Dynamics Community Forum Thread Details

Hi Community,

I have a problem with the setup of all our inbound interfaces
using the file system adapter.

A user put a xml file in the inbound directory (which is in our case also a FTP subfolder) and the file is not imported.

In the exception screen we have the following error message :

File \\10.152.49.4\share\Offline\6563\In\OFL_6563_20100721_091836_SDXOf_PurchaseOrdersCatalog2.xml cannot be read because the submitting user could not be determined. The default owner for objects created by members of the Administrators group must be set to the object creator.

I found the following article on Technet : http://technet.microsoft.com/en-us/library/aa834326.aspx
but i couldn't apply the procedure explained because i don't see the below property on the server:
System Objects: Default owner for objects created by members of the administrator's group

We are using Windows 2008 on every server (AOS, FTP ...).

Thx for your help.

You are right. This option has been changed in windows server 2008. Do the following steps to setup to get the same effect..

might be lengthy but no choice as the concept of object owner/creator has changed in windows server 2008.

How to manage in windows server 2008 – Option 1:
1. Log on to the Windows Server 2008 as a local administrator.
2. Make a backup copy of the c:\windows\inf\Sceregvl.inf file (security template containing system objects security policies) and save it somewhere safe and securely.
3. The Sceregvl.inf file was owned by the internal user TrustedInstaller and the local Administrators group only had 'Read and execute' and 'Read' only access to the file. So first, take ownership of the file and then gave it full access rights in order to edit it successfully:
Using windows explorer, secondary mouse click on the c:\windows\inf\Sceregvl.inf file and select 'Properties'
Click on the 'Security' tab
Click the 'Advanced' button
Click the 'Owner' tab
Click the 'Edit...' button
Under "Change Owner to:" box, highlight the 'Administrators' group and click on OK
Read the Windows Security message window that pops up and click on
Click OK to close "Advanced Security Settings for Sceregvl.inf" form.
Click OK to close "Sceregvl.inf Properties" form.
4. Give the local Administrators group 'Full Access' to the Sceregvl.inf file:

Using windows explorer secondary mouse click on the c:\windows\inf\Sceregvl.inf file and select 'Properties'
Click on the 'Security' tab
Click on the 'Edit...' button
Under "Group or User names:" box, highlight the 'Administrators' group
Under the "Permissions for Administrators:" box select 'Full control', under the Allow column and click OK
Click OK to close "Sceregvl.inf Properties" form.
5. Next we edit the c:\windows\inf\Sceregvl.inf file in Notepad and add in the missing setting as follows (in notepad first remove the 'Word Wrap' option in the 'Format' menu if it is selected):
Copy the line below which should all be in one big SINGLE line (with no preceding or trailing white spaces):
MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\nodefaultadminowner,3,"System objects: Default owner for objects created by members of the Administrators group",3,0|Administrators group,1|Object Creator
Paste the line just BELOW the following line in the Sceregvl.inf file:
MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy,4,%SCENoApplyLegacyAuditPolicy%,0
6. Save the changes to the Sceregvl.inf file and exit Notepad.
7. Reset the file ownership and access permissions for c:\windows\inf\Sceregvl.inf file back to the defaults:
Using windows explorer secondary mouse click on the c:\windows\inf\Sceregvl.inf file and select 'Properties'
Click on the 'Security' tab
Click on the 'Advanced' button
Click on the 'Owner' tab
Click on the 'Edit...' button
Click 'Other users or groups...' button
Click the 'Locations...' button
Under "Locations:" box, highlight our local computer name and click on OK.
n the "Select Users or Group" Form under "Enter the object name to select:" box type in NT SERVICE\TrustedInstaller and click OK
In "Advanced Security Settings for Sceregvl.inf" window, under the "Change Owner to:" box highlight the 'TrustedInstaller' account and click on OK
Read the Windows Security message form that is displayed and click on OK
Click OK to close "Advanced Security Setting for Sceregvl.inf" form
Click OK to close "Sceregvl.inf Properties" form.
8. Reset the file access permissions for c:\windows\inf\Sceregvl.inf file back to the defaults for the local administrators group:
Using windows explorer secondary mouse click on the c:\windows\inf\Sceregvl.inf file and select 'Properties'
Click on the 'Security' tab
Click on the 'Edit...' button
Under "Group or User names:" box, highlight the 'Administrators' group
Under the "Permissions for Administrators:" box and under the 'Allow' column DESELECT all the check boxes and select only 'Read & execute' and 'Read' and click OK
Click OK to close "Sceregvl.inf Properties" form.
9. Next we re-register the client side extension for group policy scecli.dll by running an elevated command prompt and running: REGSVR32 scecli.dll
The regsvr32 message window is displayed. Ensure it was successfully registered and click on OK
10. We are now able to view the Group Policy template "System objects: Default owner for objects created by members of the Administrators group" in the 'Local Security Policy' Administrative Tools MMC (or if it is a domain controller then the template will be visible in the 'Domain Controller Security Policy' Administrative Tools MMC). We were able to set the policy value to "Object Creator" just like we could on a Windows Server 2003 system. How to set the security policy, see the instructions for windows 2003 server.

Problem with AIF Inbound interface setup

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Top 10 leaders for November!

Tips for Writing Effective Verified Answers

Leaderboard

Featured topics

Product updates