WMF 5.0 DSC ConfigurationStatus Folder Permissions

Hi ,

I’m trying to use ElasticSearch to send logs from C:\Windows\System32\Configuration\ConfigurationStatus .

Filebeat which is the part of ElasticSearch is running as a service under Local System account .

When I copy ConfigurationStatus Folder to C drive and point filebeat to send those logs it works .

Is there some extra security settings on “C:\Windows\System32\Configuration\ConfigurationStatus” that prevents the access ?



Yes it has different security settings than default system settings. You can see the security settings using get-acl

(get-acl $env:windir\system32\configuration\configurationstatus).AccessToString

@Nitin: Isn’t the LCM itself running as local system ?
why would then, other services using local system, have issues accessing that folder ?

Yes, LCM is running as Local System and any process/service running as Local System can access ConfigurationStatus folder. I was trying to make a point that this folder has different security settings than System32 folder.
I am able to copy the files as Local System outside of DSC using Task scheduler. I am not sure how Filebeat is copying files though.

I had to share “C:\Windows\System32\Configuration\ConfigurationStatus” folder and then point filebeat to \localhost\ and the logs appeared in ElasticSearch !!

Thanks for help !