Hello, we're testing a "least privilege" farm setup of SharePoint 2007 on Windows Server 2003 with the high security template applied.Everything seems to be working fine, but in the security logs, we're having large numbers of the following audit failure (MyUser is the non-admin user used as the Farm Account): Event Type:Failure AuditEvent Source:SecurityEvent Category:Object Access Event ID:560Date:7/05/2008Time:15:53:14User:MyDomain\MyUserComputer:MyWFEServerDescription:Object Open:Object Server:SC ManagerObject Type:SERVICE OBJECTObject Name:RemoteAccessHandle ID:-Operation ID:{0,15055992}Process ID:428Image File Name:C:\WINDOWS\system32\services.exePrimary User Name:MyWFEServer$Primary Domain:MyDomainPrimary Logon ID:(0x0,0x3E7)Client User Name:MyUserClient Domain:MyDomainClient Logon ID:(0x0,0x1476E)Accesses:Query status of service Privileges:-Restricted Sid Count:0Access Mask:0x4 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The RemoteAccess service is configured as follows (from GPMC): Routing and Remote Access (Startup Mode: Disabled)PermissionsType Name Permission Allow BUILTIN\Administrators Full Control AllowNT AUTHORITY\INTERACTIVE Read Allow NT AUTHORITY\SYSTEM Full Control AuditingType Name Access Failure Everyone Full Control Instead of RemoteAccess, there's also RasMan and WinHTTPAutoProxySvc. On the following blog post, I've found a reference to a similar problem occuring on an SBS: http://groups.google.com/group/microsoft.public.windows.server.sbs/browse_thread/thread/35a9df80331e5916 The event indicated that the NETWORK SERVICE account attempted to start the WinHttpAutoProxySvc service. Since the NETWORK SERVICE does not have the permission on operating the particular service, the failure audit event would be logged. The service startup request seems to be initiated by the SharePoint component. Referring to our internal documents, this appears to be a code design of the SharePoint services. Is there any documentation on what services are queried by the SharePoint services, so I can add the necessary read permissions to the security settings? Thanks very much for your help, Regards, Bert Van Landeghem.

I realize this is a bit after the fact, and more than a year old, but after installing for a customer on 32 bit Windows Server 2003, using Kerberos w/ 6 service accounts, I've encountered the same issue. Loss of functinality includes the inablility to start the search service from the "Services on Server" page, and the inability to manage the Search Service Provider, including file types, crawl schedules, profile import, etc. Adding the service accounts to the local administrators group worked for a short time.