Disclaimer: All postings are provided "AS IS" with no warranties, and confer no rights. This weblog does not represent the thoughts, intentions, plans or strategies of Microsoft. Because a weblog is intended to provide a semi-permanent point-in-time snapshot, you should not consider out of date posts to reflect current thoughts and opinions.
This is a collection of non-CLM specific permissions and user rights which affect the operation of CLM 2007 and FIM2010 (CM part).These are commonly seen in scenarios where security hardening has been performed on the DC's or the member servers or if specific users have been placed in 'protected' OU's where access to them has been restricted.
CLM Event log:
Event Type: Error
Event Source: System.Web
Event Category: None
Event ID: 0
Inner Exception:Message: A required privilege is not held by the client. (Exception from HRESULT: 0x80070522)
Type System.Runtime.InteropServices.COMExceptionReason: A CLM thread or process is failing to read from or write to the custom CLM event log. Temporarily adding the CLM account to the Backup Operators group on the server is a quick way of testing if this is the case (restart the CLM server afterwards). If this resolves the problem then you may need to take a closer look at the ACL's on the CLM event log service (permanently granting the SEBackupPrivilege to the CLM service accounts is a bit of an overkill permissions-wise).
Client, service, and program incompatibilities that may occur when you modify security settings and user rights assignmentshttp://support.microsoft.com/kb/823659
How to set event log security locally or by using Group Policy in Windows Server 2003http://support.microsoft.com/kb/323076
Thanks for the info - we use SSLF baseline GPO's & will need to take this into account.