Since I just lost three days of my working career to this, I thought I'd share, for the benefit of the archives and web searches.
If you are being required to implement DSS ODAA "Standardization of Baseline Technical Security Configurations", under "User Rights Assignment", for the "Impersonate a client after authentication" (ยง4.6, page 46), do not remove the "SERVICE" Special Identity like they want you to. If you do, all sorts of stuff will stop working. At least, they did on our Win XP box. Symptoms include: Symantec Endpoint Protection anti-virus will no longer start any manual scan. Error message "Scan failed: scan failed to start", or just no response at all. Anything which uses Windows Installer will fail to install/uninstall. In Event Viewer, Warning 1015 from Msilnstaller: "Failed to connect to server. Error: 0x80070005". In Event Viewer, Error 4609 from EventSystem: "The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line 44 of d:\qxp_slp\com\comlx\src\events\tier1\eventsystemobj.cpp". In Event Viewer, Error 8193 from VSS: "Volume Shadow Copy Service error: Unexpected error calling routine CoCreatelnstance. hr = 0x80040206." Hope this helps somebody. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
