or is someone logging into my computer remotely? I have multiple logins and special logins in my Log and logoffs when i did not logoff.

    Audit Success 6/29/2014 5:29:03 PM Microsoft Windows security auditing. 4616 Security State Change
    Audit Success 6/29/2014 5:03:25 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 5:03:25 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 2:13:16 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 2:13:16 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 2:03:54 PM Microsoft Windows security auditing. 4634 Logoff
    Audit Success 6/29/2014 2:03:54 PM Microsoft Windows security auditing. 4634 Logoff
    Audit Success 6/29/2014 2:00:18 PM Microsoft Windows security auditing. 4797 User Account Management
    Audit Success 6/29/2014 2:00:18 PM Microsoft Windows security auditing. 4797 User Account Management
    Audit Success 6/29/2014 2:00:18 PM Microsoft Windows security auditing. 4797 User Account Management
    Audit Success 6/29/2014 2:00:18 PM Microsoft Windows security auditing. 4797 User Account Management
    Audit Success 6/29/2014 2:00:15 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 2:00:15 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 2:00:15 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 2:00:15 PM Microsoft Windows security auditing. 4648 Logon
    Audit Success 6/29/2014 2:00:07 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 2:00:07 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 2:00:07 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 2:00:07 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 2:00:07 PM Microsoft Windows security auditing. 4648 Logon
    Audit Success 6/29/2014 2:00:06 PM Microsoft Windows security auditing. 4647 Logoff
    Audit Success 6/29/2014 12:55:51 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 12:55:51 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 12:43:02 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 12:43:02 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 12:43:02 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 12:43:02 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 12:16:13 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 12:16:13 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:20:53 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:20:53 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:19:04 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:19:04 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:09:04 AM Microsoft Windows security auditing. 6406 Other System Events
    Audit Success 6/29/2014 11:07:59 AM Microsoft Windows security auditing. 4797 User Account Management
    Audit Success 6/29/2014 11:07:59 AM Microsoft Windows security auditing. 4797 User Account Management
    Audit Success 6/29/2014 11:07:59 AM Microsoft Windows security auditing. 4797 User Account Management
    Audit Success 6/29/2014 11:07:59 AM Microsoft Windows security auditing. 4797 User Account Management
    Audit Success 6/29/2014 11:07:57 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:57 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:56 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:56 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:56 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:56 AM Microsoft Windows security auditing. 4648 Logon
    Audit Success 6/29/2014 11:07:50 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:50 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:48 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:48 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:45 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:45 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:45 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:44 AM Microsoft Windows security auditing. 5024 Other System Events
    Audit Success 6/29/2014 11:07:44 AM Microsoft Windows security auditing. 5033 Other System Events
    Audit Success 6/29/2014 11:07:44 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:44 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4648 Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4624 Logon
     
Thema:

Windows Service will not execute fails Security Audit

Loading...
  1. Windows Service will not execute fails Security Audit - Similar Threads - Service execute fails

  2. Antimalware Service Executable

    in Windows 10 Customization
    Antimalware Service Executable: hi all i hav problem with Antimalware Service Executable this funktion run and make my nootbook low can not play in online game have very bad lags can my pls say why can i this disable hav in youtube for this 3 way not work ty all...
  3. Antimalware Service Executable

    in AntiVirus, Firewalls and System Security
    Antimalware Service Executable: Antimalware Service Executable keeps draining my resources and most important my SSD. It write like 1TB every day! And keep using CPU about between 20-25%. I just try sfc /scannow, check virus after restart and still same. Also my computer running 24/7. What can i do?...
  4. Antimalware service executable runs constantly

    in AntiVirus, Firewalls and System Security
    Antimalware service executable runs constantly: How do I stop antimalware service executable from running constantly windows 10? I would like to disable windows defender, but do not know how....
  5. windows media player server execution failed

    in Windows 10 BSOD Crashes and Debugging
    windows media player server execution failed: windows media player server execution failed. Is there a fix? https://answers.microsoft.com/en-us/windows/forum/windows_10-performance/windows-media-player-server-execution-failed/8440f89a-57f0-461d-88c9-6e63e74d8c58
  6. how to stop antimalware service executable

    in Windows 10 Customization
    how to stop antimalware service executable: hloo.i want to stop anti malware serviceexecutable in my pc.necause it using lot of memory and disk space.therby it making my computer very slow.pls provide steps to stop it or close it.while im trying to stop it in task manager,it shows as access is denied....
  7. Security Log Audit Failures 5127

    in Windows 10 Network and Sharing
    Security Log Audit Failures 5127: Access Denied or to whom ever can shed some light on this issue, Here we go, a little more information on what is going on with this one machine on my home network. I have restarted all the services. In a previous post I uninstalled all the Google sync stuff which fixed the...
  8. Security auditing - how to disable?

    in AntiVirus, Firewalls and System Security
    Security auditing - how to disable?: I noticed after checking my event viewer for something that under Windows>security, there are tons and tons of "audit success" entries. Is this necessary for the PC to run security auditing constantly like this and log it? It seems unnecessary. Can I disable it? 76900
  9. Too Many 'Audit Success' Security-Auditing Events Happening

    in Windows 10 Performance & Maintenance
    Too Many 'Audit Success' Security-Auditing Events Happening: Hi! I've been using Windows 10 for a while now and except for one time where my start button and notification tray stopped working (solved that by migrating to a new user account), I haven't had any problems. Except maybe a week ago. Consistently during use (either for...
  10. Audit failed

    in Windows 10 Installation and Upgrade
    Audit failed: Hi! Just a question I always wondered about: what logged errors in the category Audit failed actually mean? hope I translated it right, because in Dutch it's something like Controle mislukt (check failed). Normally this category isn't even visible in the logs, but very...