25th January
2010
If you have issues with ‘Performance Log users’ actually being able to run performance monitors try the below. Just put these settings in a GPO and this should fix your issues. Once your GPO is created, link it to your OU and add the needed users into to ‘Performance Log Users’ group on each server. This worked for me, let me know if you find discrepancies.
The main thing to add is ‘BUILTIN\Performance Log Users’ and ‘NT AUTHORITY\NETWORK SERVICE’ . The rest is what worked for my servers…modify to keep your permissions on your servers.
Performance Logs and Alerts (Startup Mode: Manual)Permissions
Type Name Permission
Allow BUILTIN\Administrators Full Control
Allow NT AUTHORITY\INTERACTIVE Read
Allow NT AUTHORITY\NETWORK SERVICE Full Control
ALLOW BUILTIN\Performance Log Users Full Control
Allow BUILTIN\Performance Monitor Users Full Control
Allow NT AUTHORITY\SYSTEM Full Control
%SystemDrive%\perflogsConfigure this file or folder then: Propage inheritable permissions to all subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objects
Permissions
Type Name Permission Apply To
Allow BUILTIN\Performance Log Users Modify This folder, subfolders and files
Allow BUILTIN\Performance Monitor Users Modify This folder, subfolders and files
%SystemRoot%\system32\perfc009.datConfigure this file or folder then: Propage inheritable permissions to all subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objects
Permissions
Type Name Permission Apply To
Allow BUILTIN\Administrators Full Control This folder, subfolders and files
Allow BUILTIN\Performance Log Users Read and Execute This folder, subfolders and files
Allow BUILTIN\Performance Monitor Users Read and Execute This folder, subfolders and files
Allow NT AUTHORITY\SYSTEM Full Control This folder, subfolders and files
Allow BUILTIN\Users Read and Execute This folder, subfolders and files
%SystemRoot%\system32\perfh009.datConfigure this file or folder then: Propage inheritable permissions to all subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objects
Permissions
Type Name Permission Apply To
Allow BUILTIN\Administrators Full Control This folder, subfolders and files
Allow BUILTIN\Performance Log Users Read and Execute This folder, subfolders and files
Allow BUILTIN\Performance Monitor Users Read and Execute This folder, subfolders and files
Allow NT AUTHORITY\SYSTEM Full Control This folder, subfolders and files
Allow BUILTIN\Users Read and Execute This folder, subfolders and files
Additional perflogs folder (ie e:\perflogs)Configure this file or folder then: Propage inheritable permissions to all subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objects
Permissions
Type Name Permission Apply To
Allow BUILTIN\Performance Log Users Modify This folder, subfolders and files
Allow BUILTIN\Performance Monitor Users Modify This folder, subfolders and filesMACHINE\SOFTWARE\Microsoft\TracingConfigure this key then: Propagate inheritable permissions to all subkeys
Allow inheritable permission from the parent to propagate to this object and all child objects
Permissions
Type Name Permission Apply To
Allow BUILTIN\Performance Log Users Read This key and subkeys
MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerflibConfigure this key then: Propagate inheritable permission to all subkeys
Allow inheritable permission from the parent to propagate to this object and all child objects
Permissions
Type Name Permission Apply To
Allow BUILTIN\Performance Log Users Read This key and subkeys
MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winregConfigure this key then: Replace existing permissions on all subkeys with inheritable permissions
Allow inheritable permission from the parent to propagate to this object and all child objects
Permissions
Type Name Permission Apply To
Allow BUILTIN\Administrators Full Control This key and subkeys
Allow BUILTIN\Performance Log Users Read This key and subkeys
Allow BUILTIN\Performance Monitor Users Read This key and subkeys
MACHINE\SYSTEM\CurrentControlSet\ServicesConfigure this key then: Propagate inheritable permission to all subkeys
Allow inheritable permission from the parent to propagate to this object and all child objects
Permissions
Type Name Permission Apply To
Allow BUILTIN\Performance Log Users Read This key and subkeys
MACHINE\SYSTEM\CurrentControlSet\Serviecs\SysmonLog\Log QueriesConfigure this key then: Propagate inheritable permission to all subkeys
Allow inheritable permission from the parent to propagate to this object and all child objects
Permissions
Type Name Permission Apply To
Allow NT AUTHORITY\NETWORK SERVICE Full Control This key and subkeys
Allow BUILTIN\Performance Log Users Full Control This key and subkeysLeave a Reply
ABOUT
Random thoughts about useless things.
RECENT POSTS
12th February 2010
25th January 2010
17th January 2010
17th January 2010
16th January 2010
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| « Feb | ||||||
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | ||