Dell PE2950 server, Win2003 R2 SP2, 64 bit Xeon, domain controller, current
windows updates. Security Configuration Wizard gets the error.
Extension NameMicrosoft.OS.Services - 0x80070005 Error configuring
C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf Access is denied.
Running as domain admin, security shows full control of file/dir. Turned
off anti-virus pgm, didn't help. Searching shows other folks with the same
error but no resolutions. Any suggestions?
Process monitor shows the following. Note the Buffer Overflow and Name
Invalid lines...
135300 11:00:27.4559951
AM services.exe 400 ReadFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS Offset:
0, Length: 4,096, I/O Flags: Non-cached
135301 11:00:27.4561061
AM services.exe 400 ReadFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS Offset:
4,096, Length: 4,096, I/O Flags: Non-cached
135302 11:00:27.4562143
AM services.exe 400 CloseFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS
135304 11:00:27.4566644
AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS Desired
Access: Generic Read, Disposition: Open, Options: Write Through, No
Buffering, Non-Directory File, Attributes: N, ShareMode: Read,
AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened
135305 11:00:27.4568190
AM services.exe 400 QueryInformationVolume C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS VolumeCreationTime:
8/14/2007 3:52:20 PM, VolumeSerialNumber: 9063-CE5A, SupportsObjects: True,
VolumeLabel: OS
135306 11:00:27.4568414
AM services.exe 400 QueryAllInformationFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb BUFFER
OVERFLOW CreationTime: 12/6/2007 10:42:24 AM, LastAccessTime: 12/6/2007
11:00:27 AM, LastWriteTime: 12/6/2007 11:00:27 AM, ChangeTime: 12/6/2007
11:00:27 AM, FileAttributes: A, AllocationSize: 1,056,768, EndOfFile:
1,056,768, NumberOfLinks: 1, DeletePending: False, Directory: False,
IndexNumber: 0x900000000596c, EaSize: 0, Access: Generic Read, Position: 0,
Mode: Write Through, No Buffering, AlignmentRequirement: Byte
135307 11:00:27.4571977
AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS Desired
Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous
IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write,
AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened
135308 11:00:27.4572666
AM services.exe 400 CloseFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS
135310 11:00:27.4576070
AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS Desired
Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous
IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a,
Impersonating: GTI\_admin, OpenResult: Opened
135311 11:00:27.4576730
AM services.exe 400 CloseFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS
135313 11:00:27.4580079
AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS Desired
Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous
IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a,
Impersonating: GTI\_admin, OpenResult: Opened
135314 11:00:27.4580655
AM services.exe 400 DeviceIoControl C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb FAST
IO DISALLOWED Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME
135315 11:00:27.4580792
AM services.exe 400 DeviceIoControl C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb INVALID
PARAMETER Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME
135316 11:00:27.4580989
AM services.exe 400 CloseFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb SUCCESS
135318 11:00:27.4584583
AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles\Services.inf5ac90887-f869-4cb6-ae96-892e939a90ad.sdb NAME
INVALID Desired Access: Read Attributes, Synchronize, Disposition: Open,
Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point,
Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:
GTI\_admin
135319 11:00:27.4587925
AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles IS
DIRECTORY Desired Access: Read Attributes, Synchronize, Disposition: Open,
Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a,
ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin
135320 11:00:27.4591258
AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles SUCCESS Desired
Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous
IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode:
Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult:
Opened
135321 11:00:27.4591870
AM services.exe 400 FileSystemControl C:\WINDOWS\security\msscw\ConfigureFiles NOT REPARSE POINT Control: FSCTL_GET_REPARSE_POINT
135322 11:00:27.4592152
AM services.exe 400 CloseFile C:\WINDOWS\security\msscw\ConfigureFiles SUCCESS
135324 11:00:27.4595462
AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles SUCCESS Desired
Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous
IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a,
Impersonating: GTI\_admin, OpenResult: Opened
135325 11:00:27.4596041
AM services.exe 400 CloseFile C:\WINDOWS\security\msscw\ConfigureFiles SUCCESS
135327 11:00:27.4599272
AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles SUCCESS Desired
Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous
IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a,
Impersonating: GTI\_admin, OpenResult: Opened
135328 11:00:27.4599813
AM services.exe 400 DeviceIoControl C:\WINDOWS\security\msscw\ConfigureFiles FAST IO DISALLOWED Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME
135329 11:00:27.4599943
AM services.exe 400 DeviceIoControl C:\WINDOWS\security\msscw\ConfigureFiles INVALID PARAMETER Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME
135330 11:00:27.4600137
AM services.exe 400 CloseFile C:\WINDOWS\security\msscw\ConfigureFiles SUCCESS
135332 11:00:27.4603452
AM services.exe 400 CreateFile C:\WINDOWS\security\msscw\ConfigureFiles SUCCESS Desired
Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous
IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode:
Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult:
Opened
135333 11:00:27.4604027
AM services.exe 400 FileSystemControl C:\WINDOWS\security\msscw\ConfigureFiles NOT REPARSE POINT Control: FSCTL_GET_REPARSE_POINT
135334 11:00:27.4604269
AM services.exe 400 CloseFile C:\WINDOWS\security\msscw\ConfigureFiles SUCCESS
135336 11:00:27.4607572
AM services.exe 400 CreateFile C:\WINDOWS\security\msscw IS DIRECTORY Desired
Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous
IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write,
AllocationSize: n/a, Impersonating: GTI\_admin
135337 11:00:27.4610823
AM services.exe 400 CreateFile C:\WINDOWS\security\msscw SUCCESS Desired
Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous
IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode:
Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult:
Opened
135338 11:00:27.4611404
AM services.exe 400 FileSystemControl C:\WINDOWS\security\msscw NOT REPARSE
POINT Control: FSCTL_GET_REPARSE_POINT
135339 11:00:27.4611650
AM services.exe 400 CloseFile C:\WINDOWS\security\msscw SUCCESS
135341 11:00:27.4614931
AM services.exe 400 CreateFile C:\WINDOWS\security\msscw SUCCESS Desired
Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous
IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a,
Impersonating: GTI\_admin, OpenResult: Opened
135342 11:00:27.4615502
AM services.exe 400 CloseFile C:\WINDOWS\security\msscw SUCCESS
135344 11:00:27.4618738
AM services.exe 400 CreateFile C:\WINDOWS\security\msscw SUCCESS Desired
Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous
IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a,
Impersonating: GTI\_admin, OpenResult: Opened
135345 11:00:27.4619319
AM services.exe 400 DeviceIoControl C:\WINDOWS\security\msscw FAST IO
DISALLOWED Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME
135346 11:00:27.4619441
AM services.exe 400 DeviceIoControl C:\WINDOWS\security\msscw INVALID
PARAMETER Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME
135347 11:00:27.4619631
AM services.exe 400 CloseFile C:\WINDOWS\security\msscw SUCCESS
135349 11:00:27.4622884
AM services.exe 400 CreateFile C:\WINDOWS\security\msscw SUCCESS Desired
Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous
IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode:
Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult:
Opened
135350 11:00:27.4623455
AM services.exe 400 FileSystemControl C:\WINDOWS\security\msscw NOT REPARSE
POINT Control: FSCTL_GET_REPARSE_POINT
135351 11:00:27.4623699
AM services.exe 400 CloseFile C:\WINDOWS\security\msscw SUCCESS
135353 11:00:27.4626374
AM services.exe 400 CreateFile C:\WINDOWS\security IS DIRECTORY Desired
Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous
IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write,
AllocationSize: n/a, Impersonating: GTI\_admin
135354 11:00:27.4628964
AM services.exe 400 CreateFile C:\WINDOWS\security SUCCESS Desired Access:
Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO
Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode:
Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult:
Opened
135355 11:00:27.4629544
AM services.exe 400 FileSystemControl C:\WINDOWS\security NOT REPARSE
POINT Control: FSCTL_GET_REPARSE_POINT
135356 11:00:27.4629786
AM services.exe 400 CloseFile C:\WINDOWS\security SUCCESS
135358 11:00:27.4632413
AM services.exe 400 CreateFile C:\WINDOWS\security SUCCESS Desired Access:
Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO
Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a,
Impersonating: GTI\_admin, OpenResult: Opened
135359 11:00:27.4632980
AM services.exe 400 CloseFile C:\WINDOWS\security SUCCESS
135361 11:00:27.4635587
AM services.exe 400 CreateFile C:\WINDOWS\security SUCCESS Desired Access:
Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO
Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a,
Impersonating: GTI\_admin, OpenResult: Opened
135362 11:00:27.4636129
AM services.exe 400 DeviceIoControl C:\WINDOWS\security FAST IO
DISALLOWED Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME
135363 11:00:27.4636250
AM services.exe 400 DeviceIoControl C:\WINDOWS\security INVALID
PARAMETER Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME
135364 11:00:27.4636442
AM services.exe 400 CloseFile C:\WINDOWS\security SUCCESS
135366 11:00:27.4639080
AM services.exe 400 CreateFile C:\WINDOWS\security SUCCESS Desired Access:
Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO
Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode:
Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult:
Opened
135367 11:00:27.4639645
AM services.exe 400 FileSystemControl C:\WINDOWS\security NOT REPARSE
POINT Control: FSCTL_GET_REPARSE_POINT
135368 11:00:27.4639883
AM services.exe 400 CloseFile C:\WINDOWS\security SUCCESS
135370 11:00:27.4641796 AM services.exe 400 CreateFile C:\WINDOWS IS
DIRECTORY Desired Access: Read Attributes, Synchronize, Disposition: Open,
Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a,
ShareMode: Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin
135371 11:00:27.4643750
AM services.exe 400 CreateFile C:\WINDOWS SUCCESS Desired Access: Read
Attributes, Synchronize, Disposition: Open, Options: Synchronous IO
Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode:
Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult:
Opened
135372 11:00:27.4644316 AM services.exe 400 FileSystemControl C:\WINDOWS NOT
REPARSE POINT Control: FSCTL_GET_REPARSE_POINT
135373 11:00:27.4644561 AM services.exe 400 CloseFile C:\WINDOWS SUCCESS
135375 11:00:27.4646433
AM services.exe 400 CreateFile C:\WINDOWS SUCCESS Desired Access: Read
Attributes, Synchronize, Disposition: Open, Options: Synchronous IO
Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a,
Impersonating: GTI\_admin, OpenResult: Opened
135376 11:00:27.4646991 AM services.exe 400 CloseFile C:\WINDOWS SUCCESS
135378 11:00:27.4648943
AM services.exe 400 CreateFile C:\WINDOWS SUCCESS Desired Access: Read
Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert,
Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:
GTI\_admin, OpenResult: Opened
135379 11:00:27.4649495 AM services.exe 400 DeviceIoControl C:\WINDOWS FAST
IO DISALLOWED Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME
135380 11:00:27.4649615
AM services.exe 400 DeviceIoControl C:\WINDOWS INVALID PARAMETER Control:
IOCTL_MOUNTDEV_QUERY_DEVICE_NAME
135381 11:00:27.4649804 AM services.exe 400 CloseFile C:\WINDOWS SUCCESS
135383 11:00:27.4651681
AM services.exe 400 CreateFile C:\WINDOWS SUCCESS Desired Access: Read
Attributes, Synchronize, Disposition: Open, Options: Synchronous IO
Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode:
Read, Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult:
Opened
135384 11:00:27.4652229 AM services.exe 400 FileSystemControl C:\WINDOWS NOT
REPARSE POINT Control: FSCTL_GET_REPARSE_POINT
135385 11:00:27.4652472 AM services.exe 400 CloseFile C:\WINDOWS SUCCESS
135387 11:00:27.4654220 AM services.exe 400 CreateFile C:\ SUCCESS Desired
Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO
Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: Read,
Write, AllocationSize: n/a, Impersonating: GTI\_admin, OpenResult: Opened
135388 11:00:27.4654753
AM services.exe 400 QuerySizeInformationVolume C:\ SUCCESS TotalAllocationUnits:
17,739,776, AvailableAllocationUnits: 10,030,997, SectorsPerAllocationUnit:
8, BytesPerSector: 512
135389 11:00:27.4654967 AM services.exe 400 CloseFile C:\ SUCCESS
Thanks,
Dough