Handle to PlugPlaySecurityObject was requested, over and over agai

Discussion in 'Security Software' started by Adam D. Barratt, Dec 19, 2008.

  1. Hi,

    We're in the process of setting up two Windows Server 2008 machines, one to
    be a web server and the other an SQL Server. Having enabled auditing on the
    machines, the SQL Server is continually logging events such as that below, at
    the rate of around 40 every 10 seconds. The process ID referred to is the
    DCOM Launcher (svchost.exe -k DcomLaunch). Is there any way to discover why
    so many events are being generated and, ideally, stop them being generated?

    Thanks,

    Adam

    Sample event:

    A handle to an object was requested.

    Subject:
    Security ID: SYSTEM
    Account Name: MACHINE$
    Account Domain: FOOBAR
    Logon ID: 0x3e7

    Object:
    Object Server: PlugPlayManager
    Object Type: Security
    Object Name: PlugPlaySecurityObject
    Handle ID: 0x0

    Process Information:
    Process ID: 0x318
    Process Name: C:\Windows\System32\svchost.exe

    Access Request Information:
    Transaction ID: {00000000-0000-0000-0000-000000000000}
    Accesses: Unknown specific access (bit 1)

    Access Mask: 0x2
    Privileges Used for Access Check: -
    Restricted SID Count: 0
     
    Adam D. Barratt, Dec 19, 2008
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.