Export (0) Print
Expand All

Security Configuration

Updated: November 25, 2009

Applies To: Windows Server 2008 R2

The Security Accounts Manager (SAM) is a service that is used during the logon process. The SAM maintains user account information, including groups to which a user belongs. The SAM is attempting to secure the computer accounts by removing the default Full Control permissions, which are assigned to the Builtin Account Operators group, from the access control entry (ACE) of a computer account.

Events

Event ID Source Message

16935

SAM

Failed to secure the machine account %1. Have an administrator remove full control for the builtin\account operators access control entry from the security descriptor of this object.

16936

SAM

Failed to secure the machine account %1. This operation will be retried. Have an administrator verify that full control was removed for the builtin\account operators access control entry for the security descriptor of this object.

16937

SAM

Secured the computer account %1. Full control was removed for the builtin\account operators acess control entry for the security descriptor of this object.

Related Management Information

Database/Configuration

Active Directory

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2015 Microsoft