"David Wang" wrote:

> The best way to resolve this will be for you to open a support ticket
> with Microsoft PSS to get an explanation/fix.
>
> IIS6 is not installed by default so the C2 complaince team couldn't
> have known. I can also tell you that C2 complaince was not on the IIS6
> team's radar during development, so it is very possible that we are
> inadvertently spamming the audit.
>
> The support ticket is the only way you can make forward progress. We
> can discuss it all day, but without the support ticket, no change will
> happen.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
>
>
>
> On Apr 17, 6:36 am, TimG <fullho...@newsgroup.nospam> wrote:
> > I have browsed many of Eric's discussions on auditing in the past (including
> > the one David referenced) and have found them very useful, unfortunately we
> > are required to have C2 compliant auditing enabled and provide justification
> > for any deviations.
> >
> > Is there a reason that Network Service is attempting to get all these access
> > rights to the Disallowed key for IIS?
> >
> > --
> > Thanks,
> >
> > Tim
> >
> >
> >
> > ""WenJun Zhang[msft]"" wrote:
> > > Hi Tim,
> >
> > > I agree with David. You should be able to safely ignore these access denied
> > > failures and stop auditting to avoid the security events. Network Service
> > > account should only requires Read permission on these certificate store
> > > related registry entities. By default, Local Users group already has the
> > > Read permission. So SSL stuff is working fine, you do not need to change
> > > anything or grant rights to the account.
> >
> > > Please update here if you have any further concern on this.
> >
> > > Thanks.
> >
> > > Sincerely,
> >
> > > WenJun Zhang
> >
> > > Microsoft Online Community Support
> >
> > > Delighting our customers is our #1 priority. We welcome your comments and
> > > suggestions about how we can improve the support we provide to you. Please
> > > feel free to let my manager know what you think of the level of service
> > > provided. You can send feedback directly to my manager at:
> > > msd...@microsoft.com.
> >
> > > ==================================================
> > > Get notification to my posts through email? Please refer to
> > >http://msdn.microsoft.com/subscriptions/managednewsgroups/default.asp...
> > > ications.
> >
> > > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> > > where an initial response from the community or a Microsoft Support
> > > Engineer within 1 business day is acceptable. Please note that each follow
> > > up response may take approximately 2 business days as the support
> > > professional working with you may need further investigation to reach the
> > > most efficient resolution. The offering is not appropriate for situations
> > > that require urgent, real-time or phone-based interactions or complex
> > > project analysis and dump analysis issues. Issues of this nature are best
> > > handled working with a dedicated Microsoft Support Engineer by contacting
> > > Microsoft Customer Support Services (CSS) at
> > >http://msdn.microsoft.com/subscriptions/support/default.aspx.
> > > ==================================================
> > > This posting is provided "AS IS" with no warranties, and confers no rights.- Hide quoted text -
> >
> > - Show quoted text -
>