Event ID 513 — Shadow Copy System Writer Functionality

Applies To: Windows Server 2008

Shadow Copy automatically creates shadow copies of files and folders to restore a previous version of the file. The Shadow Copy System Writer is used by the cryptographic services provided by the operating system to enumerate and replace system files when the signature of a system file is different from the signature stored in the security catalog database.

Event Details

Product: Windows Operating System
ID: 513
Source: Microsoft-Windows-CAPI2
Version: 6.0
Symbolic Name: MSG_SYSTEMWRITER_ONIDENTITY_FAILURE
Message: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.%1.

Resolve

Modify the access control list on the registration folder

Component Object Model (COM) applications must be able to access the COM+ catalog files that are stored in the COM catalog folder. If the default access control list is changed on the COM catalog folder within the Windows folder, the Shadow Copy System Writer may not work properly.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To modify the access control list on the COM catalog folder:

  1. Click Start, and then click Computer.

  2. Navigate to %systemdrive%\Windows.

    By default, %systemdrive% is located at C:\.

  3. Right-click Registration, click Properties, and then click the Security tab.

  4. Click Advanced, and then click Edit.

  5. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

  6. Click Edit to view the special permissions assigned to this folder.

  7. Ensure that the access control list matches the following criteria:

    • The local Administrators group has Full Control permissions applied to This folder and files.
    • The Everyone group has List folder/read data, Read attributes, Read extended attributes, and Read permissions applied to This folder and files.
    • The local SYSTEM account has Full Control permissions applied to This folder and files.
  8. If the permissions on this folder do not match what is listed in this procedure, make the appropriate changes, and then click OK.

Verify

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To verify that the Shadow Copy System Writer is working properly:

  1. Click Start, point to All Programs, and then click Accessories.
  2. Right-click Command Prompt, and then click Run as administrator.
  3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  4. In the command prompt window, type vssadmin list writers.
  5. Ensure that Writer Name: 'System Writer' is displayed in the list.

Shadow Copy System Writer Functionality

Core Security