I am seeing this event logged in the application event file about once each day. From research it seems Remote Access Connection Manager(RASMAN) svchost.exe -k netsvcs is the source of this issue. Also a trojan can be associated with this problem but in my case I don't believe so. I stopped RASMAN service and so far I don't see any effect to my system good or bad.
-
My question is; does anyone have experience with this event and understand it better than I? Has anyone shut off this service? I have read MS comments about RASMAN and its association with Service Pack-2 but would like more input as to system effect if any. Thanks very much.
Running XP-PRO Service Pack-2 with DSL service, ZAP.
-
Following is the event log
--------
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 10/20/2004
Time: 6:20:46 AM
User: NT AUTHORITY\SYSTEM
Computer: xxx-xxx
Description:
Windows saved user xxx-xxx\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
-----------
A seperate set of questions in the same area;
Running Belarc Advisor shows under logins that in addition to my normal user accounts there are NT Authority\local service, NT Authority\network service and NT Authority\system. What are these for any information will help????
Thanks again.
-
My question is; does anyone have experience with this event and understand it better than I? Has anyone shut off this service? I have read MS comments about RASMAN and its association with Service Pack-2 but would like more input as to system effect if any. Thanks very much.
Running XP-PRO Service Pack-2 with DSL service, ZAP.
-
Following is the event log
--------
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 10/20/2004
Time: 6:20:46 AM
User: NT AUTHORITY\SYSTEM
Computer: xxx-xxx
Description:
Windows saved user xxx-xxx\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
-----------
A seperate set of questions in the same area;
Running Belarc Advisor shows under logins that in addition to my normal user accounts there are NT Authority\local service, NT Authority\network service and NT Authority\system. What are these for any information will help????
Thanks again.