A
Astara__
I know about the question @
http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/cannot-start-windows-event-log-service-on-windows/e2c218ad-8637-49ee-8023-50eae0e4ddcb
The answer there did not help.
I also found this article:
https://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/c75ae899-d05b-411d-a7f2-00fdd33b8589/event-log-error-4201-errorwmiinstancenotfound?forum=windowscompatibility
--
I tried the reset.cmd which uses subinacl to add full rights to registry and subdir keys. It ran quickly to completion -- though I note it "cd's" to a 32-bit based version of the Windows Resource Kits/Tools --
So I'm wondering if it really reset the full registry or just the 32-bit part of it?
I also tried the:
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose >c:\temp\secedit_output.txt
command:
It failed at about 74%:
secedit_output.txt:
Completed 0 percent (0/113) Process Privilege Rights area ^MCompleted 1 percent (1/113) Process Privilege Rights area ^MCompleted 2 percent (2/113) Process Privilege Rights area ^MCompleted 3 percent (3/113) Process Privilege Rights area ^MCompleted 4 percent (4/113) Process Privilege Rights area ^MCompleted 5 percent (5/113) Process Privilege Rights area ^MCompleted 6 percent (6/113) Process Privilege Rights area ^MCompleted 7 percent (7/113) Process Privilege Rights area ^MCompleted 7 percent (8/113) Process Privilege Rights area ^MCompleted 8 percent (9/113) Process Privilege Rights area ^MCompleted 9 percent (10/113) Process Privilege Rights area ^MCompleted 10 percent (11/113) Process Privilege Rights area ^MCompleted 11 percent (12/113) Process Privilege Rights area ^MCompleted 14 percent (15/113) Process Privilege Rights area
^MCompleted 14 percent (15/113) Process Group Membership area ^MCompleted 15 percent (16/113) Process Group Membership area ^MCompleted 27 percent (30/113) Process Group Membership area ^MCompleted 27 percent (30/113) Process Registry Keys area ^MCompleted 28 percent (31/113) Process Registry Keys area ^MCompleted 29 percent (32/113) Process Registry Keys area ^MCompleted 30 percent (33/113) Process Registry Keys area ^MCompleted 30 percent (34/113) Process Registry Keys area ^MCompleted 31 percent (35/113) Process Registry Keys area ^MCompleted 32 percent (36/113) Process Registry Keys area ^MCompleted 32 percent (36/113) Process File Security area ^MCompleted 33 percent (37/113) Process File Security area ^MCompleted 34 percent (38/113) Process File Security area ^MCompleted 35 percent (39/113) Process File Security area ^MCompleted 36 percent (40/113) Process File Security area ^MCompleted 37 percent (41/113) Process File Security area ^MCompleted 38 percent (42/113) Process File Security area ^MCompleted 38 percent (43/113) Process File Security area ^MCompleted 39 percent (44/113) Process File Security area ^MCompleted 40 percent (45/113) Process File Security area ^MCompleted 41 percent (46/113) Process File Security area ^MCompleted 42 percent (47/113) Process File Security area ^MCompleted 43 percent (48/113) Process File Security area ^MCompleted 44 percent (49/113) Process File Security area ^MCompleted 44 percent (49/113) Process Services area ^MCompleted 45 percent (50/113) Process Services area ^MCompleted 46 percent (51/113) Process Services area ^MCompleted 46 percent (52/113) Process Services area ^MCompleted 47 percent (53/113) Process Services area ^MCompleted 48 percent (54/113) Process Services area ^MCompleted 49 percent (55/113) Process Services area ^MCompleted 50 percent (56/113) Process Services area ^MCompleted 51 percent (57/113) Process Services area ^MCompleted 53 percent (59/113) Process Services area ^MCompleted 57 percent (64/113) Process Services area ^MCompleted 57 percent (64/113) Process Security Policy area ^MCompleted 60 percent (67/113) Process Security Policy area ^MCompleted 63 percent (71/113) Process Security Policy area ^MCompleted 66 percent (74/113) Process Security Policy area ^MCompleted 69 percent (77/113) Process Security Policy area ^MCompleted 73 percent (82/113) Process Security Policy area ^M
An extended error has occurred.^M
The task has completed with an error.
See log %windir%\security\logs\scesrv.log for detail info.
I also tried "scf /scannow", and it put out:
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 31% complete.
Windows Resource Protection could not perform the requested operation.
The scesrv.log contents shows errors, but for services that don't exist and that I've never seen.
It also looks like it removed various Debug and interactive login privileges from my home-domain
account (try to use home-domain to have 1-login my 2 win-machines and linux machine -- it
usually works, but doesn't seem likely if this report blocks interactive login...?!?
Not sure why it removed users (like me) from the USERS group either:
here's the file:
-------------------------------------------
Tuesday, June 07, 2016 7:22:49 PM
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
----Configure User Rights...
SeImpersonatePrivilege must be assigned to administrators. This setting is adjusted.
SeImpersonatePrivilege must be assigned to SERVICE. This setting is adjusted.
Configure S-1-5-18.
remove SeTcbPrivilege.
remove SeIncreaseQuotaPrivilege.
Configure S-1-5-21-33333-77777-33333-201.
remove SeInteractiveLogonRight.
Configure S-1-5-21-33333-77777-33333-5013.
remove SeDebugPrivilege.
remove SeInteractiveLogonRight.
Configure S-1-5-21-33333-77777-33333-512.
remove SeInteractiveLogonRight.
Configure S-1-5-32-547.
remove SeDebugPrivilege.
remove SeCreateSymbolicLinkPrivilege.
Configure S-1-5-32-568.
remove SeBatchLogonRight.
remove SeImpersonatePrivilege.
Configure S-1-5-19.
remove SeServiceLogonRight.
Configure S-1-5-20.
remove SeServiceLogonRight.
Configure S-1-5-32-544.
remove SeLockMemoryPrivilege.
remove SeServiceLogonRight.
remove SeIncreaseWorkingSetPrivilege.
Configure S-1-5-32-551.
Configure S-1-5-32-559.
Configure S-1-5-32-545.
remove SeCreateSymbolicLinkPrivilege.
Configure S-1-1-0.
Configure S-1-5-6.
Configure S-1-5-21-1885695451-752926663-1105222378-501.
Configure S-1-5-32-555.
Configure S-1-5-80-0.
Configure S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420.
User Rights configuration was completed successfully.
----Configure Group Membership...
Configure Users.
remove Athenae\law.
remove Athenae\ASPNET.
remove BLISS\Domain Users.
Group Membership configuration was completed successfully.
----Configure 64-bit Registry Keys...
Configure users\.default.
Configure machine\software.
Configure machine\software\classes.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\classes\7-Zip.AccDictionary.3.
Configuration of Registry Keys was completed with one or more errors.
----Configure 32-bit Registry Keys...
Configure machine\software.
Configure machine\software\classes.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\classes\7-Zip.AccDictionary.3.
Configuration of Registry Keys was completed with one or more errors.
----Configure File Security...
Configure c:\program files\common files\speechengines\microsoft\tts.
Warning 2: The system cannot find the file specified.
Error setting security on c:\program files\common files\speechengines\microsoft\tts.
Configure c:\programdata\microsoft\windows\drm.
Configure c:\programdata\microsoft\windows\drm\cache.
Configure c:\windows\repair\default.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\default.
Configure c:\windows\repair\ntuser.dat.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\ntuser.dat.
Configure c:\windows\repair\sam.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\sam.
Configure c:\windows\repair\security.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\security.
Configure c:\windows\repair\software.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\software.
Configure c:\windows\repair\system.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\system.
Configure c:\windows\system32\windows media.
Warning 2: The system cannot find the file specified.
Error setting security on c:\windows\system32\windows media.
Configure c:\windows\syswow64\export.
Warning 2: The system cannot find the file specified.
Error setting security on c:\windows\syswow64\export.
Configure c:\windows\syswow64\ias.
File Security configuration was completed successfully.
----Configure General Service Settings...
Configure sysmonlog.
Error 1060: The specified service does not exist as an installed service.
Error opening sysmonlog.
Configure SamSs.
Configure ntmssvc.
Error 1060: The specified service does not exist as an installed service.
Error opening ntmssvc.
Configure netddedsdm.
Error 1060: The specified service does not exist as an installed service.
Error opening netddedsdm.
Configure netdde.
Error 1060: The specified service does not exist as an installed service.
Error opening netdde.
Configure dmserver.
Error 1060: The specified service does not exist as an installed service.
Error opening dmserver.
Configure clipsrv.
Error 1060: The specified service does not exist as an installed service.
Error opening clipsrv.
Configure Browser.
General Service configuration was completed successfully.
----Configure available attachment engines...
Configuration of attachment engines was completed successfully.
----Configure Security Policy...
Configure password information.
Administrator account is disabled.
Guest account is disabled.
System Access configuration was completed successfully.
LSA anonymous lookup names setting : existing SD = D
A;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17).
LSA anonymous lookup names setting : computed SD = DD;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17).
Configure LSA anonymous lookup setting.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
Configure machine\software\microsoft\windows\currentversion\policies\system\scforceoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
Configure machine\software\microsoft\windows\currentversion\policies\system\undockwithoutlogon.
Configure machine\software\policies\microsoft\windows\safer\codeidentifiers\authenticodeenabled.
Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.
Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.
Configure machine\system\currentcontrolset\control\lsa\disabledomaincreds.
Configure machine\system\currentcontrolset\control\lsa\everyoneincludesanonymous.
Configure machine\system\currentcontrolset\control\lsa\fipsalgorithmpolicy\enabled.
Configure machine\system\currentcontrolset\control\lsa\forceguest.
Configure machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Configure machine\system\currentcontrolset\control\lsa\nolmhash.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymoussam.
Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
Configure machine\system\currentcontrolset\control\session manager\kernel\obcaseinsensitive.
Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
Configure machine\system\currentcontrolset\control\session manager\protectionmode.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionpipes.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\restrictnullsessaccess.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\ldap\ldapclientintegrity.
Configuration of Registry Values was completed successfully.
Configure log settings.
Audit/Log configuration was completed successfully.
----Configure available attachment engines...
Configuration of attachment engines was completed successfully.
----Un-initialize configuration engine...
Still no event log, (though in my case, the task scheduler still appears to be running, based on things like
backups being run. From the above, though it looks like I am going to have to repair some "fixing" that it did (even though it didn't fix the problem of the event-log service not being able to start..).
Continue reading...
http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/cannot-start-windows-event-log-service-on-windows/e2c218ad-8637-49ee-8023-50eae0e4ddcb
The answer there did not help.
I also found this article:
https://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/c75ae899-d05b-411d-a7f2-00fdd33b8589/event-log-error-4201-errorwmiinstancenotfound?forum=windowscompatibility
--
I tried the reset.cmd which uses subinacl to add full rights to registry and subdir keys. It ran quickly to completion -- though I note it "cd's" to a 32-bit based version of the Windows Resource Kits/Tools --
So I'm wondering if it really reset the full registry or just the 32-bit part of it?
I also tried the:
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose >c:\temp\secedit_output.txt
command:
It failed at about 74%:
secedit_output.txt:
Completed 0 percent (0/113) Process Privilege Rights area ^MCompleted 1 percent (1/113) Process Privilege Rights area ^MCompleted 2 percent (2/113) Process Privilege Rights area ^MCompleted 3 percent (3/113) Process Privilege Rights area ^MCompleted 4 percent (4/113) Process Privilege Rights area ^MCompleted 5 percent (5/113) Process Privilege Rights area ^MCompleted 6 percent (6/113) Process Privilege Rights area ^MCompleted 7 percent (7/113) Process Privilege Rights area ^MCompleted 7 percent (8/113) Process Privilege Rights area ^MCompleted 8 percent (9/113) Process Privilege Rights area ^MCompleted 9 percent (10/113) Process Privilege Rights area ^MCompleted 10 percent (11/113) Process Privilege Rights area ^MCompleted 11 percent (12/113) Process Privilege Rights area ^MCompleted 14 percent (15/113) Process Privilege Rights area
^MCompleted 14 percent (15/113) Process Group Membership area ^MCompleted 15 percent (16/113) Process Group Membership area ^MCompleted 27 percent (30/113) Process Group Membership area ^MCompleted 27 percent (30/113) Process Registry Keys area ^MCompleted 28 percent (31/113) Process Registry Keys area ^MCompleted 29 percent (32/113) Process Registry Keys area ^MCompleted 30 percent (33/113) Process Registry Keys area ^MCompleted 30 percent (34/113) Process Registry Keys area ^MCompleted 31 percent (35/113) Process Registry Keys area ^MCompleted 32 percent (36/113) Process Registry Keys area ^MCompleted 32 percent (36/113) Process File Security area ^MCompleted 33 percent (37/113) Process File Security area ^MCompleted 34 percent (38/113) Process File Security area ^MCompleted 35 percent (39/113) Process File Security area ^MCompleted 36 percent (40/113) Process File Security area ^MCompleted 37 percent (41/113) Process File Security area ^MCompleted 38 percent (42/113) Process File Security area ^MCompleted 38 percent (43/113) Process File Security area ^MCompleted 39 percent (44/113) Process File Security area ^MCompleted 40 percent (45/113) Process File Security area ^MCompleted 41 percent (46/113) Process File Security area ^MCompleted 42 percent (47/113) Process File Security area ^MCompleted 43 percent (48/113) Process File Security area ^MCompleted 44 percent (49/113) Process File Security area ^MCompleted 44 percent (49/113) Process Services area ^MCompleted 45 percent (50/113) Process Services area ^MCompleted 46 percent (51/113) Process Services area ^MCompleted 46 percent (52/113) Process Services area ^MCompleted 47 percent (53/113) Process Services area ^MCompleted 48 percent (54/113) Process Services area ^MCompleted 49 percent (55/113) Process Services area ^MCompleted 50 percent (56/113) Process Services area ^MCompleted 51 percent (57/113) Process Services area ^MCompleted 53 percent (59/113) Process Services area ^MCompleted 57 percent (64/113) Process Services area ^MCompleted 57 percent (64/113) Process Security Policy area ^MCompleted 60 percent (67/113) Process Security Policy area ^MCompleted 63 percent (71/113) Process Security Policy area ^MCompleted 66 percent (74/113) Process Security Policy area ^MCompleted 69 percent (77/113) Process Security Policy area ^MCompleted 73 percent (82/113) Process Security Policy area ^M
An extended error has occurred.^M
The task has completed with an error.
See log %windir%\security\logs\scesrv.log for detail info.
I also tried "scf /scannow", and it put out:
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 31% complete.
Windows Resource Protection could not perform the requested operation.
The scesrv.log contents shows errors, but for services that don't exist and that I've never seen.
It also looks like it removed various Debug and interactive login privileges from my home-domain
account (try to use home-domain to have 1-login my 2 win-machines and linux machine -- it
usually works, but doesn't seem likely if this report blocks interactive login...?!?
Not sure why it removed users (like me) from the USERS group either:
here's the file:
-------------------------------------------
Tuesday, June 07, 2016 7:22:49 PM
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
----Configure User Rights...
SeImpersonatePrivilege must be assigned to administrators. This setting is adjusted.
SeImpersonatePrivilege must be assigned to SERVICE. This setting is adjusted.
Configure S-1-5-18.
remove SeTcbPrivilege.
remove SeIncreaseQuotaPrivilege.
Configure S-1-5-21-33333-77777-33333-201.
remove SeInteractiveLogonRight.
Configure S-1-5-21-33333-77777-33333-5013.
remove SeDebugPrivilege.
remove SeInteractiveLogonRight.
Configure S-1-5-21-33333-77777-33333-512.
remove SeInteractiveLogonRight.
Configure S-1-5-32-547.
remove SeDebugPrivilege.
remove SeCreateSymbolicLinkPrivilege.
Configure S-1-5-32-568.
remove SeBatchLogonRight.
remove SeImpersonatePrivilege.
Configure S-1-5-19.
remove SeServiceLogonRight.
Configure S-1-5-20.
remove SeServiceLogonRight.
Configure S-1-5-32-544.
remove SeLockMemoryPrivilege.
remove SeServiceLogonRight.
remove SeIncreaseWorkingSetPrivilege.
Configure S-1-5-32-551.
Configure S-1-5-32-559.
Configure S-1-5-32-545.
remove SeCreateSymbolicLinkPrivilege.
Configure S-1-1-0.
Configure S-1-5-6.
Configure S-1-5-21-1885695451-752926663-1105222378-501.
Configure S-1-5-32-555.
Configure S-1-5-80-0.
Configure S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420.
User Rights configuration was completed successfully.
----Configure Group Membership...
Configure Users.
remove Athenae\law.
remove Athenae\ASPNET.
remove BLISS\Domain Users.
Group Membership configuration was completed successfully.
----Configure 64-bit Registry Keys...
Configure users\.default.
Configure machine\software.
Configure machine\software\classes.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\classes\7-Zip.AccDictionary.3.
Configuration of Registry Keys was completed with one or more errors.
----Configure 32-bit Registry Keys...
Configure machine\software.
Configure machine\software\classes.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\classes\7-Zip.AccDictionary.3.
Configuration of Registry Keys was completed with one or more errors.
----Configure File Security...
Configure c:\program files\common files\speechengines\microsoft\tts.
Warning 2: The system cannot find the file specified.
Error setting security on c:\program files\common files\speechengines\microsoft\tts.
Configure c:\programdata\microsoft\windows\drm.
Configure c:\programdata\microsoft\windows\drm\cache.
Configure c:\windows\repair\default.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\default.
Configure c:\windows\repair\ntuser.dat.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\ntuser.dat.
Configure c:\windows\repair\sam.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\sam.
Configure c:\windows\repair\security.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\security.
Configure c:\windows\repair\software.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\software.
Configure c:\windows\repair\system.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\system.
Configure c:\windows\system32\windows media.
Warning 2: The system cannot find the file specified.
Error setting security on c:\windows\system32\windows media.
Configure c:\windows\syswow64\export.
Warning 2: The system cannot find the file specified.
Error setting security on c:\windows\syswow64\export.
Configure c:\windows\syswow64\ias.
File Security configuration was completed successfully.
----Configure General Service Settings...
Configure sysmonlog.
Error 1060: The specified service does not exist as an installed service.
Error opening sysmonlog.
Configure SamSs.
Configure ntmssvc.
Error 1060: The specified service does not exist as an installed service.
Error opening ntmssvc.
Configure netddedsdm.
Error 1060: The specified service does not exist as an installed service.
Error opening netddedsdm.
Configure netdde.
Error 1060: The specified service does not exist as an installed service.
Error opening netdde.
Configure dmserver.
Error 1060: The specified service does not exist as an installed service.
Error opening dmserver.
Configure clipsrv.
Error 1060: The specified service does not exist as an installed service.
Error opening clipsrv.
Configure Browser.
General Service configuration was completed successfully.
----Configure available attachment engines...
Configuration of attachment engines was completed successfully.
----Configure Security Policy...
Configure password information.
Administrator account is disabled.
Guest account is disabled.
System Access configuration was completed successfully.
LSA anonymous lookup names setting : existing SD = D
A;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17).LSA anonymous lookup names setting : computed SD = D
D;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17).Configure LSA anonymous lookup setting.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
Configure machine\software\microsoft\windows\currentversion\policies\system\scforceoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
Configure machine\software\microsoft\windows\currentversion\policies\system\undockwithoutlogon.
Configure machine\software\policies\microsoft\windows\safer\codeidentifiers\authenticodeenabled.
Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.
Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.
Configure machine\system\currentcontrolset\control\lsa\disabledomaincreds.
Configure machine\system\currentcontrolset\control\lsa\everyoneincludesanonymous.
Configure machine\system\currentcontrolset\control\lsa\fipsalgorithmpolicy\enabled.
Configure machine\system\currentcontrolset\control\lsa\forceguest.
Configure machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Configure machine\system\currentcontrolset\control\lsa\nolmhash.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymoussam.
Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
Configure machine\system\currentcontrolset\control\session manager\kernel\obcaseinsensitive.
Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
Configure machine\system\currentcontrolset\control\session manager\protectionmode.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionpipes.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\restrictnullsessaccess.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\ldap\ldapclientintegrity.
Configuration of Registry Values was completed successfully.
Configure log settings.
Audit/Log configuration was completed successfully.
----Configure available attachment engines...
Configuration of attachment engines was completed successfully.
----Un-initialize configuration engine...
Still no event log, (though in my case, the task scheduler still appears to be running, based on things like
backups being run. From the above, though it looks like I am going to have to repair some "fixing" that it did (even though it didn't fix the problem of the event-log service not being able to start..).
Continue reading...
