Archive for the 'Uncategorized' Category

Troubleshooting Process Elevation in Privilege Manager

Oct. 12th 2016

Here are some tips when trying to discover why the process elevation feature is not working as expected.

  • Ensure that the rule has been created, has been saved and applied to a Group Policy Object (GPO). Ensure this GPO has been linked to either an OU or the domain.
  • Ensure that the Privilege Authority Client is installed on the client machine by looking in the Add/Remove Programs applet. If WMI is available, you can query the machine by dropping into a command prompt and typing “wmic /node: <fqdn of machine> product get name,version “.  If you need PowerShell, there is a great script located here.
  • From the command prompt, run ‘GPUpdate /force’ to make sure that the Group Policy has been refreshed.
  • Run ‘GPResult’ (or ‘GPResult /R’ on Windows7 or 2008), and check that the GPO the rule belongs to has been applied to that machine.  You can also use the Resultant Set of Policy (RSoP) feature or Group Policy Modeling on the Group Policy Console.  For more info, see here.
  • Check in the registry for the rule. Rules are copied to the key –

HKEY_LOCAL_MACHINE\Software\ScriptLogic Corporation\Privilege Authority\CSE\CSEHost\Host. Under this key you will see a key which is the SID for each user (i.e. S-1-5-21-15….) and then a unique GUID for each rule underneath this. To match the SID to a user account, navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList and look at the data in the ProfileImagePath value or use the script provided below.

You can also create a VB Script using the following script:

Set oShell = CreateObject( “WScript.Shell” )



strComputer = “.”

Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2”)

Set objAccount = objWMIService.Get(“Win32_UserAccount.Name='” & User & “‘,Domain='” & UserDomain & “‘”)

DisplayString = UserDomain & “\” & User & ” = ” & objAccount.SID

Wscript.Echo DisplayString

Wscript.Echo objAccount.SID

  • If the rule is present in the registry, enable logging to troubleshoot further.

 To Enable Logging


Under the registry key HKLM\Software\ScriptLogic Corporation\Privilege Authority\ change ‘LogLevel’ from the default value of 0 to 3 and restart the ScriptLogic Privilege Authority Host Service.  The log files can be found in the folder specified in the ‘InstallPath’ value under this same key. The default log location is C:\ProgramData\Privilege Authority\Logs.

  • Run the application or target process that you have created your rule for. Then go to the log file folder (by default – C:\ProgramData\Privilege Authority\Logs) and open the CSEHostEngine.log file. Every process that is being run by the user will be displayed.  To the right of each process, you will see a “MATCH” or “NO MATCH” status indicating whether or not the process matched a given Privilege Authority rule. Then, do a search for the process that you are trying to elevate and see if there is a match or not.
Posted by LeadThem Consulting | in Uncategorized | No Comments »

The Most Important Aspect of a Notes Migration

Aug. 21st 2013


There are some aspects of a Lotus Notes Migration to Exchange that are more important than others, but they probably aren’t what you would expect.

Over the past five years of doing these mail migrations I’ve found that the most successful migrations come down to three common factors:
1) Good Analysis
2) Extensive Planning
3) Appropriate Expectations

That may seem like a given but sadly it’s far from it.

Good Analysis gives you a true understanding of what your source data is. This lets you plan how long your migrations will take, how many migration machines you need to setup and what kinds of data your actually migrating. In the end, understanding what you have will better prepare you for supporting what you migrate.

Planning seems like it should be easy enough from the start of a migration project. You only need some servers, and the software right? We all wish it were that easy. The reality is that yes, you need the servers and software, but you need to plan for:
• Migration space and expansion for growth on your Exchange server.
• You need to plan for when you need to be done with your migration and how many people per day you need to migrate.
• You need to know how much data you need to migrate per person.
• What kind of data you need to migrate. Do you need only calendar, mail, both?
• How are users going to connect to their new Exchange mailbox? OWA? Outlook Clients?
• How are you going to support your users after they are migrated? What kind of call volume can your support desk handle?
• Can you migrate during the day or will that impact your production servers too much? This is a limiting factor on how quickly you can migrate.
• Do you need coexistence?

These are just some examples of the common things to put a plan in place for. These are just the tip of the questions you need to ask and investigate before you start your migration. A rich plan will make your migration go much more smoothly.

And finally, setting appropriate expectations is probably the most important of all. Migrations are a translation from one system to another not a copy and paste. Knowing the limitations of a migration will help to control the support calls after the migration.

Starting with those three basic migration concepts will get you far in the start of your migration.

Author: Dave Cook, LeadThem Consulting  Notes Architect





Posted by LeadThem Consulting | in Notes Migrator, Uncategorized | Comments Off on The Most Important Aspect of a Notes Migration

LeadThem Consulting
20418 SE Hwy 212
Damascus, OR 97089