We’ve got a situation where we do a CreateProcess, and get back an error
5, ACCESS DENIED.
This occurs from a Command Prompt, and from a service of ours, BUT I can
run the same
process from Start/Run, e.g., Start/Run/calc works, Start/Run/cmd works,
but typing
calc or C:\winnt\system\calc.exe in the command window fails. (calc.exe
is of course just one example)
We turned up security logging, and ran ntfilmon, ntregmon, ntprocessmon,
nttokenmon.
In the failure case, we see it successfully open/close the file
calc.exe, but get no
output from ntprocessmon or nttokenmon. (From start/run we see it do the
normal
things you’d expect. ) ntregmon was dumping out a lot of stuff, but
nothing looked
suspicious.
This seems to occur at boot time, but we are able to log in. A reboot
often seems to clear it.
Can anyone explain the ways that CreateProcess can fail with this set
of (or lack of) symptoms?
Also, the product will not have a monitor, but we do have a video card.
We run a
program called SymRemote to allow use to get a screen image over the
net. It
seems that when we get this failure, we can get in via SymRemote, and
everything
looks normal (except not being able to run anything), but the monitor
itself is black.
[ Since SymRemote will black out the monitor if there is a remote
connection,
there is some doubt as to cause and effect on this symptom. ]
Any ideas?
-DH