[2016/04/14 10:01:46.351366, 6, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2215(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Apr 7 15:38:04 2016 [2016/04/14 10:01:46.351405, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.351413, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=120 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=65535 smb_pid=65279 smb_uid=59137 smb_mid=48640 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=77 [2016/04/14 10:01:46.351453, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d [0010] 00 6F 00 77 00 73 00 20 00 36 00 2E 00 31 00 00 .o.w.s. .6...1.. [0020] 00 53 00 61 00 6D 00 62 00 61 00 20 00 34 00 2E .S.a.m.b .a. .4.. [0030] 00 34 00 2E 00 30 00 00 00 57 00 4F 00 52 00 4B .4...0.. .W.O.R.K [0040] 00 47 00 52 00 4F 00 55 00 50 00 00 00 .G.R.O.U .P... [2016/04/14 10:01:46.351933, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 96 [2016/04/14 10:01:46.351955, 6, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x60 [2016/04/14 10:01:46.351971, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 3 of length 100 (0 toread) [2016/04/14 10:01:46.351986, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.351995, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=96 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=59137 smb_mid=48704 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=53 [2016/04/14 10:01:46.352034, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 5C 00 5C 00 31 00 30 00 2E 00 31 00 38 00 38 .\.\.1.0 ...1.8.8 [0010] 00 2E 00 31 00 30 00 31 00 2E 00 31 00 36 00 36 ...1.0.1 ...1.6.6 [0020] 00 5C 00 50 00 52 00 49 00 4E 00 54 00 00 00 3F .\.P.R.I .N.T...? [0030] 3F 3F 3F 3F 00 ????. [2016/04/14 10:01:46.352095, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBtconX (pid 12849) conn 0x0 [2016/04/14 10:01:46.352108, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/04/14 10:01:46.352118, 5, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:01:46.352128, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:01:46.352144, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/04/14 10:01:46.352156, 5, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_session_global.tdb [2016/04/14 10:01:46.352177, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_session_global.tdb 2: 3: [2016/04/14 10:01:46.352190, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 738839AF [2016/04/14 10:01:46.352205, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d58ba8 [2016/04/14 10:01:46.352243, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:930(smbXsrv_session_global_store) [2016/04/14 10:01:46.352254, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:932(smbXsrv_session_global_store) smbXsrv_session_global_store: key '738839AF' stored [2016/04/14 10:01:46.352265, 1, pid=12849, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_session_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000004 (4) info : union smbXsrv_session_globalU(case 0) info0 : * info0: struct smbXsrv_session_global0 db_rec : * session_global_id : 0x738839af (1938307503) session_wire_id : 0x000000000000e701 (59137) creation_time : Thu Apr 14 10:01:46 AM 2016 IST expiration_time : Thu Jan 1 05:30:00 AM 1970 IST auth_time : Thu Apr 14 10:01:46 AM 2016 IST auth_session_info_seqnum : 0x00000001 (1) auth_session_info : * auth_session_info: struct auth_session_info security_token : * security_token: struct security_token num_sids : 0x00000007 (7) sids: ARRAY(7) sids : S-1-5-21-4169439650-4212734061-2710409060-501 sids : S-1-5-21-4169439650-4212734061-2710409060-514 sids : S-1-22-2-99 sids : S-1-1-0 sids : S-1-5-2 sids : S-1-5-32-546 sids : S-1-22-1-99 privilege_mask : 0x0000000000000000 (0) 0: SEC_PRIV_MACHINE_ACCOUNT_BIT 0: SEC_PRIV_PRINT_OPERATOR_BIT 0: SEC_PRIV_ADD_USERS_BIT 0: SEC_PRIV_DISK_OPERATOR_BIT 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT 0: SEC_PRIV_BACKUP_BIT 0: SEC_PRIV_RESTORE_BIT 0: SEC_PRIV_TAKE_OWNERSHIP_BIT 0: SEC_PRIV_INCREASE_QUOTA_BIT 0: SEC_PRIV_SECURITY_BIT 0: SEC_PRIV_LOAD_DRIVER_BIT 0: SEC_PRIV_SYSTEM_PROFILE_BIT 0: SEC_PRIV_SYSTEMTIME_BIT 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT 0: SEC_PRIV_CREATE_PAGEFILE_BIT 0: SEC_PRIV_SHUTDOWN_BIT 0: SEC_PRIV_DEBUG_BIT 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT 0: SEC_PRIV_CHANGE_NOTIFY_BIT 0: SEC_PRIV_UNDOCK_BIT 0: SEC_PRIV_ENABLE_DELEGATION_BIT 0: SEC_PRIV_MANAGE_VOLUME_BIT 0: SEC_PRIV_IMPERSONATE_BIT 0: SEC_PRIV_CREATE_GLOBAL_BIT rights_mask : 0x00000000 (0) 0: LSA_POLICY_MODE_INTERACTIVE 0: LSA_POLICY_MODE_NETWORK 0: LSA_POLICY_MODE_BATCH 0: LSA_POLICY_MODE_SERVICE 0: LSA_POLICY_MODE_PROXY 0: LSA_POLICY_MODE_DENY_INTERACTIVE 0: LSA_POLICY_MODE_DENY_NETWORK 0: LSA_POLICY_MODE_DENY_BATCH 0: LSA_POLICY_MODE_DENY_SERVICE 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE 0x00: LSA_POLICY_MODE_ALL (0) 0x00: LSA_POLICY_MODE_ALL_NT4 (0) unix_token : * unix_token: struct security_unix_token uid : 0x0000000000000063 (99) gid : 0x0000000000000063 (99) ngroups : 0x00000001 (1) groups: ARRAY(1) groups : 0x0000000000000063 (99) info : * info: struct auth_user_info account_name : * account_name : 'nobody' domain_name : * domain_name : 'SHIVHTTPSERVER' full_name : NULL logon_script : NULL profile_path : NULL home_directory : NULL home_drive : NULL logon_server : NULL last_logon : NTTIME(0) last_logoff : NTTIME(0) acct_expiry : NTTIME(0) last_password_change : NTTIME(0) allow_password_change : NTTIME(0) force_password_change : NTTIME(0) logon_count : 0x0000 (0) bad_password_count : 0x0000 (0) acct_flags : 0x00000000 (0) authenticated : 0x00 (0) unix_info : * unix_info: struct auth_user_info_unix unix_name : * unix_name : 'nobody' sanitized_username : * sanitized_username : 'sshivappa' torture : NULL credentials : NULL connection_dialect : 0x0000 (0) signing_flags : 0x04 (4) 0: SMBXSRV_SIGNING_REQUIRED 0: SMBXSRV_PROCESSED_SIGNED_PACKET 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET encryption_flags : 0x08 (8) 0: SMBXSRV_ENCRYPTION_REQUIRED 0: SMBXSRV_ENCRYPTION_DESIRED 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) local_address : 'ipv4:10.188.101.166:445' remote_address : 'ipv4:10.188.101.162:52845' remote_name : '10.188.101.162' auth_session_info_seqnum : 0x00000001 (1) connection : * encryption_cipher : 0x8000 (32768) [2016/04/14 10:01:46.352854, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 738839AF [2016/04/14 10:01:46.352868, 5, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_session_global.tdb [2016/04/14 10:01:46.352879, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.352891, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:1391(smbXsrv_session_update) [2016/04/14 10:01:46.352898, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:1399(smbXsrv_session_update) smbXsrv_session_update: global_id (0x738839af) stored [2016/04/14 10:01:46.352908, 1, pid=12849, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &session_blob: struct smbXsrv_sessionB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_sessionU(case 0) info0 : * info0: struct smbXsrv_session table : * db_rec : NULL client : * local_id : 0x0000e701 (59137) global : * global: struct smbXsrv_session_global0 db_rec : NULL session_global_id : 0x738839af (1938307503) session_wire_id : 0x000000000000e701 (59137) creation_time : Thu Apr 14 10:01:46 AM 2016 IST expiration_time : Thu Jan 1 05:30:00 AM 1970 IST auth_time : Thu Apr 14 10:01:46 AM 2016 IST auth_session_info_seqnum : 0x00000001 (1) auth_session_info : * auth_session_info: struct auth_session_info security_token : * security_token: struct security_token num_sids : 0x00000007 (7) sids: ARRAY(7) sids : S-1-5-21-4169439650-4212734061-2710409060-501 sids : S-1-5-21-4169439650-4212734061-2710409060-514 sids : S-1-22-2-99 sids : S-1-1-0 sids : S-1-5-2 sids : S-1-5-32-546 sids : S-1-22-1-99 privilege_mask : 0x0000000000000000 (0) 0: SEC_PRIV_MACHINE_ACCOUNT_BIT 0: SEC_PRIV_PRINT_OPERATOR_BIT 0: SEC_PRIV_ADD_USERS_BIT 0: SEC_PRIV_DISK_OPERATOR_BIT 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT 0: SEC_PRIV_BACKUP_BIT 0: SEC_PRIV_RESTORE_BIT 0: SEC_PRIV_TAKE_OWNERSHIP_BIT 0: SEC_PRIV_INCREASE_QUOTA_BIT 0: SEC_PRIV_SECURITY_BIT 0: SEC_PRIV_LOAD_DRIVER_BIT 0: SEC_PRIV_SYSTEM_PROFILE_BIT 0: SEC_PRIV_SYSTEMTIME_BIT 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT 0: SEC_PRIV_CREATE_PAGEFILE_BIT 0: SEC_PRIV_SHUTDOWN_BIT 0: SEC_PRIV_DEBUG_BIT 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT 0: SEC_PRIV_CHANGE_NOTIFY_BIT 0: SEC_PRIV_UNDOCK_BIT 0: SEC_PRIV_ENABLE_DELEGATION_BIT 0: SEC_PRIV_MANAGE_VOLUME_BIT 0: SEC_PRIV_IMPERSONATE_BIT 0: SEC_PRIV_CREATE_GLOBAL_BIT rights_mask : 0x00000000 (0) 0: LSA_POLICY_MODE_INTERACTIVE 0: LSA_POLICY_MODE_NETWORK 0: LSA_POLICY_MODE_BATCH 0: LSA_POLICY_MODE_SERVICE 0: LSA_POLICY_MODE_PROXY 0: LSA_POLICY_MODE_DENY_INTERACTIVE 0: LSA_POLICY_MODE_DENY_NETWORK 0: LSA_POLICY_MODE_DENY_BATCH 0: LSA_POLICY_MODE_DENY_SERVICE 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE 0x00: LSA_POLICY_MODE_ALL (0) 0x00: LSA_POLICY_MODE_ALL_NT4 (0) unix_token : * unix_token: struct security_unix_token uid : 0x0000000000000063 (99) gid : 0x0000000000000063 (99) ngroups : 0x00000001 (1) groups: ARRAY(1) groups : 0x0000000000000063 (99) info : * info: struct auth_user_info account_name : * account_name : 'nobody' domain_name : * domain_name : 'SHIVHTTPSERVER' full_name : NULL logon_script : NULL profile_path : NULL home_directory : NULL home_drive : NULL logon_server : NULL last_logon : NTTIME(0) last_logoff : NTTIME(0) acct_expiry : NTTIME(0) last_password_change : NTTIME(0) allow_password_change : NTTIME(0) force_password_change : NTTIME(0) logon_count : 0x0000 (0) bad_password_count : 0x0000 (0) acct_flags : 0x00000000 (0) authenticated : 0x00 (0) unix_info : * unix_info: struct auth_user_info_unix unix_name : * unix_name : 'nobody' sanitized_username : * sanitized_username : 'sshivappa' torture : NULL credentials : NULL connection_dialect : 0x0000 (0) signing_flags : 0x04 (4) 0: SMBXSRV_SIGNING_REQUIRED 0: SMBXSRV_PROCESSED_SIGNED_PACKET 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET encryption_flags : 0x08 (8) 0: SMBXSRV_ENCRYPTION_REQUIRED 0: SMBXSRV_ENCRYPTION_DESIRED 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) local_address : 'ipv4:10.188.101.166:445' remote_address : 'ipv4:10.188.101.162:52845' remote_name : '10.188.101.162' auth_session_info_seqnum : 0x00000001 (1) connection : * encryption_cipher : 0x8000 (32768) status : NT_STATUS_OK idle_time : Thu Apr 14 10:01:46 AM 2016 IST nonce_high_random : 0x0000000000000000 (0) nonce_high_max : 0x0000000000000000 (0) nonce_high : 0x0000000000000000 (0) nonce_low : 0x0000000000000000 (0) compat : * tcon_table : NULL pending_auth : * pending_auth: struct smbXsrv_session_auth0 prev : * next : NULL session : * connection : * gensec : * preauth : NULL in_flags : 0x00 (0) in_security_mode : 0x00 (0) creation_time : Thu Apr 14 10:01:46 AM 2016 IST idle_time : Thu Apr 14 10:01:46 AM 2016 IST [2016/04/14 10:01:46.353689, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/reply.c:972(reply_tcon_and_X) Client requested device type [?????] for share [PRINT] [2016/04/14 10:01:46.353716, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:1116(make_connection) making a connection to 'normal' service print [2016/04/14 10:01:46.353732, 5, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb [2016/04/14 10:01:46.353743, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_tcon_global.tdb 2: 3: [2016/04/14 10:01:46.353756, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 90C692B2 [2016/04/14 10:01:46.353771, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d5aa80 [2016/04/14 10:01:46.353811, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:709(smbXsrv_tcon_global_store) [2016/04/14 10:01:46.353822, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:711(smbXsrv_tcon_global_store) smbXsrv_tcon_global_store: key '90C692B2' stored [2016/04/14 10:01:46.353833, 1, pid=12849, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_tcon_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_tcon_globalU(case 0) info0 : * info0: struct smbXsrv_tcon_global0 db_rec : * tcon_global_id : 0x90c692b2 (2428932786) tcon_wire_id : 0x000018f8 (6392) server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) creation_time : Thu Apr 14 10:01:46 AM 2016 IST share_name : NULL encryption_flags : 0x00 (0) 0: SMBXSRV_ENCRYPTION_REQUIRED 0: SMBXSRV_ENCRYPTION_DESIRED 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET session_global_id : 0x00000000 (0) signing_flags : 0x00 (0) 0: SMBXSRV_SIGNING_REQUIRED 0: SMBXSRV_PROCESSED_SIGNED_PACKET 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET [2016/04/14 10:01:46.353953, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 90C692B2 [2016/04/14 10:01:46.353967, 5, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb [2016/04/14 10:01:46.353977, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.353989, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:831(smbXsrv_tcon_create) [2016/04/14 10:01:46.353996, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:839(smbXsrv_tcon_create) smbXsrv_tcon_create: global_id (0x90c692b2) stored [2016/04/14 10:01:46.354006, 1, pid=12849, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &tcon_blob: struct smbXsrv_tconB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_tconU(case 0) info0 : * info0: struct smbXsrv_tcon table : * db_rec : NULL local_id : 0x000018f8 (6392) global : * global: struct smbXsrv_tcon_global0 db_rec : NULL tcon_global_id : 0x90c692b2 (2428932786) tcon_wire_id : 0x000018f8 (6392) server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) creation_time : Thu Apr 14 10:01:46 AM 2016 IST share_name : NULL encryption_flags : 0x00 (0) 0: SMBXSRV_ENCRYPTION_REQUIRED 0: SMBXSRV_ENCRYPTION_DESIRED 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET session_global_id : 0x00000000 (0) signing_flags : 0x00 (0) 0: SMBXSRV_SIGNING_REQUIRED 0: SMBXSRV_PROCESSED_SIGNED_PACKET 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET status : NT_STATUS_INTERNAL_ERROR idle_time : Thu Apr 14 10:01:46 AM 2016 IST compat : NULL [2016/04/14 10:01:46.354175, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.188.101.162 (10.188.101.162) [2016/04/14 10:01:46.354224, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:164(set_conn_connectpath) set_conn_connectpath: service Print, connectpath = /var/spool/samba [2016/04/14 10:01:46.354240, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:614(make_connection_snum) Connect path is '/var/spool/samba/' for service [Print] [2016/04/14 10:01:46.354253, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share Print is ok for unix user nobody [2016/04/14 10:01:46.354265, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:284(is_share_read_only_for_token) is_share_read_only_for_user: share Print is read-write for unix user nobody [2016/04/14 10:01:46.354295, 10, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:337(se_file_access_check) se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff [2016/04/14 10:01:46.354310, 3, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:113(vfs_init_default) Initialising default vfs hooks [2016/04/14 10:01:46.354327, 10, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2016/04/14 10:01:46.354338, 5, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:103(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2016/04/14 10:01:46.354354, 10, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2016/04/14 10:01:46.354365, 5, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:103(smb_register_vfs) Successfully added vfs backend 'posixacl' [2016/04/14 10:01:46.354380, 10, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) vfs_find_backend_entry called for dfs_samba4 [2016/04/14 10:01:46.354394, 5, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:103(smb_register_vfs) Successfully added vfs backend 'dfs_samba4' [2016/04/14 10:01:46.354408, 10, pid=12849, effective(0, 0), real(0, 0), class=dfs_samba4] ../source3/modules/vfs_dfs_samba4.c:155(vfs_dfs_samba4_init) vfs_dfs_samba4: Debug class number of 'fileid': 24 [2016/04/14 10:01:46.354418, 3, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2016/04/14 10:01:46.354429, 10, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2016/04/14 10:01:46.354445, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.354456, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2016/04/14 10:01:46.354466, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.354476, 5, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:01:46.354486, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:01:46.354529, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/04/14 10:01:46.354561, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:164(set_conn_connectpath) set_conn_connectpath: service Print, connectpath = /var/spool/samba [2016/04/14 10:01:46.354577, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share Print is ok for unix user nobody [2016/04/14 10:01:46.354589, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:284(is_share_read_only_for_token) is_share_read_only_for_user: share Print is read-write for unix user nobody [2016/04/14 10:01:46.354608, 10, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:337(se_file_access_check) se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff [2016/04/14 10:01:46.354646, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2016/04/14 10:01:46.354664, 5, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-4169439650-4212734061-2710409060-501 SID[ 1]: S-1-5-21-4169439650-4212734061-2710409060-514 SID[ 2]: S-1-22-2-99 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-99 Privileges (0x 0): Rights (0x 0): [2016/04/14 10:01:46.354704, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 99 Primary group is 99 and contains 1 supplementary groups Group[ 0]: 99 [2016/04/14 10:01:46.354725, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) Impersonated user: uid=(99,99), gid=(0,99) [2016/04/14 10:01:46.354740, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/04/14 10:01:46.354751, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:01:46.354760, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:01:46.354776, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/04/14 10:01:46.354792, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:164(set_conn_connectpath) set_conn_connectpath: service Print, connectpath = /var/spool/samba [2016/04/14 10:01:46.354839, 10, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/modules/vfs_default.c:170(vfswrap_fs_capabilities) vfswrap_fs_capabilities: timestamp resolution of sec available on share Print, directory /var/spool/samba [2016/04/14 10:01:46.354854, 2, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:864(make_connection_snum) shivappas (ipv4:10.188.101.162:52845) connect to service Print initially as user nobody (uid=99, gid=99) (pid 12849) [2016/04/14 10:01:46.354872, 5, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb [2016/04/14 10:01:46.354884, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_tcon_global.tdb 2: 3: [2016/04/14 10:01:46.354897, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 90C692B2 [2016/04/14 10:01:46.354910, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d59038 [2016/04/14 10:01:46.354927, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:709(smbXsrv_tcon_global_store) [2016/04/14 10:01:46.354936, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:711(smbXsrv_tcon_global_store) smbXsrv_tcon_global_store: key '90C692B2' stored [2016/04/14 10:01:46.354947, 1, pid=12849, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_tcon_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000002 (2) info : union smbXsrv_tcon_globalU(case 0) info0 : * info0: struct smbXsrv_tcon_global0 db_rec : * tcon_global_id : 0x90c692b2 (2428932786) tcon_wire_id : 0x000018f8 (6392) server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) creation_time : Thu Apr 14 10:01:46 AM 2016 IST share_name : 'Print' encryption_flags : 0x00 (0) 0: SMBXSRV_ENCRYPTION_REQUIRED 0: SMBXSRV_ENCRYPTION_DESIRED 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET session_global_id : 0x738839af (1938307503) signing_flags : 0x00 (0) 0: SMBXSRV_SIGNING_REQUIRED 0: SMBXSRV_PROCESSED_SIGNED_PACKET 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET [2016/04/14 10:01:46.355067, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 90C692B2 [2016/04/14 10:01:46.355079, 5, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb [2016/04/14 10:01:46.355090, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.355101, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:876(smbXsrv_tcon_update) [2016/04/14 10:01:46.355109, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:884(smbXsrv_tcon_update) smbXsrv_tcon_update: global_id (0x90c692b2) stored [2016/04/14 10:01:46.355118, 1, pid=12849, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &tcon_blob: struct smbXsrv_tconB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_tconU(case 0) info0 : * info0: struct smbXsrv_tcon table : * db_rec : NULL local_id : 0x000018f8 (6392) global : * global: struct smbXsrv_tcon_global0 db_rec : NULL tcon_global_id : 0x90c692b2 (2428932786) tcon_wire_id : 0x000018f8 (6392) server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) creation_time : Thu Apr 14 10:01:46 AM 2016 IST share_name : 'Print' encryption_flags : 0x00 (0) 0: SMBXSRV_ENCRYPTION_REQUIRED 0: SMBXSRV_ENCRYPTION_DESIRED 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET session_global_id : 0x738839af (1938307503) signing_flags : 0x00 (0) 0: SMBXSRV_SIGNING_REQUIRED 0: SMBXSRV_PROCESSED_SIGNED_PACKET 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET status : NT_STATUS_OK idle_time : Thu Apr 14 10:01:46 AM 2016 IST compat : * [2016/04/14 10:01:46.355284, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/reply.c:1139(reply_tcon_and_X) tconX service=PRINT [2016/04/14 10:01:46.355302, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.355310, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=66 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=48704 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 31 (0x1F) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_bcc=17 [2016/04/14 10:01:46.355356, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 4C 50 54 31 3A 00 00 4E 00 54 00 46 00 53 00 00 LPT1:..N .T.F.S.. [0010] 00 . [2016/04/14 10:01:46.356028, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 60 [2016/04/14 10:01:46.356059, 6, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x3c [2016/04/14 10:01:46.356076, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 4 of length 64 (0 toread) [2016/04/14 10:01:46.356089, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.356096, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=60 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=5808 smb_uid=59137 smb_mid=48768 smt_wct=2 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1 (0x1) smb_bcc=21 [2016/04/14 10:01:46.356132, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 04 53 00 53 00 48 00 49 00 56 00 41 00 50 00 50 .S.S.H.I .V.A.P.P [0010] 00 41 00 00 00 .A... [2016/04/14 10:01:46.356178, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplopen (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.356194, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2016/04/14 10:01:46.356206, 5, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-4169439650-4212734061-2710409060-501 SID[ 1]: S-1-5-21-4169439650-4212734061-2710409060-514 SID[ 2]: S-1-22-2-99 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-99 Privileges (0x 0): Rights (0x 0): [2016/04/14 10:01:46.356246, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 99 Primary group is 99 and contains 1 supplementary groups Group[ 0]: 99 [2016/04/14 10:01:46.356268, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) Impersonated user: uid=(99,99), gid=(0,99) [2016/04/14 10:01:46.356281, 4, pid=12849, effective(99, 99), real(99, 0), class=vfs] ../source3/smbd/vfs.c:844(vfs_ChDir) vfs_ChDir to /var/spool/samba [2016/04/14 10:01:46.356304, 4, pid=12849, effective(99, 99), real(99, 0), class=vfs] ../source3/smbd/vfs.c:855(vfs_ChDir) vfs_ChDir got /var/spool/samba [2016/04/14 10:01:46.356316, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb [2016/04/14 10:01:46.356327, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_tcon_global.tdb 2: 3: [2016/04/14 10:01:46.356340, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 90C692B2 [2016/04/14 10:01:46.356360, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d5aa18 [2016/04/14 10:01:46.356380, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_tcon.c:709(smbXsrv_tcon_global_store) [2016/04/14 10:01:46.356388, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_tcon.c:711(smbXsrv_tcon_global_store) smbXsrv_tcon_global_store: key '90C692B2' stored [2016/04/14 10:01:46.356400, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_tcon_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000003 (3) info : union smbXsrv_tcon_globalU(case 0) info0 : * info0: struct smbXsrv_tcon_global0 db_rec : * tcon_global_id : 0x90c692b2 (2428932786) tcon_wire_id : 0x000018f8 (6392) server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) creation_time : Thu Apr 14 10:01:46 AM 2016 IST share_name : 'Print' encryption_flags : 0x08 (8) 0: SMBXSRV_ENCRYPTION_REQUIRED 0: SMBXSRV_ENCRYPTION_DESIRED 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET session_global_id : 0x738839af (1938307503) signing_flags : 0x04 (4) 0: SMBXSRV_SIGNING_REQUIRED 0: SMBXSRV_PROCESSED_SIGNED_PACKET 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET [2016/04/14 10:01:46.356519, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 90C692B2 [2016/04/14 10:01:46.356533, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb [2016/04/14 10:01:46.356543, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.356555, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_tcon.c:876(smbXsrv_tcon_update) [2016/04/14 10:01:46.356562, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_tcon.c:884(smbXsrv_tcon_update) smbXsrv_tcon_update: global_id (0x90c692b2) stored [2016/04/14 10:01:46.356572, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &tcon_blob: struct smbXsrv_tconB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_tconU(case 0) info0 : * info0: struct smbXsrv_tcon table : * db_rec : NULL local_id : 0x000018f8 (6392) global : * global: struct smbXsrv_tcon_global0 db_rec : NULL tcon_global_id : 0x90c692b2 (2428932786) tcon_wire_id : 0x000018f8 (6392) server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) creation_time : Thu Apr 14 10:01:46 AM 2016 IST share_name : 'Print' encryption_flags : 0x08 (8) 0: SMBXSRV_ENCRYPTION_REQUIRED 0: SMBXSRV_ENCRYPTION_DESIRED 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET session_global_id : 0x738839af (1938307503) signing_flags : 0x04 (4) 0: SMBXSRV_SIGNING_REQUIRED 0: SMBXSRV_PROCESSED_SIGNED_PACKET 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET status : NT_STATUS_OK idle_time : Thu Apr 14 10:01:46 AM 2016 IST compat : * [2016/04/14 10:01:46.356739, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.356750, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.356764, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 08703C0A [2016/04/14 10:01:46.356779, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d59c68 [2016/04/14 10:01:46.356790, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) smbXsrv_open_global_verify_record: empty value [2016/04/14 10:01:46.356836, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) smbXsrv_open_global_store: key '08703C0A' stored [2016/04/14 10:01:46.356852, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x08703c0a (141573130) open_persistent_id : 0x0000000008703c0a (141573130) open_volatile_id : 0x0000000000002209 (8713) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:46 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2016/04/14 10:01:46.356968, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 08703C0A [2016/04/14 10:01:46.356985, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.356996, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.357008, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) smbXsrv_open_create: global_id (0x08703c0a) stored [2016/04/14 10:01:46.357018, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x00002209 (8713) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x08703c0a (141573130) open_persistent_id : 0x0000000008703c0a (141573130) open_volatile_id : 0x0000000000002209 (8713) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:46 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Thu Apr 14 10:01:46 AM 2016 IST compat : NULL flags : 0x00 (0) 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE create_action : 0x00000000 (0) [2016/04/14 10:01:46.357202, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:128(file_new) allocated file structure fnum 8713 (1 used) [2016/04/14 10:01:46.357342, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:1072(rpc_pipe_open_interface) Connecting to spoolss pipe. [2016/04/14 10:01:46.357373, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested spoolss [2016/04/14 10:01:46.357388, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe spoolss [2016/04/14 10:01:46.357400, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss [2016/04/14 10:01:46.357438, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe spoolss [2016/04/14 10:01:46.357497, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'Print' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ [2016/04/14 10:01:46.357573, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.357587, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 [2016/04/14 10:01:46.357597, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.357607, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:01:46.357617, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:01:46.357656, 7, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4088(lp_servicenumber) lp_servicenumber: couldn't find printers [2016/04/14 10:01:46.357671, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2044(process_registry_service) process_registry_service: service name printers [2016/04/14 10:01:46.357684, 7, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [printers] [2016/04/14 10:01:46.357695, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.357712, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] [2016/04/14 10:01:46.357723, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] [2016/04/14 10:01:46.357736, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.357746, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6fb5380 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] [2016/04/14 10:01:46.357769, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1739(regdb_fetch_keys_internal) key [HKLM\SOFTWARE\Samba\smbconf\printers] not found [2016/04/14 10:01:46.357782, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.357798, 7, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4088(lp_servicenumber) lp_servicenumber: couldn't find printers [2016/04/14 10:01:46.357818, 7, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4088(lp_servicenumber) lp_servicenumber: couldn't find printers [2016/04/14 10:01:46.357833, 7, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4088(lp_servicenumber) lp_servicenumber: couldn't find printers [2016/04/14 10:01:46.357843, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/server_reload.c:87(delete_and_reload_printers) reloading printer services from pcap cache [2016/04/14 10:01:46.357862, 7, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4088(lp_servicenumber) lp_servicenumber: couldn't find printers [2016/04/14 10:01:46.357873, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2044(process_registry_service) process_registry_service: service name printers [2016/04/14 10:01:46.357884, 7, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [printers] [2016/04/14 10:01:46.357895, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.357906, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] [2016/04/14 10:01:46.357916, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] [2016/04/14 10:01:46.357928, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.357938, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6fb5380 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] [2016/04/14 10:01:46.357954, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1739(regdb_fetch_keys_internal) key [HKLM\SOFTWARE\Samba\smbconf\printers] not found [2016/04/14 10:01:46.357965, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.357981, 7, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4088(lp_servicenumber) lp_servicenumber: couldn't find printers [2016/04/14 10:01:46.357995, 7, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4088(lp_servicenumber) lp_servicenumber: couldn't find printers [2016/04/14 10:01:46.358009, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 checking name: Print [2016/04/14 10:01:46.358026, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:735(open_printer_hnd) open_printer_hnd: name [Print] [2016/04/14 10:01:46.358039, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.358071, 3, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:507(set_printer_hnd_printertype) Setting printer type=Print Printer is a printer [2016/04/14 10:01:46.358083, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:567(set_printer_hnd_name) Setting printer name=Print (len=5) searching for [Print] [2016/04/14 10:01:46.358126, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Thu Jan 1 05:30:00 AM 1970 IST] (-1460608306 seconds in the past) [2016/04/14 10:01:46.358208, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Fri Jan 16 10:49:41 PM 1970 IST] (-1459249925 seconds in the past) set_printer_hnd_name: Printer found: Print -> Print [2016/04/14 10:01:46.358264, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:771(open_printer_hnd) 1 printer handles active [2016/04/14 10:01:46.358277, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.358308, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.358338, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.358361, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.188.101.162 (10.188.101.162) [2016/04/14 10:01:46.358404, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share Print is ok for unix user nobody [2016/04/14 10:01:46.358441, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.358456, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.358467, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.358502, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.358530, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.358583, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.358596, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.358608, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.358618, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.358633, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.358644, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.358675, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.358698, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.358712, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.358746, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.358816, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.358922, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.358956, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.358967, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.358979, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.358989, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.359005, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.359015, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.359047, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.359071, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.359083, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.359095, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.359105, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.359117, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.359127, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.359153, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.359184, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.359197, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.359209, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.359219, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.359231, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.359240, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.359265, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.359288, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.359301, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.359312, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.359323, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.359339, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.359350, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.359391, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.359405, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.359417, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.359428, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.359441, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.359450, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.359478, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.359491, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.359502, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.359513, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.359527, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.359536, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.359560, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.359586, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.359598, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.359610, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.359620, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.359638, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.359648, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.359673, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.359697, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.359711, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.359722, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.359734, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.359746, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.359757, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.359769, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.359781, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.359813, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.359872, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.359958, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.359990, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.360002, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.360012, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.360024, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.360048, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.360062, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.360128, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.360223, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.360257, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.360268, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.360285, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.361056, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.361092, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.361125, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.361155, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.361177, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.361189, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.361239, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.361272, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.361305, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.361337, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.361347, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.361358, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.361402, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.361418, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.361429, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.361439, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.361449, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.361458, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.361469, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.361480, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1922(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2016/04/14 10:01:46.361503, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.361518, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.361529, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.361561, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.361583, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.361635, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.361646, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.361658, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.361669, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.361680, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.361689, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.361718, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.361741, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.361755, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.361788, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.361845, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.361950, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.361984, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.361995, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.362007, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.362017, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.362028, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.362038, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.362069, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.362093, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.362105, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.362117, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.362127, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.362139, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.362149, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.362186, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.362210, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.362223, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.362234, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.362244, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.362256, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.362266, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.362290, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.362314, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.362326, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.362338, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.362348, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.362360, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.362370, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.362408, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.362422, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.362434, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.362444, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.362458, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.362467, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.362498, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.362511, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.362523, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.362534, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.362548, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.362557, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.362581, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.362605, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.362617, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.362629, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.362639, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.362653, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.362662, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.362684, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.362706, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.362720, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.362732, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.362744, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.362755, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.362767, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.362781, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.362794, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.362825, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.362871, 2, pid=12849, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print already exists [2016/04/14 10:01:46.362894, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.362927, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.362960, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.362991, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.363001, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.363013, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.363060, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.363093, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.363129, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.363169, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.363181, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.363192, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.363236, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.363251, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.363321, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter in: struct spoolss_StartDocPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-0f57-321d31320000 info_ctr : * info_ctr: struct spoolss_DocumentInfoCtr level : 0x00000001 (1) info : union spoolss_DocumentInfo(case 1) info1 : * info1: struct spoolss_DocumentInfo1 document_name : * document_name : 'Remote Downlevel Document' output_file : * output_file : '/var/spool/samba//smbprn.nvdnXi' datatype : * datatype : 'RAW' [2016/04/14 10:01:46.363407, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.363439, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.363469, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.363499, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.363518, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 [2016/04/14 10:01:46.363529, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.363540, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:01:46.363549, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:01:46.363592, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2016/04/14 10:01:46.363618, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.363633, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.363645, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.363676, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.363698, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.363751, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.363763, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.363775, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.363785, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.363796, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.363805, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.363834, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.363858, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.363872, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.363910, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.363967, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.364071, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.364105, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.364116, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.364128, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.364138, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.364149, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.364165, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.364198, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.364223, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.364239, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.364251, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.364261, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.364273, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.364283, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.364310, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.364333, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.364346, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.364357, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.364367, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.364379, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.364389, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.364413, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.364436, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.364448, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.364460, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.364470, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.364482, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.364492, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.364530, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.364543, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.364559, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.364569, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.364583, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.364593, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.364619, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.364632, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.364644, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.364655, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.364668, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.364678, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.364702, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.364726, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.364738, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.364749, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.364765, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.364779, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.364789, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.364811, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.364833, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.364851, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.364862, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.364874, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.364886, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.364897, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.364908, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.364920, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.364951, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.365008, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.365090, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.365123, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.365134, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.365148, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.365166, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.365190, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.365205, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.365271, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.365355, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.365388, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.365399, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.365412, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.366189, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.366227, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.366260, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.366291, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.366302, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.366314, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.366361, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.366399, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.366431, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.366462, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.366472, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.366483, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.366526, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.366542, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.366553, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.366563, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.366572, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.366582, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.366592, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.366613, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.366627, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.366638, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.366672, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.366696, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.366753, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.366766, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.366778, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.366788, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.366799, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.366808, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.366837, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.366861, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.366875, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.366907, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.366964, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.367071, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.367105, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.367117, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.367129, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.367140, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.367151, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.367167, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.367200, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.367224, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.367236, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.367248, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.367259, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.367270, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.367280, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.367307, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.367330, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.367342, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.367354, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.367364, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.367376, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.367390, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.367414, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.367437, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.367449, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.367461, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.367471, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.367484, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.367493, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.367531, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.367544, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.367556, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.367567, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.367580, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.367589, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.367617, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.367629, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.367641, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.367652, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.367665, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.367675, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.367703, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.367727, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.367739, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.367751, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.367762, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.367775, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.367785, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.367807, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.367832, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.367846, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.367858, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.367870, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.367881, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.367893, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.367904, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.367916, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.367948, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.368008, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-0f57-321d31320000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/04/14 10:01:46.368063, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.368098, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.368110, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.368133, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.368146, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.368175, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000001 (1) max_valnamelen : * max_valnamelen : 0x00000012 (18) max_valbufsize : * max_valbufsize : 0x000000b0 (176) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/04/14 10:01:46.368296, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-0f57-321d31320000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0014 (20) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2016/04/14 10:01:46.368390, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.368423, 8, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.368436, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0014 (20) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) size : * size : 0x000000b0 (176) length : * length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.369216, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.369300, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.369332, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.369343, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.369355, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2016/04/14 10:01:46.369365, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2016/04/14 10:01:46.369430, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.369483, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.369496, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.369512, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.369523, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.369534, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.369543, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.369572, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.369595, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.369610, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.369643, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.369699, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.369803, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.369836, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.369847, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.369863, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.369874, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.369885, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.369895, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.369926, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.369950, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.369963, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.369975, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.369985, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.369997, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.370006, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.370032, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.370055, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.370068, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.370080, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.370090, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.370102, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.370111, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.370135, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.370162, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.370177, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.370193, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.370204, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.370217, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.370226, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.370266, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.370280, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.370292, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.370302, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.370315, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.370325, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.370352, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.370366, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (10->11) [2016/04/14 10:01:46.370377, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.370388, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.370401, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.370411, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.370435, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.370459, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.370471, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (11->12) [2016/04/14 10:01:46.370486, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.370497, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.370511, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.370520, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.370542, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.370565, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.370579, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (12->11) [2016/04/14 10:01:46.370590, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (11->10) [2016/04/14 10:01:46.370603, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.370614, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.370625, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.370637, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.370649, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.370680, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.370737, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.370822, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.370856, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.370867, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.370878, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.370889, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.370912, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.370926, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.370992, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.371075, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.371111, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.371123, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.371136, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.371890, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.371926, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.371959, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.371993, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.372005, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.372016, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.372063, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.372101, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.372134, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.372171, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.372183, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.372194, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.372243, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.372276, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.372308, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.372343, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.372354, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.372365, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.372412, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.372445, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.372477, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.372508, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.372518, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.372529, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.372572, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.372596, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:1374(print_cache_expired) print_cache_expired: cache expired for queue Print (last_qscan_time = 1460607694, time now = 1460608306, qcachetime = 30) [2016/04/14 10:01:46.372627, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:1791(print_queue_update) print_queue_update: Sending message -> printer = Print, type = 6, lpq command = [lpq -P'Print'] lprm command = [lprm -P'Print' %j] [2016/04/14 10:01:46.372662, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.372677, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 [2016/04/14 10:01:46.372688, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.372702, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:01:46.372712, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:01:46.372731, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/messages_dgm.c:323(messaging_dgm_send) messaging_dgm_send: Sending message to 12821 [2016/04/14 10:01:46.372762, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2016/04/14 10:01:46.372783, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2837(print_job_start) print_job_start: Queue Print number of jobs (9), max printjobs = 1000 [2016/04/14 10:01:46.372802, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2605(allocate_print_jobid) allocate_print_jobid: Read jobid 75 from Print [2016/04/14 10:01:46.372839, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2769(print_job_spool_file) print_job_spool_file:External spooling activated [2016/04/14 10:01:46.372866, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x10 for printer Print to notify_queue_head [2016/04/14 10:01:46.372881, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x03 for printer Print to notify_queue_head [2016/04/14 10:01:46.372893, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0d for printer Print to notify_queue_head [2016/04/14 10:01:46.372905, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head [2016/04/14 10:01:46.372916, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x16 for printer Print to notify_queue_head [2016/04/14 10:01:46.372927, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x14 for printer Print to notify_queue_head [2016/04/14 10:01:46.372938, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2669(add_to_jobs_added) add_to_jobs_added: Added jobid 76 [2016/04/14 10:01:46.372955, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter out: struct spoolss_StartDocPrinter job_id : * job_id : 0x0000004c (76) result : WERR_OK [2016/04/14 10:01:46.372999, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:80(pjobid_to_rap) pjobid_to_rap: called. [2016/04/14 10:01:46.373022, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:115(pjobid_to_rap) pjobid_to_rap: created jobid 76 maps to RAP jobid 1 [2016/04/14 10:01:46.373037, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5795(reply_printopen) openprint fd=35 fnum 8713 [2016/04/14 10:01:46.373049, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.373057, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=5808 smb_uid=59137 smb_mid=48768 smt_wct=1 smb_vwv[ 0]= 8713 (0x2209) smb_bcc=0 [2016/04/14 10:01:46.373093, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.373714, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 60 [2016/04/14 10:01:46.373757, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x3c [2016/04/14 10:01:46.373773, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 5 of length 64 (0 toread) [2016/04/14 10:01:46.373792, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.373799, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=60 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=7120 smb_uid=59137 smb_mid=48832 smt_wct=2 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1 (0x1) smb_bcc=21 [2016/04/14 10:01:46.373834, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [0000] 04 53 00 53 00 48 00 49 00 56 00 41 00 50 00 50 .S.S.H.I .V.A.P.P [0010] 00 41 00 00 00 .A... [2016/04/14 10:01:46.373870, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplopen (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.373884, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.373903, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.373915, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.373929, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 7E0A93ED [2016/04/14 10:01:46.373945, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d5a800 [2016/04/14 10:01:46.373957, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) smbXsrv_open_global_verify_record: empty value [2016/04/14 10:01:46.373986, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) smbXsrv_open_global_store: key '7E0A93ED' stored [2016/04/14 10:01:46.374000, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x7e0a93ed (2114622445) open_persistent_id : 0x000000007e0a93ed (2114622445) open_volatile_id : 0x000000000000a676 (42614) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:46 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2016/04/14 10:01:46.374138, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 7E0A93ED [2016/04/14 10:01:46.374152, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.374187, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.374200, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) smbXsrv_open_create: global_id (0x7e0a93ed) stored [2016/04/14 10:01:46.374210, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x0000a676 (42614) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x7e0a93ed (2114622445) open_persistent_id : 0x000000007e0a93ed (2114622445) open_volatile_id : 0x000000000000a676 (42614) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:46 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Thu Apr 14 10:01:46 AM 2016 IST compat : NULL flags : 0x00 (0) 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE create_action : 0x00000000 (0) [2016/04/14 10:01:46.374392, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:128(file_new) allocated file structure fnum 42614 (2 used) [2016/04/14 10:01:46.374449, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection spoolss [2016/04/14 10:01:46.374473, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:1072(rpc_pipe_open_interface) Connecting to spoolss pipe. [2016/04/14 10:01:46.374500, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested spoolss [2016/04/14 10:01:46.374515, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe spoolss [2016/04/14 10:01:46.374526, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss [2016/04/14 10:01:46.374565, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe spoolss [2016/04/14 10:01:46.374595, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'Print' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ [2016/04/14 10:01:46.374663, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.374677, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 [2016/04/14 10:01:46.374688, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.374698, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:01:46.374708, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:01:46.374735, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/server_reload.c:75(delete_and_reload_printers) skipping printer reload, already up to date. [2016/04/14 10:01:46.374752, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 checking name: Print [2016/04/14 10:01:46.374765, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:735(open_printer_hnd) open_printer_hnd: name [Print] [2016/04/14 10:01:46.374777, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.374808, 3, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:507(set_printer_hnd_printertype) Setting printer type=Print Printer is a printer [2016/04/14 10:01:46.374821, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:567(set_printer_hnd_name) Setting printer name=Print (len=5) searching for [Print] [2016/04/14 10:01:46.374845, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Thu Jan 1 05:30:00 AM 1970 IST] (-1460608306 seconds in the past) [2016/04/14 10:01:46.374918, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Fri Jan 16 10:49:41 PM 1970 IST] (-1459249925 seconds in the past) set_printer_hnd_name: Printer found: Print -> Print [2016/04/14 10:01:46.374973, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:771(open_printer_hnd) 1 printer handles active [2016/04/14 10:01:46.374985, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.375017, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.375047, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.375077, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.188.101.162 (10.188.101.162) [2016/04/14 10:01:46.375117, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share Print is ok for unix user nobody [2016/04/14 10:01:46.375146, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.375168, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.375180, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.375221, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.375244, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.375298, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.375310, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.375323, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.375333, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.375350, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.375360, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.375392, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.375417, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.375431, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.375465, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.375527, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.375632, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.375667, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.375678, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.375690, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.375700, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.375716, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.375726, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.375758, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.375782, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.375794, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.375806, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.375816, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.375828, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.375838, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.375864, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.375887, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.375900, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.375911, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.375921, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.375933, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.375943, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.375967, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.375990, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.376002, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.376013, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.376027, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.376040, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.376050, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.376091, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.376104, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.376116, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.376127, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.376148, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.376163, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.376201, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.376214, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.376226, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.376237, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.376250, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.376260, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.376284, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.376309, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.376321, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.376333, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.376343, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.376361, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.376371, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.376392, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.376414, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.376428, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.376439, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.376451, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.376462, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.376474, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.376485, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.376497, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.376529, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.376591, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.376678, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.376712, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.376723, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.376734, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.376745, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.376769, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.376783, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.376849, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.376935, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.376968, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.376979, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.376996, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.377806, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.377842, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.377874, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.377905, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.377919, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.377930, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.377979, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.378011, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.378042, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.378072, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.378083, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.378094, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.378145, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.378166, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.378179, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.378189, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.378207, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.378217, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.378228, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.378239, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1922(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2016/04/14 10:01:46.378263, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.378278, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.378289, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.378323, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.378344, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.378395, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.378406, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.378419, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.378429, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.378440, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.378450, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.378480, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.378503, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.378518, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.378551, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.378607, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.378715, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.378749, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.378760, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.378772, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.378782, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.378794, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.378803, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.378834, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.378858, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.378871, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.378882, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.378892, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.378904, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.378914, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.378945, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.378968, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.378980, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.378992, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.379002, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.379014, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.379024, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.379047, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.379070, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.379083, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.379094, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.379104, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.379117, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.379126, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.379181, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.379204, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.379216, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.379226, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.379239, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.379249, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.379281, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.379294, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.379306, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.379316, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.379330, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.379339, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.379363, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.379386, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.379399, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.379410, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.379420, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.379434, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.379443, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.379464, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.379486, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.379500, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.379511, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.379523, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.379535, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.379549, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.379562, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.379573, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.379605, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.379651, 2, pid=12849, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print already exists [2016/04/14 10:01:46.379671, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.379703, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.379734, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.379764, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.379774, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.379785, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.379832, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.379865, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.379900, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.379930, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.379940, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.379951, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.379994, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.380009, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.380069, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter in: struct spoolss_StartDocPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-0f57-321d31320000 info_ctr : * info_ctr: struct spoolss_DocumentInfoCtr level : 0x00000001 (1) info : union spoolss_DocumentInfo(case 1) info1 : * info1: struct spoolss_DocumentInfo1 document_name : * document_name : 'Remote Downlevel Document' output_file : * output_file : '/var/spool/samba//smbprn.r5CeH3' datatype : * datatype : 'RAW' [2016/04/14 10:01:46.380153, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.380202, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.380242, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.380280, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.380296, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.380307, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.380339, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.380361, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.380413, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.380425, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.380437, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.380447, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.380458, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.380467, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.380496, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.380519, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.380533, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.380566, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.380623, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.380731, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.380766, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.380777, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.380789, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.380799, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.380810, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.380819, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.380850, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.380874, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.380887, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.380899, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.380909, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.380920, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.380930, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.380956, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.380983, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.380996, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.381007, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.381018, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.381029, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.381039, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.381062, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.381085, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.381097, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.381108, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.381118, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.381131, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.381140, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.381202, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.381218, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.381230, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.381241, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.381255, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.381265, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.381308, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.381325, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.381338, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.381349, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.381362, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.381388, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.381413, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.381445, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.381457, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.381468, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.381481, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.381495, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.381505, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.381526, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.381548, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.381561, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.381573, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.381585, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.381596, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.381608, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.381623, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.381635, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.381667, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.381727, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.381823, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.381858, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.381869, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.381880, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.381892, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.381917, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.381931, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.382003, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.382089, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.382122, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.382141, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.382154, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.382939, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.382975, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.383008, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.383039, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.383050, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.383061, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.383108, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.383141, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.383197, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.383228, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.383244, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.383256, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.383299, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.383315, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.383326, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.383336, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.383345, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.383355, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.383366, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.383386, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.383400, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.383411, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.383446, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.383470, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.383523, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.383535, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.383547, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.383562, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.383573, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.383583, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.383612, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.383636, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.383649, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.383682, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.383739, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.383843, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.383877, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.383889, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.383901, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.383915, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.383927, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.383936, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.383968, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.383991, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.384004, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.384016, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.384026, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.384037, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.384047, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.384073, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.384096, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.384108, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.384120, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.384130, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.384150, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.384166, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.384199, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.384222, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.384234, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.384246, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.384260, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.384273, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.384282, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.384320, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.384334, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.384345, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.384356, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.384369, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.384378, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.384405, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.384418, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.384430, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.384441, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.384454, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.384463, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.384488, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.384511, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.384523, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.384535, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.384549, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.384563, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.384572, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.384595, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.384617, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.384631, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.384643, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.384655, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.384666, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.384678, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.384690, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.384701, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 0F 57 32 1D .... ... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.384733, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.384788, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-0f57-321d31320000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/04/14 10:01:46.384843, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 0F 57 32 1D .... ... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.384881, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.384894, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.384918, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.384930, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.384953, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000001 (1) max_valnamelen : * max_valnamelen : 0x00000012 (18) max_valbufsize : * max_valbufsize : 0x000000b0 (176) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/04/14 10:01:46.385071, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-0f57-321d31320000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0014 (20) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2016/04/14 10:01:46.385177, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 0F 57 32 1D .... ... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.385222, 8, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.385236, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0014 (20) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) size : * size : 0x000000b0 (176) length : * length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.386061, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.386157, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 0F 57 32 1D .... ... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.386207, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.386219, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.386230, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2016/04/14 10:01:46.386241, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2016/04/14 10:01:46.386308, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.386362, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.386374, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.386387, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.386397, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.386408, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.386417, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.386446, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.386469, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.386489, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 0F 57 32 1D ....!... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.386522, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.386578, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.386682, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 0F 57 32 1D ....!... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.386717, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.386728, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.386740, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.386751, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.386762, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.386771, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.386802, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.386830, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.386844, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.386855, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.386866, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.386877, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.386887, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.386913, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.386936, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.386949, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.386961, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.386971, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.386983, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.386992, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.387016, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.387039, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.387051, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.387063, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.387073, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.387085, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.387095, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.387136, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.387168, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.387189, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.387200, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.387213, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.387222, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.387250, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.387264, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (10->11) [2016/04/14 10:01:46.387276, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.387286, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.387300, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.387309, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.387333, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.387358, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.387371, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (11->12) [2016/04/14 10:01:46.387383, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.387394, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.387407, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.387417, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.387438, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.387465, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.387479, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (12->11) [2016/04/14 10:01:46.387491, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (11->10) [2016/04/14 10:01:46.387503, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.387514, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.387526, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.387537, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.387549, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 0F 57 32 1D ...."... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.387581, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.387638, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.387719, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 0F 57 32 1D ...."... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.387751, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.387765, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.387776, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.387788, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.387811, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.387825, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.387890, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.387975, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 0F 57 32 1D ...."... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.388009, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.388019, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.388032, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.388821, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.388858, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 0F 57 32 1D ...."... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.388890, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 0F 57 32 1D ...."... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.388920, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.388931, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.388942, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.388993, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.389027, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 0F 57 32 1D ....!... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.389059, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 0F 57 32 1D ....!... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.389090, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.389101, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.389112, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.389164, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.389199, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 0F 57 32 1D .... ... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.389231, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 0F 57 32 1D .... ... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.389260, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.389271, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.389282, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.389328, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.389365, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.389397, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.389428, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.389439, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.389450, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.389493, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.389523, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2837(print_job_start) print_job_start: Queue Print number of jobs (1), max printjobs = 1000 [2016/04/14 10:01:46.389541, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2605(allocate_print_jobid) allocate_print_jobid: Read jobid 76 from Print [2016/04/14 10:01:46.389583, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2769(print_job_spool_file) print_job_spool_file:External spooling activated [2016/04/14 10:01:46.389613, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x10 for printer Print to notify_queue_head [2016/04/14 10:01:46.389626, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x03 for printer Print to notify_queue_head [2016/04/14 10:01:46.389638, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0d for printer Print to notify_queue_head [2016/04/14 10:01:46.389650, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head [2016/04/14 10:01:46.389661, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x16 for printer Print to notify_queue_head [2016/04/14 10:01:46.389672, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x14 for printer Print to notify_queue_head [2016/04/14 10:01:46.389683, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2669(add_to_jobs_added) add_to_jobs_added: Added jobid 77 [2016/04/14 10:01:46.389704, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter out: struct spoolss_StartDocPrinter job_id : * job_id : 0x0000004d (77) result : WERR_OK [2016/04/14 10:01:46.389743, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:80(pjobid_to_rap) pjobid_to_rap: called. [2016/04/14 10:01:46.389760, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:115(pjobid_to_rap) pjobid_to_rap: created jobid 77 maps to RAP jobid 2 [2016/04/14 10:01:46.389776, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5795(reply_printopen) openprint fd=38 fnum 42614 [2016/04/14 10:01:46.389789, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.389796, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=7120 smb_uid=59137 smb_mid=48832 smt_wct=1 smb_vwv[ 0]=42614 (0xA676) smb_bcc=0 [2016/04/14 10:01:46.389829, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.390365, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 37 [2016/04/14 10:01:46.390399, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x25 [2016/04/14 10:01:46.390414, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 6 of length 41 (0 toread) [2016/04/14 10:01:46.390425, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.390433, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=48896 smt_wct=1 smb_vwv[ 0]=42614 (0xA676) smb_bcc=0 [2016/04/14 10:01:46.390466, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.390478, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplclose (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.390492, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.390507, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5833(reply_printclose) printclose fd=38 fnum 42614 [2016/04/14 10:01:46.390536, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.390572, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.390605, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.390641, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.390672, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.390688, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:469(print_job_find) print_job_find: looking up job 77 for share Print [2016/04/14 10:01:46.390706, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:497(print_job_find) print_job_find: returning system job -1 for jobid 77. [2016/04/14 10:01:46.390720, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:3009(print_job_end) print_job_end: canceling spool of /var/spool/samba//smbprn.r5CeH3 (zero length) [2016/04/14 10:01:46.390742, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:469(print_job_find) print_job_find: looking up job 77 for share Print [2016/04/14 10:01:46.390757, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:497(print_job_find) print_job_find: returning system job -1 for jobid 77. [2016/04/14 10:01:46.390769, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head [2016/04/14 10:01:46.390794, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2139(remove_from_jobs_added) remove_from_jobs_added: removed jobid 77 [2016/04/14 10:01:46.390805, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:159(rap_jobid_delete) rap_jobid_delete: called. [2016/04/14 10:01:46.390816, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:179(rap_jobid_delete) rap_jobid_delete: deleting jobid 77 [2016/04/14 10:01:46.390830, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.390860, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.390890, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.390901, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.390949, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.390962, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.390976, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 7E0A93ED [2016/04/14 10:01:46.390990, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d582f8 [2016/04/14 10:01:46.391011, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 7E0A93ED [2016/04/14 10:01:46.391024, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.391034, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.391050, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:554(file_free) freed files structure 42614 (1 used) [2016/04/14 10:01:46.391062, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.391070, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=35 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=48896 smt_wct=0 smb_bcc=0 [2016/04/14 10:01:46.391100, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.391496, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 37 [2016/04/14 10:01:46.391528, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x25 [2016/04/14 10:01:46.391544, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 7 of length 41 (0 toread) [2016/04/14 10:01:46.391556, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.391564, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=48960 smt_wct=1 smb_vwv[ 0]= 8713 (0x2209) smb_bcc=0 [2016/04/14 10:01:46.391597, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.391608, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplclose (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.391620, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.391633, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5833(reply_printclose) printclose fd=35 fnum 8713 [2016/04/14 10:01:46.391654, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.391689, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:348(find_policy_by_hnd_internal) Policy not found: [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.391722, 2, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:344(find_printer_index_by_hnd) find_printer_index_by_hnd: Printer handle not found: Policy not found: [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.391754, 2, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:344(find_printer_index_by_hnd) find_printer_index_by_hnd: Printer handle not found: close_printer_handle: Invalid handle (OURS:12849:12849) [2016/04/14 10:01:46.391777, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printspoolss.c:326(print_spool_end) Failed to close printer Print [NT code 0x1c00001a] [2016/04/14 10:01:46.391805, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.391817, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.391830, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 08703C0A [2016/04/14 10:01:46.391845, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d582f8 [2016/04/14 10:01:46.391863, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 08703C0A [2016/04/14 10:01:46.391875, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.391885, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.391901, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:554(file_free) freed files structure 8713 (0 used) [2016/04/14 10:01:46.391913, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.391920, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=35 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=48960 smt_wct=0 smb_bcc=0 [2016/04/14 10:01:46.391950, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.392429, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 60 [2016/04/14 10:01:46.392461, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x3c [2016/04/14 10:01:46.392477, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 8 of length 64 (0 toread) [2016/04/14 10:01:46.392489, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.392497, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=60 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=7120 smb_uid=59137 smb_mid=49024 smt_wct=2 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1 (0x1) smb_bcc=21 [2016/04/14 10:01:46.392533, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [0000] 04 53 00 53 00 48 00 49 00 56 00 41 00 50 00 50 .S.S.H.I .V.A.P.P [0010] 00 41 00 00 00 .A... [2016/04/14 10:01:46.392568, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplopen (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.392581, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.392598, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.392610, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.392629, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 7C16796C [2016/04/14 10:01:46.392644, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d407f8 [2016/04/14 10:01:46.392655, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) smbXsrv_open_global_verify_record: empty value [2016/04/14 10:01:46.392683, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) smbXsrv_open_global_store: key '7C16796C' stored [2016/04/14 10:01:46.392697, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x7c16796c (2081847660) open_persistent_id : 0x000000007c16796c (2081847660) open_volatile_id : 0x00000000000049f7 (18935) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:46 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2016/04/14 10:01:46.392825, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 7C16796C [2016/04/14 10:01:46.392838, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.392849, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.392861, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) smbXsrv_open_create: global_id (0x7c16796c) stored [2016/04/14 10:01:46.392871, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x000049f7 (18935) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x7c16796c (2081847660) open_persistent_id : 0x000000007c16796c (2081847660) open_volatile_id : 0x00000000000049f7 (18935) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:46 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Thu Apr 14 10:01:46 AM 2016 IST compat : NULL flags : 0x00 (0) 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE create_action : 0x00000000 (0) [2016/04/14 10:01:46.393051, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:128(file_new) allocated file structure fnum 18935 (1 used) [2016/04/14 10:01:46.393176, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection spoolss [2016/04/14 10:01:46.393202, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:1072(rpc_pipe_open_interface) Connecting to spoolss pipe. [2016/04/14 10:01:46.393222, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested spoolss [2016/04/14 10:01:46.393236, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe spoolss [2016/04/14 10:01:46.393248, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss [2016/04/14 10:01:46.393282, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe spoolss [2016/04/14 10:01:46.393310, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'Print' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ [2016/04/14 10:01:46.393376, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.393395, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 [2016/04/14 10:01:46.393406, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.393416, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:01:46.393426, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:01:46.393455, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/server_reload.c:75(delete_and_reload_printers) skipping printer reload, already up to date. [2016/04/14 10:01:46.393471, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 checking name: Print [2016/04/14 10:01:46.393485, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:735(open_printer_hnd) open_printer_hnd: name [Print] [2016/04/14 10:01:46.393497, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 0F 57 32 1D ....#... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.393529, 3, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:507(set_printer_hnd_printertype) Setting printer type=Print Printer is a printer [2016/04/14 10:01:46.393541, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:567(set_printer_hnd_name) Setting printer name=Print (len=5) searching for [Print] [2016/04/14 10:01:46.393565, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Thu Jan 1 05:30:00 AM 1970 IST] (-1460608306 seconds in the past) [2016/04/14 10:01:46.393636, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Fri Jan 16 10:49:41 PM 1970 IST] (-1459249925 seconds in the past) set_printer_hnd_name: Printer found: Print -> Print [2016/04/14 10:01:46.393691, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:771(open_printer_hnd) 1 printer handles active [2016/04/14 10:01:46.393704, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 0F 57 32 1D ....#... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.393736, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 0F 57 32 1D ....#... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.393767, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.393788, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.188.101.162 (10.188.101.162) [2016/04/14 10:01:46.393827, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share Print is ok for unix user nobody [2016/04/14 10:01:46.393853, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.393873, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.393885, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.393918, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.393940, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.393993, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.394005, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.394018, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.394028, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.394039, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.394049, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.394079, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.394102, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.394116, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 0F 57 32 1D ....$... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.394149, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.394216, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.394324, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 0F 57 32 1D ....$... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.394358, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.394370, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.394382, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.394392, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.394404, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.394414, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.394445, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.394469, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.394482, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.394494, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.394504, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.394516, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.394525, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.394552, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.394579, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.394592, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.394604, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.394614, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.394626, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.394635, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.394659, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.394682, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.394694, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.394706, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.394716, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.394728, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.394738, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.394776, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.394789, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.394801, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.394812, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.394825, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.394835, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.394862, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.394878, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.394890, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.394901, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.394915, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.394924, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.394949, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.394972, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.394984, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.394995, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.395006, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.395019, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.395029, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.395050, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.395071, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.395085, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.395097, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.395109, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.395120, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.395132, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.395147, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.395164, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 0F 57 32 1D ....%... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.395198, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.395257, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.395339, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 0F 57 32 1D ....%... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.395372, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.395383, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.395394, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.395406, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.395430, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.395444, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.395514, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.395601, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 0F 57 32 1D ....%... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.395634, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.395644, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.395657, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.396463, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.396500, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 0F 57 32 1D ....%... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.396532, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 0F 57 32 1D ....%... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.396562, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.396573, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.396584, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.396631, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.396663, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 0F 57 32 1D ....$... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.396696, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 0F 57 32 1D ....$... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.396727, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.396742, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.396753, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.396797, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.396812, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.396823, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.396833, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.396843, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.396853, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.396863, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.396874, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1922(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2016/04/14 10:01:46.396893, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.396906, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.396918, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.396950, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.396971, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.397023, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.397035, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.397052, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.397062, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.397073, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.397083, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.397112, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.397135, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.397149, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 0F 57 32 1D ....&... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.397188, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.397246, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.397348, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 0F 57 32 1D ....&... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.397381, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.397393, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.397410, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.397420, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.397432, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.397441, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.397473, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.397497, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.397510, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.397522, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.397532, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.397543, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.397553, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.397579, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.397602, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.397614, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.397626, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.397636, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.397648, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.397658, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.397681, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.397703, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.397716, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.397731, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.397742, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.397754, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.397764, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.397802, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.397815, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.397827, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.397838, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.397851, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.397861, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.397888, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.397901, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.397912, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.397923, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.397936, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.397946, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.397969, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.397992, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.398004, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.398019, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.398030, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.398043, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.398053, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.398074, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.398097, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.398110, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.398122, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.398134, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.398146, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.398162, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.398175, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.398187, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 0F 57 32 1D ....'... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.398219, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.398264, 2, pid=12849, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print already exists [2016/04/14 10:01:46.398285, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.398321, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 0F 57 32 1D ....'... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.398353, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 0F 57 32 1D ....'... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.398383, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.398393, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.398404, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.398451, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.398484, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 0F 57 32 1D ....&... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.398515, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 0F 57 32 1D ....&... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.398544, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.398555, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.398566, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.398608, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.398623, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.398685, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter in: struct spoolss_StartDocPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-0f57-321d31320000 info_ctr : * info_ctr: struct spoolss_DocumentInfoCtr level : 0x00000001 (1) info : union spoolss_DocumentInfo(case 1) info1 : * info1: struct spoolss_DocumentInfo1 document_name : * document_name : 'Remote Downlevel Document' output_file : * output_file : '/var/spool/samba//smbprn.yDwHuO' datatype : * datatype : 'RAW' [2016/04/14 10:01:46.398770, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 0F 57 32 1D ....#... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.398803, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 0F 57 32 1D ....#... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.398833, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.398862, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.398878, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.398889, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.398921, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.398942, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.398994, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.399006, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.399023, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.399034, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.399045, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.399054, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.399083, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.399106, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.399120, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 0F 57 32 1D ....(... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.399153, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.399218, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.399321, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 0F 57 32 1D ....(... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.399355, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.399366, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.399382, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.399393, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.399404, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.399414, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.399445, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.399468, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.399480, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.399492, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.399502, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.399514, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.399524, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.399550, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.399573, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.399585, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.399597, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.399607, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.399619, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.399629, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.399652, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.399674, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.399687, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.399702, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.399713, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.399725, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.399735, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.399773, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.399786, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.399798, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.399808, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.399822, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.399831, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.399858, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.399870, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.399882, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.399892, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.399906, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.399915, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.399939, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.399962, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.399974, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.399986, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.400000, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.400014, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.400023, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.400044, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.400066, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.400079, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.400091, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.400103, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.400114, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.400126, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.400137, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.400149, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 0F 57 32 1D ....)... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.400187, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.400245, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.400334, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 0F 57 32 1D ....)... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.400367, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.400378, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.400389, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.400400, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.400424, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.400438, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.400504, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.400589, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 0F 57 32 1D ....)... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.400621, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.400635, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.400649, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.401438, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.401475, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 0F 57 32 1D ....)... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.401507, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 0F 57 32 1D ....)... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.401543, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.401554, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.401565, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.401612, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.401645, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 0F 57 32 1D ....(... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.401677, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 0F 57 32 1D ....(... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.401708, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.401718, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.401729, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.401771, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.401786, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.401797, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.401807, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.401817, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.401826, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.401840, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.401860, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.401874, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.401885, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.401919, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.401944, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.401997, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.402009, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.402022, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.402032, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.402043, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.402052, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.402081, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.402104, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.402118, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 0F 57 32 1D ....*... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.402152, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.402217, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.402331, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 0F 57 32 1D ....*... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.402366, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.402378, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.402391, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.402401, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.402412, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.402422, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.402453, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.402477, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.402490, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.402502, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.402512, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.402523, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.402533, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.402565, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.402589, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.402601, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.402613, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.402624, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.402636, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.402645, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.402669, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.402692, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.402704, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.402716, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.402726, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.402739, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.402748, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.402786, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.402799, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.402811, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.402822, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.402835, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.402844, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.402878, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.402891, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.402903, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.402914, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.402927, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.402936, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.402960, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.402983, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.402996, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.403007, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.403018, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.403031, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.403041, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.403062, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.403085, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.403098, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.403110, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.403122, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.403134, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.403149, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.403166, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.403179, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 0F 57 32 1D ....+... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.403211, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.403266, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-0f57-321d31320000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/04/14 10:01:46.403321, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 0F 57 32 1D ....+... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.403356, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.403368, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.403391, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.403404, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.403427, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000001 (1) max_valnamelen : * max_valnamelen : 0x00000012 (18) max_valbufsize : * max_valbufsize : 0x000000b0 (176) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/04/14 10:01:46.403550, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-0f57-321d31320000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0014 (20) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2016/04/14 10:01:46.403640, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 0F 57 32 1D ....+... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.403672, 8, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.403685, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0014 (20) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) size : * size : 0x000000b0 (176) length : * length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.404489, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.404571, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 0F 57 32 1D ....+... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.404603, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.404614, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.404626, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2016/04/14 10:01:46.404636, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2016/04/14 10:01:46.404703, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.404757, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.404769, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.404781, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.404792, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.404803, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.404812, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.404841, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.404864, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.404879, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 0F 57 32 1D ....,... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.404911, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.404967, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.405074, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 0F 57 32 1D ....,... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.405109, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.405121, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.405133, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.405143, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.405155, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.405170, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.405203, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.405227, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.405239, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.405251, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.405262, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.405274, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.405283, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.405309, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.405333, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.405345, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.405357, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.405371, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.405384, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.405393, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.405417, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.405440, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.405453, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.405465, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.405475, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.405487, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.405497, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.405535, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.405549, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.405561, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.405571, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.405584, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.405594, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.405621, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.405634, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (10->11) [2016/04/14 10:01:46.405645, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.405656, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.405673, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.405683, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.405710, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.405734, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.405747, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (11->12) [2016/04/14 10:01:46.405758, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.405769, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.405782, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.405792, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.405813, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.405836, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.405849, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (12->11) [2016/04/14 10:01:46.405861, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (11->10) [2016/04/14 10:01:46.405873, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.405885, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.405896, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.405908, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.405919, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 0F 57 32 1D ....-... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.405951, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.406012, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.406094, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 0F 57 32 1D ....-... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.406128, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.406139, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.406149, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.406166, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.406190, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.406205, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.406269, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.406358, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 0F 57 32 1D ....-... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.406390, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.406401, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.406413, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.407227, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.407263, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 0F 57 32 1D ....-... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.407295, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 0F 57 32 1D ....-... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.407325, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.407336, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.407347, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.407394, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.407428, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 0F 57 32 1D ....,... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.407460, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 0F 57 32 1D ....,... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.407492, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.407503, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.407514, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.407567, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.407600, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 0F 57 32 1D ....+... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.407632, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 0F 57 32 1D ....+... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.407663, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.407674, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.407684, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.407730, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.407763, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 0F 57 32 1D ....*... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.407796, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 0F 57 32 1D ....*... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.407827, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.407837, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.407848, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.407890, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.407924, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2837(print_job_start) print_job_start: Queue Print number of jobs (2), max printjobs = 1000 [2016/04/14 10:01:46.407943, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2605(allocate_print_jobid) allocate_print_jobid: Read jobid 77 from Print [2016/04/14 10:01:46.407976, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2769(print_job_spool_file) print_job_spool_file:External spooling activated [2016/04/14 10:01:46.408002, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x10 for printer Print to notify_queue_head [2016/04/14 10:01:46.408016, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x03 for printer Print to notify_queue_head [2016/04/14 10:01:46.408028, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0d for printer Print to notify_queue_head [2016/04/14 10:01:46.408039, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head [2016/04/14 10:01:46.408050, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x16 for printer Print to notify_queue_head [2016/04/14 10:01:46.408061, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x14 for printer Print to notify_queue_head [2016/04/14 10:01:46.408072, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2669(add_to_jobs_added) add_to_jobs_added: Added jobid 78 [2016/04/14 10:01:46.408089, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter out: struct spoolss_StartDocPrinter job_id : * job_id : 0x0000004e (78) result : WERR_OK [2016/04/14 10:01:46.408126, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:80(pjobid_to_rap) pjobid_to_rap: called. [2016/04/14 10:01:46.408143, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:115(pjobid_to_rap) pjobid_to_rap: created jobid 78 maps to RAP jobid 3 [2016/04/14 10:01:46.408163, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5795(reply_printopen) openprint fd=41 fnum 18935 [2016/04/14 10:01:46.408177, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.408184, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=7120 smb_uid=59137 smb_mid=49024 smt_wct=1 smb_vwv[ 0]=18935 (0x49F7) smb_bcc=0 [2016/04/14 10:01:46.408217, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.408777, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 60 [2016/04/14 10:01:46.408809, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x3c [2016/04/14 10:01:46.408825, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 9 of length 64 (0 toread) [2016/04/14 10:01:46.408842, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.408850, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=60 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=5808 smb_uid=59137 smb_mid=49088 smt_wct=2 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1 (0x1) smb_bcc=21 [2016/04/14 10:01:46.408886, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [0000] 04 53 00 53 00 48 00 49 00 56 00 41 00 50 00 50 .S.S.H.I .V.A.P.P [0010] 00 41 00 00 00 .A... [2016/04/14 10:01:46.408922, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplopen (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.408935, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.408952, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.408964, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.408977, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 5EC8D67A [2016/04/14 10:01:46.408992, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d407f8 [2016/04/14 10:01:46.409003, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) smbXsrv_open_global_verify_record: empty value [2016/04/14 10:01:46.409030, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) smbXsrv_open_global_store: key '5EC8D67A' stored [2016/04/14 10:01:46.409044, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x5ec8d67a (1590220410) open_persistent_id : 0x000000005ec8d67a (1590220410) open_volatile_id : 0x000000000000a16c (41324) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:46 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2016/04/14 10:01:46.409177, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 5EC8D67A [2016/04/14 10:01:46.409190, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.409206, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.409218, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) smbXsrv_open_create: global_id (0x5ec8d67a) stored [2016/04/14 10:01:46.409228, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x0000a16c (41324) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x5ec8d67a (1590220410) open_persistent_id : 0x000000005ec8d67a (1590220410) open_volatile_id : 0x000000000000a16c (41324) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:46 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Thu Apr 14 10:01:46 AM 2016 IST compat : NULL flags : 0x00 (0) 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE create_action : 0x00000000 (0) [2016/04/14 10:01:46.409401, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:128(file_new) allocated file structure fnum 41324 (2 used) [2016/04/14 10:01:46.409455, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection spoolss [2016/04/14 10:01:46.409478, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:1072(rpc_pipe_open_interface) Connecting to spoolss pipe. [2016/04/14 10:01:46.409497, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested spoolss [2016/04/14 10:01:46.409510, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe spoolss [2016/04/14 10:01:46.409522, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss [2016/04/14 10:01:46.409560, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe spoolss [2016/04/14 10:01:46.409588, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'Print' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ [2016/04/14 10:01:46.409654, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.409667, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 [2016/04/14 10:01:46.409677, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.409688, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:01:46.409697, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:01:46.409724, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/server_reload.c:75(delete_and_reload_printers) skipping printer reload, already up to date. [2016/04/14 10:01:46.409740, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 checking name: Print [2016/04/14 10:01:46.409753, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:735(open_printer_hnd) open_printer_hnd: name [Print] [2016/04/14 10:01:46.409764, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.409796, 3, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:507(set_printer_hnd_printertype) Setting printer type=Print Printer is a printer [2016/04/14 10:01:46.409808, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:567(set_printer_hnd_name) Setting printer name=Print (len=5) searching for [Print] [2016/04/14 10:01:46.409830, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Thu Jan 1 05:30:00 AM 1970 IST] (-1460608306 seconds in the past) [2016/04/14 10:01:46.409897, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Fri Jan 16 10:49:41 PM 1970 IST] (-1459249925 seconds in the past) set_printer_hnd_name: Printer found: Print -> Print [2016/04/14 10:01:46.409953, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:771(open_printer_hnd) 1 printer handles active [2016/04/14 10:01:46.409970, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.410002, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.410032, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.410051, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.188.101.162 (10.188.101.162) [2016/04/14 10:01:46.410088, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share Print is ok for unix user nobody [2016/04/14 10:01:46.410114, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.410129, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.410140, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.410181, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.410205, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.410258, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.410270, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.410282, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.410293, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.410304, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.410313, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.410343, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.410372, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.410386, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 0F 57 32 1D ..../... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.410420, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.410479, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.410585, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 0F 57 32 1D ..../... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.410620, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.410631, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.410643, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.410653, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.410665, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.410674, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.410706, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.410735, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.410748, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.410760, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.410770, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.410782, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.410791, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.410818, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.410841, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.410853, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.410865, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.410875, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.410887, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.410897, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.410920, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.410942, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.410955, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.410966, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.410976, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.410989, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.410999, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.411040, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.411054, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.411066, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.411076, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.411089, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.411099, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.411126, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.411139, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.411151, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.411168, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.411183, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.411192, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.411217, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.411241, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.411253, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.411264, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.411275, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.411288, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.411298, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.411323, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.411346, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.411360, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.411371, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.411383, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.411394, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.411406, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.411417, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.411428, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 0F 57 32 1D ....0... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.411460, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000030-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.411519, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000030-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.411601, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 0F 57 32 1D ....0... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.411634, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.411650, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.411661, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.411673, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.411696, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.411710, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.411776, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000030-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.411861, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 0F 57 32 1D ....0... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.411894, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.411905, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.411917, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.412718, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000030-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.412756, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 0F 57 32 1D ....0... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.412789, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 0F 57 32 1D ....0... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.412820, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.412831, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.412842, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.412894, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.412934, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 0F 57 32 1D ..../... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.412966, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 0F 57 32 1D ..../... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.412996, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.413007, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.413018, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.413062, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.413078, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.413089, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.413099, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.413108, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.413118, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.413129, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.413140, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1922(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2016/04/14 10:01:46.413164, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.413179, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.413190, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.413228, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.413249, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.413301, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.413313, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.413325, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.413335, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.413347, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.413356, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.413385, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.413409, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.413423, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 0F 57 32 1D ....1... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.413456, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.413512, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.413621, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 0F 57 32 1D ....1... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.413655, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.413667, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.413678, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.413688, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.413700, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.413709, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.413741, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.413765, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.413777, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.413789, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.413799, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.413811, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.413820, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.413846, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.413869, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.413881, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.413896, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.413907, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.413919, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.413929, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.413952, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.413975, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.413987, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.413999, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.414009, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.414022, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.414031, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.414069, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.414082, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.414094, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.414105, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.414118, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.414128, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.414155, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.414175, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.414187, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.414202, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.414215, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.414225, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.414250, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.414273, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.414286, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.414297, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.414308, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.414321, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.414331, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.414352, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.414374, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.414388, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.414400, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.414412, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.414423, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.414434, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.414445, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.414457, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 0F 57 32 1D ....2... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.414493, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.414539, 2, pid=12849, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print already exists [2016/04/14 10:01:46.414559, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.414592, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 0F 57 32 1D ....2... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.414624, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 0F 57 32 1D ....2... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.414653, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.414664, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.414674, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.414722, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.414755, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 0F 57 32 1D ....1... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.414788, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 0F 57 32 1D ....1... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.414819, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.414834, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.414845, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.414888, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.414903, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.414961, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter in: struct spoolss_StartDocPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-0f57-321d31320000 info_ctr : * info_ctr: struct spoolss_DocumentInfoCtr level : 0x00000001 (1) info : union spoolss_DocumentInfo(case 1) info1 : * info1: struct spoolss_DocumentInfo1 document_name : * document_name : 'Remote Downlevel Document' output_file : * output_file : '/var/spool/samba//smbprn.Vbiklz' datatype : * datatype : 'RAW' [2016/04/14 10:01:46.415045, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.415077, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.415108, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.415137, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.415153, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.415171, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.415208, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.415230, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.415282, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.415294, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.415306, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.415317, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.415327, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.415337, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.415366, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.415389, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.415403, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 0F 57 32 1D ....3... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.415436, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000033-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.415493, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000033-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.415599, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 0F 57 32 1D ....3... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.415633, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.415644, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.415656, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.415666, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.415677, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.415687, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.415717, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.415741, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.415753, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.415765, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.415775, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.415787, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.415797, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.415823, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.415846, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.415858, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.415873, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.415884, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.415896, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.415905, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.415929, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.415951, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.415964, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.415975, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.415985, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.415998, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.416007, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.416046, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.416059, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.416071, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.416082, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.416095, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.416104, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.416131, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.416144, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.416155, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.416176, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.416190, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.416200, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.416225, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.416248, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.416260, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.416271, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.416282, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.416296, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.416305, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.416326, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.416348, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.416362, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.416374, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.416385, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.416397, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.416408, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.416419, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.416430, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 0F 57 32 1D ....4... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.416466, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.416524, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.416606, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 0F 57 32 1D ....4... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.416638, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.416649, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.416660, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.416671, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.416695, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.416709, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.416775, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.416866, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 0F 57 32 1D ....4... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.416900, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.416911, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.416923, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.417716, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.417753, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 0F 57 32 1D ....4... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.417786, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 0F 57 32 1D ....4... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.417817, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.417828, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.417839, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.417886, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000033-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.417919, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 0F 57 32 1D ....3... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.417951, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 0F 57 32 1D ....3... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.417981, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.417991, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.418002, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.418050, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.418066, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.418076, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.418086, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.418096, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.418106, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.418116, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.418135, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.418149, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.418166, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.418201, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.418226, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.418279, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.418292, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.418304, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.418314, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.418325, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.418335, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.418368, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.418392, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.418406, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 0F 57 32 1D ....5... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.418440, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000035-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.418496, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000035-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.418599, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 0F 57 32 1D ....5... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.418632, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.418644, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.418656, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.418667, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.418678, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.418688, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.418723, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.418747, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.418760, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.418772, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.418783, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.418794, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.418804, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.418830, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.418854, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.418866, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.418878, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.418888, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.418900, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.418909, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.418933, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.418956, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.418969, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.418980, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.418990, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.419003, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.419017, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.419056, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.419070, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.419082, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.419092, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.419106, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.419115, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.419142, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.419155, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.419173, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.419184, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.419198, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.419207, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.419231, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.419255, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.419267, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.419279, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.419289, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.419303, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.419313, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.419338, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.419362, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.419376, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.419388, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.419400, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.419411, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.419422, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.419434, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.419445, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 0F 57 32 1D ....6... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.419477, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.419531, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-0f57-321d31320000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/04/14 10:01:46.419587, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 0F 57 32 1D ....6... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.419622, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.419634, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.419661, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.419675, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.419698, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000001 (1) max_valnamelen : * max_valnamelen : 0x00000012 (18) max_valbufsize : * max_valbufsize : 0x000000b0 (176) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/04/14 10:01:46.419815, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-0f57-321d31320000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0014 (20) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2016/04/14 10:01:46.419904, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 0F 57 32 1D ....6... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.419938, 8, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.419951, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0014 (20) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) size : * size : 0x000000b0 (176) length : * length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.420761, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.420844, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 0F 57 32 1D ....6... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.420880, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.420892, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.420903, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2016/04/14 10:01:46.420914, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2016/04/14 10:01:46.420978, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.421032, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.421044, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.421056, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.421066, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.421078, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.421087, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.421116, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.421139, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.421153, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 0F 57 32 1D ....7... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.421193, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000037-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.421254, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000037-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.421358, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 0F 57 32 1D ....7... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.421392, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.421404, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.421416, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.421426, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.421437, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.421447, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.421479, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.421503, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.421516, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.421528, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.421542, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.421554, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.421563, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.421590, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.421613, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.421626, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.421637, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.421648, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.421660, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.421669, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.421693, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.421715, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.421728, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.421740, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.421750, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.421763, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.421772, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.421813, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.421827, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.421839, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.421853, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.421867, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.421877, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.421904, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.421917, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (10->11) [2016/04/14 10:01:46.421929, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.421940, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.421953, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.421963, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.421987, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.422010, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.422022, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (11->12) [2016/04/14 10:01:46.422034, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.422047, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.422060, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.422070, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.422091, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.422114, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.422128, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (12->11) [2016/04/14 10:01:46.422146, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (11->10) [2016/04/14 10:01:46.422164, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.422177, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.422188, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.422200, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.422212, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 0F 57 32 1D ....8... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.422243, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000038-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.422300, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000038-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.422381, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 0F 57 32 1D ....8... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.422415, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.422425, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.422436, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.422448, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.422475, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.422490, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.422555, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000038-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.422639, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 0F 57 32 1D ....8... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.422672, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.422683, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.422696, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.423522, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000038-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.423559, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 0F 57 32 1D ....8... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.423591, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 0F 57 32 1D ....8... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.423622, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.423633, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.423644, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.423691, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000037-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.423723, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 0F 57 32 1D ....7... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.423759, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 0F 57 32 1D ....7... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.423789, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.423800, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.423811, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.423859, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.423892, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 0F 57 32 1D ....6... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.423925, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 0F 57 32 1D ....6... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.423956, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.423967, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.423978, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.424025, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000035-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.424057, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 0F 57 32 1D ....5... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.424093, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 0F 57 32 1D ....5... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.424125, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.424135, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.424146, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.424195, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.424225, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2837(print_job_start) print_job_start: Queue Print number of jobs (3), max printjobs = 1000 [2016/04/14 10:01:46.424243, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2605(allocate_print_jobid) allocate_print_jobid: Read jobid 78 from Print [2016/04/14 10:01:46.424276, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2769(print_job_spool_file) print_job_spool_file:External spooling activated [2016/04/14 10:01:46.424302, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x10 for printer Print to notify_queue_head [2016/04/14 10:01:46.424315, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x03 for printer Print to notify_queue_head [2016/04/14 10:01:46.424327, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0d for printer Print to notify_queue_head [2016/04/14 10:01:46.424339, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head [2016/04/14 10:01:46.424350, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x16 for printer Print to notify_queue_head [2016/04/14 10:01:46.424361, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x14 for printer Print to notify_queue_head [2016/04/14 10:01:46.424372, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2669(add_to_jobs_added) add_to_jobs_added: Added jobid 79 [2016/04/14 10:01:46.424389, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter out: struct spoolss_StartDocPrinter job_id : * job_id : 0x0000004f (79) result : WERR_OK [2016/04/14 10:01:46.424427, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:80(pjobid_to_rap) pjobid_to_rap: called. [2016/04/14 10:01:46.424450, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:115(pjobid_to_rap) pjobid_to_rap: created jobid 79 maps to RAP jobid 4 [2016/04/14 10:01:46.424465, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5795(reply_printopen) openprint fd=42 fnum 41324 [2016/04/14 10:01:46.424477, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.424484, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=5808 smb_uid=59137 smb_mid=49088 smt_wct=1 smb_vwv[ 0]=41324 (0xA16C) smb_bcc=0 [2016/04/14 10:01:46.424517, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.424988, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 37 [2016/04/14 10:01:46.425020, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x25 [2016/04/14 10:01:46.425036, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 10 of length 41 (0 toread) [2016/04/14 10:01:46.425048, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.425055, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=49152 smt_wct=1 smb_vwv[ 0]=41324 (0xA16C) smb_bcc=0 [2016/04/14 10:01:46.425088, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.425110, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplclose (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.425123, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.425136, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5833(reply_printclose) printclose fd=42 fnum 41324 [2016/04/14 10:01:46.425159, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.425194, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.425227, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.425258, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.425288, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.425303, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:469(print_job_find) print_job_find: looking up job 79 for share Print [2016/04/14 10:01:46.425327, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:497(print_job_find) print_job_find: returning system job -1 for jobid 79. [2016/04/14 10:01:46.425342, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:3009(print_job_end) print_job_end: canceling spool of /var/spool/samba//smbprn.Vbiklz (zero length) [2016/04/14 10:01:46.425362, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:469(print_job_find) print_job_find: looking up job 79 for share Print [2016/04/14 10:01:46.425377, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:497(print_job_find) print_job_find: returning system job -1 for jobid 79. [2016/04/14 10:01:46.425389, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head [2016/04/14 10:01:46.425413, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2139(remove_from_jobs_added) remove_from_jobs_added: removed jobid 79 [2016/04/14 10:01:46.425425, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:159(rap_jobid_delete) rap_jobid_delete: called. [2016/04/14 10:01:46.425436, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:179(rap_jobid_delete) rap_jobid_delete: deleting jobid 79 [2016/04/14 10:01:46.425449, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.425480, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.425510, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.425520, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.425567, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.425580, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.425594, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 5EC8D67A [2016/04/14 10:01:46.425607, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d588a8 [2016/04/14 10:01:46.425624, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 5EC8D67A [2016/04/14 10:01:46.425635, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.425646, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.425666, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:554(file_free) freed files structure 41324 (1 used) [2016/04/14 10:01:46.425678, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.425686, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=35 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=49152 smt_wct=0 smb_bcc=0 [2016/04/14 10:01:46.425716, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.426104, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 37 [2016/04/14 10:01:46.426135, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x25 [2016/04/14 10:01:46.426151, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 11 of length 41 (0 toread) [2016/04/14 10:01:46.426163, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.426171, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=49216 smt_wct=1 smb_vwv[ 0]=18935 (0x49F7) smb_bcc=0 [2016/04/14 10:01:46.426204, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.426215, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplclose (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.426227, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.426239, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5833(reply_printclose) printclose fd=41 fnum 18935 [2016/04/14 10:01:46.426261, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.426296, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:348(find_policy_by_hnd_internal) Policy not found: [0000] 00 00 00 00 23 00 00 00 00 00 00 00 0F 57 32 1D ....#... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.426329, 2, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:344(find_printer_index_by_hnd) find_printer_index_by_hnd: Printer handle not found: Policy not found: [0000] 00 00 00 00 23 00 00 00 00 00 00 00 0F 57 32 1D ....#... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.426361, 2, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:344(find_printer_index_by_hnd) find_printer_index_by_hnd: Printer handle not found: close_printer_handle: Invalid handle (OURS:12849:12849) [2016/04/14 10:01:46.426379, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printspoolss.c:326(print_spool_end) Failed to close printer Print [NT code 0x1c00001a] [2016/04/14 10:01:46.426397, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.426413, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.426428, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 7C16796C [2016/04/14 10:01:46.426442, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d5b508 [2016/04/14 10:01:46.426460, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 7C16796C [2016/04/14 10:01:46.426472, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.426483, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.426498, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:554(file_free) freed files structure 18935 (0 used) [2016/04/14 10:01:46.426509, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.426517, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=35 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=49216 smt_wct=0 smb_bcc=0 [2016/04/14 10:01:46.426547, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.427029, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 60 [2016/04/14 10:01:46.427060, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x3c [2016/04/14 10:01:46.427076, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 12 of length 64 (0 toread) [2016/04/14 10:01:46.427097, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.427106, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=60 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=5808 smb_uid=59137 smb_mid=49280 smt_wct=2 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1 (0x1) smb_bcc=21 [2016/04/14 10:01:46.427142, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [0000] 04 53 00 53 00 48 00 49 00 56 00 41 00 50 00 50 .S.S.H.I .V.A.P.P [0010] 00 41 00 00 00 .A... [2016/04/14 10:01:46.427179, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplopen (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.427192, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.427208, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.427220, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.427233, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 7C0D97F9 [2016/04/14 10:01:46.427248, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d59038 [2016/04/14 10:01:46.427259, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) smbXsrv_open_global_verify_record: empty value [2016/04/14 10:01:46.427292, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) smbXsrv_open_global_store: key '7C0D97F9' stored [2016/04/14 10:01:46.427306, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x7c0d97f9 (2081265657) open_persistent_id : 0x000000007c0d97f9 (2081265657) open_volatile_id : 0x000000000000065b (1627) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:46 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2016/04/14 10:01:46.427426, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 7C0D97F9 [2016/04/14 10:01:46.427440, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.427450, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.427462, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) smbXsrv_open_create: global_id (0x7c0d97f9) stored [2016/04/14 10:01:46.427472, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x0000065b (1627) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x7c0d97f9 (2081265657) open_persistent_id : 0x000000007c0d97f9 (2081265657) open_volatile_id : 0x000000000000065b (1627) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:46 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Thu Apr 14 10:01:46 AM 2016 IST compat : NULL flags : 0x00 (0) 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE create_action : 0x00000000 (0) [2016/04/14 10:01:46.427648, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:128(file_new) allocated file structure fnum 1627 (1 used) [2016/04/14 10:01:46.427702, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection spoolss [2016/04/14 10:01:46.427725, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:1072(rpc_pipe_open_interface) Connecting to spoolss pipe. [2016/04/14 10:01:46.427744, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested spoolss [2016/04/14 10:01:46.427758, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe spoolss [2016/04/14 10:01:46.427770, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss [2016/04/14 10:01:46.427803, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe spoolss [2016/04/14 10:01:46.427831, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'Print' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ [2016/04/14 10:01:46.427896, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.427910, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 [2016/04/14 10:01:46.427921, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.427931, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:01:46.427945, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:01:46.427973, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/server_reload.c:75(delete_and_reload_printers) skipping printer reload, already up to date. [2016/04/14 10:01:46.427989, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 checking name: Print [2016/04/14 10:01:46.428002, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:735(open_printer_hnd) open_printer_hnd: name [Print] [2016/04/14 10:01:46.428014, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 0F 57 32 1D ....9... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.428045, 3, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:507(set_printer_hnd_printertype) Setting printer type=Print Printer is a printer [2016/04/14 10:01:46.428058, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:567(set_printer_hnd_name) Setting printer name=Print (len=5) searching for [Print] [2016/04/14 10:01:46.428080, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Thu Jan 1 05:30:00 AM 1970 IST] (-1460608306 seconds in the past) [2016/04/14 10:01:46.428147, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Fri Jan 16 10:49:41 PM 1970 IST] (-1459249925 seconds in the past) set_printer_hnd_name: Printer found: Print -> Print [2016/04/14 10:01:46.428213, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:771(open_printer_hnd) 1 printer handles active [2016/04/14 10:01:46.428226, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 0F 57 32 1D ....9... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.428257, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 0F 57 32 1D ....9... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.428287, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.428306, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.188.101.162 (10.188.101.162) [2016/04/14 10:01:46.428345, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share Print is ok for unix user nobody [2016/04/14 10:01:46.428371, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.428385, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.428396, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.428433, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.428456, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.428509, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.428521, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.428533, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.428544, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.428555, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.428564, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.428594, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.428618, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.428632, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 0F 57 32 1D ....:... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.428665, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.428724, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.428832, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 0F 57 32 1D ....:... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.428867, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.428879, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.428891, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.428901, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.428912, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.428922, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.428954, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.428978, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.428991, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.429003, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.429013, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.429025, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.429034, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.429061, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.429084, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.429096, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.429108, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.429123, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.429135, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.429145, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.429175, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.429200, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.429212, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.429224, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.429234, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.429247, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.429256, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.429294, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.429308, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.429320, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.429330, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.429344, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.429353, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.429380, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.429393, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.429405, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.429419, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.429433, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.429443, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.429468, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.429492, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.429504, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.429516, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.429526, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.429540, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.429550, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.429571, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.429594, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.429607, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.429619, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.429632, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.429643, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.429654, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.429665, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.429677, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 0F 57 32 1D ....;... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.429711, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003b-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.429770, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003b-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.429852, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 0F 57 32 1D ....;... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.429884, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.429895, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.429906, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.429918, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.429941, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.429955, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.430020, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003b-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.430110, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 0F 57 32 1D ....;... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.430142, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.430153, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.430173, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.430964, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003b-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.431000, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 0F 57 32 1D ....;... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.431034, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 0F 57 32 1D ....;... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.431066, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.431077, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.431088, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.431135, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.431175, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 0F 57 32 1D ....:... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.431207, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 0F 57 32 1D ....:... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.431237, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.431248, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.431258, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.431306, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.431322, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.431333, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.431343, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.431352, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.431362, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.431372, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.431383, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1922(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2016/04/14 10:01:46.431402, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.431416, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.431427, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.431460, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.431480, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.431532, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.431544, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.431556, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.431566, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.431577, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.431591, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.431621, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.431644, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.431658, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 0F 57 32 1D ....<... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.431691, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003c-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.431746, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003c-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.431848, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 0F 57 32 1D ....<... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.431882, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.431893, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.431905, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.431915, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.431926, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.431940, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.431971, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.431995, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.432008, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.432020, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.432030, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.432042, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.432051, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.432077, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.432100, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.432113, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.432124, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.432135, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.432147, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.432156, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.432189, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.432212, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.432225, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.432236, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.432246, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.432262, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.432272, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.432311, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.432324, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.432336, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.432347, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.432360, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.432370, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.432396, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.432409, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.432420, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.432431, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.432444, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.432454, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.432478, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.432502, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.432514, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.432525, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.432536, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.432550, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.432563, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.432585, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.432608, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.432622, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.432633, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.432646, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.432657, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.432668, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.432680, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.432691, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 0F 57 32 1D ....=... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.432723, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.432769, 2, pid=12849, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print already exists [2016/04/14 10:01:46.432789, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.432822, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 0F 57 32 1D ....=... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.432855, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 0F 57 32 1D ....=... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.432891, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.432902, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.432913, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.432961, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003c-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.432994, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 0F 57 32 1D ....<... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.433026, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 0F 57 32 1D ....<... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.433057, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.433068, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.433078, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.433121, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.433136, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000039-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.433201, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter in: struct spoolss_StartDocPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000039-0000-0000-0f57-321d31320000 info_ctr : * info_ctr: struct spoolss_DocumentInfoCtr level : 0x00000001 (1) info : union spoolss_DocumentInfo(case 1) info1 : * info1: struct spoolss_DocumentInfo1 document_name : * document_name : 'Remote Downlevel Document' output_file : * output_file : '/var/spool/samba//smbprn.Smztfk' datatype : * datatype : 'RAW' [2016/04/14 10:01:46.433294, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 0F 57 32 1D ....9... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.433327, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 0F 57 32 1D ....9... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.433358, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.433388, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.433403, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.433414, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.433447, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.433468, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.433525, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.433537, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.433549, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.433559, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.433570, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.433579, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.433612, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.433635, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.433649, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 0F 57 32 1D ....>... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.433682, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003e-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.433739, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003e-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.433842, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 0F 57 32 1D ....>... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.433875, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.433886, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.433898, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.433908, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.433920, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.433933, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.433965, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.433988, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.434001, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.434012, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.434023, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.434035, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.434044, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.434070, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.434093, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.434105, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.434117, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.434127, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.434139, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.434149, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.434178, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.434202, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.434214, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.434226, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.434236, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.434248, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.434261, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.434300, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.434313, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.434325, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.434336, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.434349, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.434359, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.434386, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.434399, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.434410, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.434421, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.434434, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.434444, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.434468, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.434491, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.434503, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.434515, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.434525, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.434539, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.434552, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.434573, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.434596, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.434610, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.434621, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.434633, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.434644, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.434656, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.434667, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.434678, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 0F 57 32 1D ....?... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.434710, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003f-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.434767, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003f-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.434849, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 0F 57 32 1D ....?... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.434885, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.434896, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.434907, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.434918, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.434941, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.434955, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.435021, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003f-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.435107, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 0F 57 32 1D ....?... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.435139, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.435149, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.435168, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.435965, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003f-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.436001, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 0F 57 32 1D ....?... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.436034, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 0F 57 32 1D ....?... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.436065, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.436075, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.436087, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.436139, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003e-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.436177, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 0F 57 32 1D ....>... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.436210, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 0F 57 32 1D ....>... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.436240, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.436251, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.436262, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.436305, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.436320, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.436331, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.436341, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.436351, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.436360, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.436371, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.436390, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.436404, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.436419, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.436454, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.436478, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.436531, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.436544, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.436556, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.436566, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.436577, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.436587, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.436616, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.436640, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.436654, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 0F 57 32 1D ....@... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.436687, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.436743, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.436850, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 0F 57 32 1D ....@... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.436884, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.436895, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.436908, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.436918, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.436929, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.436939, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.436970, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.436994, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.437007, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.437019, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.437029, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.437040, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.437050, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.437076, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.437099, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.437116, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.437129, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.437139, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.437151, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.437167, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.437192, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.437215, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.437228, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.437240, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.437250, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.437262, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.437272, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.437311, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.437324, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.437336, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.437347, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.437360, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.437370, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.437397, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.437410, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.437422, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.437437, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.437451, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.437460, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.437485, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.437508, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.437520, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.437532, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.437543, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.437556, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.437565, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.437586, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.437609, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.437623, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.437635, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.437647, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.437658, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.437670, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.437681, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.437693, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 0F 57 32 1D ....A... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.437728, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000041-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.437783, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000041-0000-0000-0f57-321d31320000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/04/14 10:01:46.437838, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 0F 57 32 1D ....A... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.437872, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.437884, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.437907, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.437920, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.437943, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000001 (1) max_valnamelen : * max_valnamelen : 0x00000012 (18) max_valbufsize : * max_valbufsize : 0x000000b0 (176) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/04/14 10:01:46.438066, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000041-0000-0000-0f57-321d31320000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0014 (20) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2016/04/14 10:01:46.438165, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 0F 57 32 1D ....A... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.438199, 8, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.438213, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0014 (20) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) size : * size : 0x000000b0 (176) length : * length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.439035, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000041-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.439118, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 0F 57 32 1D ....A... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.439149, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.439166, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.439179, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2016/04/14 10:01:46.439189, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2016/04/14 10:01:46.439254, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.439313, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.439326, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.439338, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.439348, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.439359, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.439369, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.439398, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.439421, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.439435, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 0F 57 32 1D ....B... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.439468, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000042-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.439524, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000042-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.439632, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 0F 57 32 1D ....B... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.439667, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.439679, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.439691, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.439701, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.439712, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.439722, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.439753, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.439777, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.439790, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.439802, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.439812, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.439824, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.439833, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.439859, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.439883, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.439895, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.439907, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.439917, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.439929, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.439939, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.439966, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.439989, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.440002, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.440014, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.440024, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.440036, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.440046, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.440085, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.440098, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.440110, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.440121, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.440134, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.440143, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.440175, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.440189, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (10->11) [2016/04/14 10:01:46.440201, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.440212, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.440225, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.440235, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.440262, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.440289, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.440302, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (11->12) [2016/04/14 10:01:46.440314, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.440325, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.440338, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.440347, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.440369, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.440392, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.440406, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (12->11) [2016/04/14 10:01:46.440417, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (11->10) [2016/04/14 10:01:46.440430, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.440441, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.440452, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.440464, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.440475, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 0F 57 32 1D ....C... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.440507, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000043-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.440565, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000043-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.440650, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 0F 57 32 1D ....C... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.440684, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.440694, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.440705, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.440716, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.440740, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.440754, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.440818, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000043-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.440907, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 0F 57 32 1D ....C... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.440939, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.440950, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.440963, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.441773, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000043-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.441814, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 0F 57 32 1D ....C... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.441846, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 0F 57 32 1D ....C... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.441876, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.441887, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.441898, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.441946, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000042-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.441979, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 0F 57 32 1D ....B... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.442010, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 0F 57 32 1D ....B... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.442040, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.442051, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.442061, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.442109, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000041-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.442147, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 0F 57 32 1D ....A... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.442186, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 0F 57 32 1D ....A... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.442218, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.442229, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.442240, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.442287, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.442320, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 0F 57 32 1D ....@... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.442352, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 0F 57 32 1D ....@... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.442383, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.442394, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.442404, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.442447, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.442477, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2837(print_job_start) print_job_start: Queue Print number of jobs (4), max printjobs = 1000 [2016/04/14 10:01:46.442495, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2605(allocate_print_jobid) allocate_print_jobid: Read jobid 79 from Print [2016/04/14 10:01:46.442528, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2769(print_job_spool_file) print_job_spool_file:External spooling activated [2016/04/14 10:01:46.442561, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x10 for printer Print to notify_queue_head [2016/04/14 10:01:46.442575, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x03 for printer Print to notify_queue_head [2016/04/14 10:01:46.442587, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0d for printer Print to notify_queue_head [2016/04/14 10:01:46.442598, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head [2016/04/14 10:01:46.442610, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x16 for printer Print to notify_queue_head [2016/04/14 10:01:46.442621, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x14 for printer Print to notify_queue_head [2016/04/14 10:01:46.442632, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2669(add_to_jobs_added) add_to_jobs_added: Added jobid 80 [2016/04/14 10:01:46.442649, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter out: struct spoolss_StartDocPrinter job_id : * job_id : 0x00000050 (80) result : WERR_OK [2016/04/14 10:01:46.442687, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:80(pjobid_to_rap) pjobid_to_rap: called. [2016/04/14 10:01:46.442704, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:115(pjobid_to_rap) pjobid_to_rap: created jobid 80 maps to RAP jobid 5 [2016/04/14 10:01:46.442718, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5795(reply_printopen) openprint fd=43 fnum 1627 [2016/04/14 10:01:46.442730, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.442737, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=5808 smb_uid=59137 smb_mid=49280 smt_wct=1 smb_vwv[ 0]= 1627 (0x65B) smb_bcc=0 [2016/04/14 10:01:46.442770, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.443360, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 60 [2016/04/14 10:01:46.443392, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x3c [2016/04/14 10:01:46.443408, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 13 of length 64 (0 toread) [2016/04/14 10:01:46.443420, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.443427, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=60 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=7120 smb_uid=59137 smb_mid=49344 smt_wct=2 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1 (0x1) smb_bcc=21 [2016/04/14 10:01:46.443462, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [0000] 04 53 00 53 00 48 00 49 00 56 00 41 00 50 00 50 .S.S.H.I .V.A.P.P [0010] 00 41 00 00 00 .A... [2016/04/14 10:01:46.443503, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplopen (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.443517, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.443533, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.443545, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.443559, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 6469D5FE [2016/04/14 10:01:46.443574, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d58330 [2016/04/14 10:01:46.443585, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) smbXsrv_open_global_verify_record: empty value [2016/04/14 10:01:46.443612, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) smbXsrv_open_global_store: key '6469D5FE' stored [2016/04/14 10:01:46.443625, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x6469d5fe (1684657662) open_persistent_id : 0x000000006469d5fe (1684657662) open_volatile_id : 0x0000000000007beb (31723) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:46 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2016/04/14 10:01:46.443744, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 6469D5FE [2016/04/14 10:01:46.443757, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.443768, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.443779, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) smbXsrv_open_create: global_id (0x6469d5fe) stored [2016/04/14 10:01:46.443789, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x00007beb (31723) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x6469d5fe (1684657662) open_persistent_id : 0x000000006469d5fe (1684657662) open_volatile_id : 0x0000000000007beb (31723) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:46 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Thu Apr 14 10:01:46 AM 2016 IST compat : NULL flags : 0x00 (0) 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE create_action : 0x00000000 (0) [2016/04/14 10:01:46.443966, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:128(file_new) allocated file structure fnum 31723 (2 used) [2016/04/14 10:01:46.444020, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection spoolss [2016/04/14 10:01:46.444043, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:1072(rpc_pipe_open_interface) Connecting to spoolss pipe. [2016/04/14 10:01:46.444062, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested spoolss [2016/04/14 10:01:46.444075, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe spoolss [2016/04/14 10:01:46.444087, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss [2016/04/14 10:01:46.444120, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe spoolss [2016/04/14 10:01:46.444158, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'Print' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ [2016/04/14 10:01:46.444235, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.444249, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 [2016/04/14 10:01:46.444260, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.444270, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:01:46.444280, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:01:46.444306, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/server_reload.c:75(delete_and_reload_printers) skipping printer reload, already up to date. [2016/04/14 10:01:46.444323, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 checking name: Print [2016/04/14 10:01:46.444336, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:735(open_printer_hnd) open_printer_hnd: name [Print] [2016/04/14 10:01:46.444347, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 0F 57 32 1D ....D... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.444379, 3, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:507(set_printer_hnd_printertype) Setting printer type=Print Printer is a printer [2016/04/14 10:01:46.444391, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:567(set_printer_hnd_name) Setting printer name=Print (len=5) searching for [Print] [2016/04/14 10:01:46.444413, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Thu Jan 1 05:30:00 AM 1970 IST] (-1460608306 seconds in the past) [2016/04/14 10:01:46.444479, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Fri Jan 16 10:49:41 PM 1970 IST] (-1459249925 seconds in the past) set_printer_hnd_name: Printer found: Print -> Print [2016/04/14 10:01:46.444533, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:771(open_printer_hnd) 1 printer handles active [2016/04/14 10:01:46.444546, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 0F 57 32 1D ....D... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.444578, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 0F 57 32 1D ....D... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.444612, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.444631, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.188.101.162 (10.188.101.162) [2016/04/14 10:01:46.444669, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share Print is ok for unix user nobody [2016/04/14 10:01:46.444694, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.444709, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.444720, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.444753, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.444774, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.444827, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.444839, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.444851, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.444862, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.444873, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.444882, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.444912, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.444935, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.444950, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 0F 57 32 1D ....E... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.444986, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.445046, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.445149, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 0F 57 32 1D ....E... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.445191, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.445203, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.445216, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.445226, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.445238, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.445247, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.445279, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.445303, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.445315, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.445327, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.445342, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.445354, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.445364, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.445390, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.445413, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.445426, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.445438, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.445448, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.445460, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.445470, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.445493, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.445516, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.445528, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.445540, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.445550, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.445562, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.445572, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.445610, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.445623, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.445634, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.445649, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.445663, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.445672, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.445700, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.445713, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.445725, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.445735, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.445749, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.445758, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.445782, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.445805, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.445817, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.445828, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.445839, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.445852, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.445862, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.445883, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.445905, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.445919, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.445934, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.445947, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.445958, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.445969, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.445981, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.445993, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 0F 57 32 1D ....F... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.446024, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000046-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.446082, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000046-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.446170, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 0F 57 32 1D ....F... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.446203, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.446214, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.446224, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.446240, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.446263, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.446277, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.446344, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000046-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.446431, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 0F 57 32 1D ....F... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.446462, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.446473, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.446486, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.447296, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000046-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.447333, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 0F 57 32 1D ....F... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.447367, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 0F 57 32 1D ....F... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.447398, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.447409, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.447420, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.447467, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000045-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.447504, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 0F 57 32 1D ....E... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.447536, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 0F 57 32 1D ....E... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.447566, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.447577, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.447588, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.447631, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.447646, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.447657, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.447667, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.447677, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.447686, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.447697, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.447708, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1922(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2016/04/14 10:01:46.447726, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.447740, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.447751, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.447784, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.447804, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.447861, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.447873, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.447885, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.447895, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.447906, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.447916, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.447945, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.447968, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.447982, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 0F 57 32 1D ....G... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.448015, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000047-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.448071, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000047-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.448188, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 0F 57 32 1D ....G... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.448223, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.448234, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.448246, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.448257, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.448268, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.448278, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.448309, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.448334, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.448346, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.448358, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.448368, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.448380, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.448389, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.448416, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.448439, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.448451, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.448463, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.448473, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.448485, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.448498, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.448522, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.448544, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.448557, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.448568, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.448578, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.448591, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.448600, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.448638, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.448651, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.448663, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.448674, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.448687, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.448696, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.448724, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.448736, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.448748, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.448759, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.448772, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.448782, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.448810, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.448834, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.448846, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.448857, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.448868, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.448881, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.448891, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.448912, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.448934, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.448948, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.448959, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.448971, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.448983, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.448994, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.449005, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.449017, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 0F 57 32 1D ....H... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.449049, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000048-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.449099, 2, pid=12849, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print already exists [2016/04/14 10:01:46.449120, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000048-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.449152, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 0F 57 32 1D ....H... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.449191, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 0F 57 32 1D ....H... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.449222, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.449233, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.449244, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.449291, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000047-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.449323, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 0F 57 32 1D ....G... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.449354, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 0F 57 32 1D ....G... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.449384, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.449394, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.449405, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.449451, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.449467, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000044-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.449525, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter in: struct spoolss_StartDocPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000044-0000-0000-0f57-321d31320000 info_ctr : * info_ctr: struct spoolss_DocumentInfoCtr level : 0x00000001 (1) info : union spoolss_DocumentInfo(case 1) info1 : * info1: struct spoolss_DocumentInfo1 document_name : * document_name : 'Remote Downlevel Document' output_file : * output_file : '/var/spool/samba//smbprn.yUnMc5' datatype : * datatype : 'RAW' [2016/04/14 10:01:46.449609, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 0F 57 32 1D ....D... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.449642, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 0F 57 32 1D ....D... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.449674, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.449703, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.449719, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.449730, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.449763, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.449783, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.449840, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.449852, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.449864, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.449874, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.449885, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.449895, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.449923, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.449946, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.449960, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 0F 57 32 1D ....I... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.449994, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000049-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.450051, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000049-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.450163, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 0F 57 32 1D ....I... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.450199, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.450210, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.450222, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.450232, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.450244, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.450253, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.450284, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.450308, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.450321, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.450332, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.450342, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.450354, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.450363, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.450389, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.450412, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.450425, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.450436, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.450446, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.450458, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.450471, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.450495, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.450518, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.450531, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.450542, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.450552, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.450565, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.450574, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.450613, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.450627, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.450638, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.450649, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.450662, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.450672, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.450698, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.450711, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.450723, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.450733, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.450746, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.450756, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.450784, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.450807, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.450819, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.450831, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.450841, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.450855, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.450864, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.450885, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.450907, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.450920, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.450932, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.450944, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.450956, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.450967, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.450978, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.450990, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 0F 57 32 1D ....J... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.451022, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.451084, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.451172, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 0F 57 32 1D ....J... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.451206, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.451217, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.451228, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.451240, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.451263, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.451277, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.451342, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.451432, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 0F 57 32 1D ....J... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.451465, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.451475, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.451488, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.452241, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004a-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.452282, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 0F 57 32 1D ....J... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.452314, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 0F 57 32 1D ....J... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.452345, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.452355, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.452366, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.452413, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000049-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.452445, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 0F 57 32 1D ....I... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.452476, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 0F 57 32 1D ....I... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.452506, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.452517, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.452527, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.452569, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.452585, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.452602, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.452612, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.452622, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.452632, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.452642, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.452661, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.452675, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.452686, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.452721, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.452746, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.452800, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.452813, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.452825, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.452835, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.452846, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.452855, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.452885, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.452908, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.452922, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 0F 57 32 1D ....K... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.452960, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004b-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.453017, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004b-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.453120, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 0F 57 32 1D ....K... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.453155, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.453172, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.453185, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.453195, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.453206, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.453216, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.453247, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.453271, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.453284, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.453300, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.453310, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.453322, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.453331, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.453358, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.453381, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.453394, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.453406, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.453416, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.453428, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.453438, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.453461, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.453484, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.453497, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.453508, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.453519, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.453531, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.453541, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.453578, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.453592, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.453608, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.453619, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.453632, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.453642, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.453669, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.453682, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.453694, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.453704, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.453718, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.453727, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.453752, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.453774, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.453787, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.453798, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.453809, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.453822, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.453832, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.453853, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.453876, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.453893, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.453905, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.453917, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.453928, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.453939, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.453951, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.453962, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 0F 57 32 1D ....L... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.453994, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004c-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.454048, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004c-0000-0000-0f57-321d31320000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/04/14 10:01:46.454104, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 0F 57 32 1D ....L... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.454139, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.454151, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.454180, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.454193, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.454220, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000001 (1) max_valnamelen : * max_valnamelen : 0x00000012 (18) max_valbufsize : * max_valbufsize : 0x000000b0 (176) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/04/14 10:01:46.454340, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004c-0000-0000-0f57-321d31320000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0014 (20) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2016/04/14 10:01:46.454430, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 0F 57 32 1D ....L... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.454463, 8, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.454476, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0014 (20) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) size : * size : 0x000000b0 (176) length : * length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.455287, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004c-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.455370, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 0F 57 32 1D ....L... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.455402, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.455412, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.455428, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2016/04/14 10:01:46.455439, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2016/04/14 10:01:46.455504, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.455556, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.455568, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.455581, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.455591, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.455602, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.455612, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.455640, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.455664, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.455677, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 0F 57 32 1D ....M... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.455711, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004d-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.455766, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004d-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.455874, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 0F 57 32 1D ....M... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.455910, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.455922, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.455934, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.455944, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.455955, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.455965, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.455995, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.456019, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.456032, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.456044, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.456054, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.456066, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.456075, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.456106, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.456129, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.456142, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.456154, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.456170, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.456182, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.456192, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.456216, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.456239, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.456251, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.456263, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.456274, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.456286, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.456296, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.456334, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.456348, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.456360, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.456373, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.456387, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.456397, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.456428, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.456441, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (10->11) [2016/04/14 10:01:46.456453, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.456464, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.456477, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.456487, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.456511, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.456534, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.456547, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (11->12) [2016/04/14 10:01:46.456558, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.456579, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.456594, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.456603, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.456626, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.456649, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.456663, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (12->11) [2016/04/14 10:01:46.456674, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (11->10) [2016/04/14 10:01:46.456687, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.456698, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.456713, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.456725, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.456737, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 0F 57 32 1D ....N... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.456768, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.456826, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.456908, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 0F 57 32 1D ....N... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.456942, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.456952, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.456963, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.456975, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.456998, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.457012, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.457081, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.457172, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 0F 57 32 1D ....N... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.457204, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.457215, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.457228, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.457998, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004e-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.458034, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 0F 57 32 1D ....N... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.458067, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 0F 57 32 1D ....N... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.458098, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.458109, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.458121, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.458177, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004d-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.458212, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 0F 57 32 1D ....M... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.458245, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 0F 57 32 1D ....M... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.458280, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.458291, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.458302, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.458351, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004c-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.458383, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 0F 57 32 1D ....L... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.458415, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 0F 57 32 1D ....L... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.458445, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.458456, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.458467, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.458512, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004b-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.458544, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 0F 57 32 1D ....K... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.458575, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 0F 57 32 1D ....K... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.458605, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.458619, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.458631, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.458674, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.458711, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2837(print_job_start) print_job_start: Queue Print number of jobs (5), max printjobs = 1000 [2016/04/14 10:01:46.458730, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2605(allocate_print_jobid) allocate_print_jobid: Read jobid 80 from Print [2016/04/14 10:01:46.458763, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2769(print_job_spool_file) print_job_spool_file:External spooling activated [2016/04/14 10:01:46.458789, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x10 for printer Print to notify_queue_head [2016/04/14 10:01:46.458803, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x03 for printer Print to notify_queue_head [2016/04/14 10:01:46.458814, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0d for printer Print to notify_queue_head [2016/04/14 10:01:46.458826, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head [2016/04/14 10:01:46.458837, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x16 for printer Print to notify_queue_head [2016/04/14 10:01:46.458849, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x14 for printer Print to notify_queue_head [2016/04/14 10:01:46.458859, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2669(add_to_jobs_added) add_to_jobs_added: Added jobid 81 [2016/04/14 10:01:46.458876, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter out: struct spoolss_StartDocPrinter job_id : * job_id : 0x00000051 (81) result : WERR_OK [2016/04/14 10:01:46.458914, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:80(pjobid_to_rap) pjobid_to_rap: called. [2016/04/14 10:01:46.458931, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:115(pjobid_to_rap) pjobid_to_rap: created jobid 81 maps to RAP jobid 6 [2016/04/14 10:01:46.458945, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5795(reply_printopen) openprint fd=44 fnum 31723 [2016/04/14 10:01:46.458957, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.458965, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=7120 smb_uid=59137 smb_mid=49344 smt_wct=1 smb_vwv[ 0]=31723 (0x7BEB) smb_bcc=0 [2016/04/14 10:01:46.459001, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.459478, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 37 [2016/04/14 10:01:46.459511, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x25 [2016/04/14 10:01:46.459526, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 14 of length 41 (0 toread) [2016/04/14 10:01:46.459538, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.459545, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=49408 smt_wct=1 smb_vwv[ 0]=31723 (0x7BEB) smb_bcc=0 [2016/04/14 10:01:46.459578, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.459589, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplclose (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.459602, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.459615, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5833(reply_printclose) printclose fd=44 fnum 31723 [2016/04/14 10:01:46.459638, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000044-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.459672, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 0F 57 32 1D ....D... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.459705, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 0F 57 32 1D ....D... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.459735, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 0F 57 32 1D ....D... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.459765, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.459781, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:469(print_job_find) print_job_find: looking up job 81 for share Print [2016/04/14 10:01:46.459799, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:497(print_job_find) print_job_find: returning system job -1 for jobid 81. [2016/04/14 10:01:46.459814, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:3009(print_job_end) print_job_end: canceling spool of /var/spool/samba//smbprn.yUnMc5 (zero length) [2016/04/14 10:01:46.459833, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:469(print_job_find) print_job_find: looking up job 81 for share Print [2016/04/14 10:01:46.459854, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:497(print_job_find) print_job_find: returning system job -1 for jobid 81. [2016/04/14 10:01:46.459867, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head [2016/04/14 10:01:46.459891, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2139(remove_from_jobs_added) remove_from_jobs_added: removed jobid 81 [2016/04/14 10:01:46.459903, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:159(rap_jobid_delete) rap_jobid_delete: called. [2016/04/14 10:01:46.459914, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:179(rap_jobid_delete) rap_jobid_delete: deleting jobid 81 [2016/04/14 10:01:46.459927, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 0F 57 32 1D ....D... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.459958, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 0F 57 32 1D ....D... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.459988, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.459999, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.460045, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.460058, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.460071, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 6469D5FE [2016/04/14 10:01:46.460085, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d58c38 [2016/04/14 10:01:46.460101, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 6469D5FE [2016/04/14 10:01:46.460113, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.460124, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.460150, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:554(file_free) freed files structure 31723 (1 used) [2016/04/14 10:01:46.460164, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.460171, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=35 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=49408 smt_wct=0 smb_bcc=0 [2016/04/14 10:01:46.460205, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.460590, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 37 [2016/04/14 10:01:46.460621, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x25 [2016/04/14 10:01:46.460637, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 15 of length 41 (0 toread) [2016/04/14 10:01:46.460649, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.460656, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=49472 smt_wct=1 smb_vwv[ 0]= 1627 (0x65B) smb_bcc=0 [2016/04/14 10:01:46.460690, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.460700, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplclose (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.460713, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.460725, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5833(reply_printclose) printclose fd=43 fnum 1627 [2016/04/14 10:01:46.460746, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000039-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.460781, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:348(find_policy_by_hnd_internal) Policy not found: [0000] 00 00 00 00 39 00 00 00 00 00 00 00 0F 57 32 1D ....9... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.460814, 2, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:344(find_printer_index_by_hnd) find_printer_index_by_hnd: Printer handle not found: Policy not found: [0000] 00 00 00 00 39 00 00 00 00 00 00 00 0F 57 32 1D ....9... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.460846, 2, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:344(find_printer_index_by_hnd) find_printer_index_by_hnd: Printer handle not found: close_printer_handle: Invalid handle (OURS:12849:12849) [2016/04/14 10:01:46.460863, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printspoolss.c:326(print_spool_end) Failed to close printer Print [NT code 0x1c00001a] [2016/04/14 10:01:46.460881, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.460892, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.460906, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 7C0D97F9 [2016/04/14 10:01:46.460920, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d58c38 [2016/04/14 10:01:46.460945, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 7C0D97F9 [2016/04/14 10:01:46.460958, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.460968, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.460983, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:554(file_free) freed files structure 1627 (0 used) [2016/04/14 10:01:46.460995, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.461003, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=35 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=49472 smt_wct=0 smb_bcc=0 [2016/04/14 10:01:46.461032, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.461555, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 60 [2016/04/14 10:01:46.461587, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x3c [2016/04/14 10:01:46.461603, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 16 of length 64 (0 toread) [2016/04/14 10:01:46.461616, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.461623, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=60 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=7120 smb_uid=59137 smb_mid=49536 smt_wct=2 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1 (0x1) smb_bcc=21 [2016/04/14 10:01:46.461659, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [0000] 04 53 00 53 00 48 00 49 00 56 00 41 00 50 00 50 .S.S.H.I .V.A.P.P [0010] 00 41 00 00 00 .A... [2016/04/14 10:01:46.461694, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplopen (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.461707, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.461723, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.461735, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.461748, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 8C5BAEF2 [2016/04/14 10:01:46.461762, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d6c148 [2016/04/14 10:01:46.461774, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) smbXsrv_open_global_verify_record: empty value [2016/04/14 10:01:46.461800, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) smbXsrv_open_global_store: key '8C5BAEF2' stored [2016/04/14 10:01:46.461814, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x8c5baef2 (2354818802) open_persistent_id : 0x000000008c5baef2 (2354818802) open_volatile_id : 0x000000000000a939 (43321) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:46 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2016/04/14 10:01:46.461939, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 8C5BAEF2 [2016/04/14 10:01:46.461952, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.461963, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.461975, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) smbXsrv_open_create: global_id (0x8c5baef2) stored [2016/04/14 10:01:46.461985, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x0000a939 (43321) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x8c5baef2 (2354818802) open_persistent_id : 0x000000008c5baef2 (2354818802) open_volatile_id : 0x000000000000a939 (43321) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:46 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Thu Apr 14 10:01:46 AM 2016 IST compat : NULL flags : 0x00 (0) 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE create_action : 0x00000000 (0) [2016/04/14 10:01:46.462171, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:128(file_new) allocated file structure fnum 43321 (1 used) [2016/04/14 10:01:46.462225, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection spoolss [2016/04/14 10:01:46.462249, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:1072(rpc_pipe_open_interface) Connecting to spoolss pipe. [2016/04/14 10:01:46.462267, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested spoolss [2016/04/14 10:01:46.462281, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe spoolss [2016/04/14 10:01:46.462293, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss [2016/04/14 10:01:46.462326, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe spoolss [2016/04/14 10:01:46.462354, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'Print' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ [2016/04/14 10:01:46.462420, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.462433, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 [2016/04/14 10:01:46.462444, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.462454, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:01:46.462464, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:01:46.462491, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/server_reload.c:75(delete_and_reload_printers) skipping printer reload, already up to date. [2016/04/14 10:01:46.462506, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 checking name: Print [2016/04/14 10:01:46.462524, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:735(open_printer_hnd) open_printer_hnd: name [Print] [2016/04/14 10:01:46.462536, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 0F 57 32 1D ....O... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.462568, 3, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:507(set_printer_hnd_printertype) Setting printer type=Print Printer is a printer [2016/04/14 10:01:46.462580, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:567(set_printer_hnd_name) Setting printer name=Print (len=5) searching for [Print] [2016/04/14 10:01:46.462602, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Thu Jan 1 05:30:00 AM 1970 IST] (-1460608306 seconds in the past) [2016/04/14 10:01:46.462669, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Fri Jan 16 10:49:41 PM 1970 IST] (-1459249925 seconds in the past) set_printer_hnd_name: Printer found: Print -> Print [2016/04/14 10:01:46.462724, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:771(open_printer_hnd) 1 printer handles active [2016/04/14 10:01:46.462737, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 0F 57 32 1D ....O... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.462768, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 0F 57 32 1D ....O... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.462798, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.462817, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.188.101.162 (10.188.101.162) [2016/04/14 10:01:46.462854, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share Print is ok for unix user nobody [2016/04/14 10:01:46.462880, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.462895, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.462906, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.462939, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.462960, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.463018, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.463031, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.463043, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.463053, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.463064, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.463074, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.463103, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.463127, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.463141, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 0F 57 32 1D ....P... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.463185, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000050-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.463246, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000050-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.463359, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 0F 57 32 1D ....P... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.463395, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.463406, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.463418, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.463428, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.463440, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.463449, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.463482, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.463506, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.463519, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.463530, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.463541, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.463552, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.463562, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.463588, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.463612, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.463624, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.463635, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.463646, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.463658, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.463667, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.463695, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.463719, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.463731, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.463743, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.463753, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.463766, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.463775, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.463813, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.463826, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.463837, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.463848, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.463861, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.463871, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.463897, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.463910, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.463921, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.463932, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.463946, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.463956, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.463984, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.464008, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.464021, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.464032, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.464043, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.464057, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.464066, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.464088, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.464110, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.464125, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.464137, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.464149, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.464167, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.464179, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.464190, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.464202, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 0F 57 32 1D ....Q... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.464234, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000051-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.464295, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000051-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.464377, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 0F 57 32 1D ....Q... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.464409, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.464420, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.464431, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.464442, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.464466, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.464480, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.464545, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000051-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.464635, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 0F 57 32 1D ....Q... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.464667, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.464678, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.464690, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.465476, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000051-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.465517, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 0F 57 32 1D ....Q... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.465551, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 0F 57 32 1D ....Q... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.465582, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.465593, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.465604, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.465652, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000050-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.465685, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 0F 57 32 1D ....P... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.465717, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 0F 57 32 1D ....P... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.465748, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.465759, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.465770, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.465812, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.465827, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.465841, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.465852, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.465862, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.465871, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.465882, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.465893, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1922(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2016/04/14 10:01:46.465912, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.465925, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.465936, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.465969, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.465989, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.466040, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.466052, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.466064, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.466074, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.466085, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.466095, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.466124, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.466147, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.466170, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 0F 57 32 1D ....R... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.466203, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000052-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.466259, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000052-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.466361, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 0F 57 32 1D ....R... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.466394, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.466405, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.466417, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.466427, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.466439, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.466448, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.466480, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.466503, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.466520, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.466532, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.466543, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.466554, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.466564, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.466591, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.466613, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.466625, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.466637, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.466647, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.466659, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.466668, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.466692, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.466715, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.466728, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.466739, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.466749, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.466762, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.466771, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.466809, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.466825, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.466837, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.466848, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.466861, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.466871, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.466898, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.466911, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.466923, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.466933, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.466947, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.466956, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.466980, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.467003, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.467016, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.467027, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.467038, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.467051, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.467061, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.467082, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.467109, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.467124, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.467135, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.467147, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.467165, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.467178, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.467190, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.467201, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 0F 57 32 1D ....S... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.467233, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.467280, 2, pid=12849, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print already exists [2016/04/14 10:01:46.467299, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000053-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.467332, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 0F 57 32 1D ....S... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.467363, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 0F 57 32 1D ....S... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.467393, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.467403, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.467414, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.467466, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000052-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.467499, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 0F 57 32 1D ....R... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.467530, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 0F 57 32 1D ....R... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.467560, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.467570, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.467581, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.467622, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.467637, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004f-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.467694, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter in: struct spoolss_StartDocPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004f-0000-0000-0f57-321d31320000 info_ctr : * info_ctr: struct spoolss_DocumentInfoCtr level : 0x00000001 (1) info : union spoolss_DocumentInfo(case 1) info1 : * info1: struct spoolss_DocumentInfo1 document_name : * document_name : 'Remote Downlevel Document' output_file : * output_file : '/var/spool/samba//smbprn.jjfBdQ' datatype : * datatype : 'RAW' [2016/04/14 10:01:46.467782, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 0F 57 32 1D ....O... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.467815, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 0F 57 32 1D ....O... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.467845, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.467875, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.467890, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.467901, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.467934, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.467954, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.468006, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.468018, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.468030, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.468040, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.468051, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.468060, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.468089, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.468112, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.468130, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 0F 57 32 1D ....T... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.468170, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000054-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.468227, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000054-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.468329, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 0F 57 32 1D ....T... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.468362, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.468374, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.468386, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.468396, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.468407, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.468416, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.468447, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.468471, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.468487, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.468500, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.468510, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.468521, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.468531, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.468557, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.468580, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.468592, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.468604, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.468614, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.468626, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.468635, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.468658, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.468681, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.468693, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.468705, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.468715, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.468727, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.468737, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.468774, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.468787, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.468803, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.468814, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.468827, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.468837, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.468865, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.468879, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.468890, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.468901, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.468915, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.468925, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.468950, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.468974, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.468986, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.468998, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.469009, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.469023, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.469032, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.469054, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.469080, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.469094, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.469106, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.469118, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.469129, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.469140, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.469152, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.469169, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 0F 57 32 1D ....U... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.469201, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000055-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.469258, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000055-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.469340, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 0F 57 32 1D ....U... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.469371, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.469382, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.469397, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.469409, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.469432, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.469446, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.469512, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000055-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.469597, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 0F 57 32 1D ....U... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.469630, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.469641, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.469653, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.470452, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000055-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.470488, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 0F 57 32 1D ....U... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.470520, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 0F 57 32 1D ....U... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.470550, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.470561, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.470572, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.470619, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000054-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.470655, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 0F 57 32 1D ....T... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.470686, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 0F 57 32 1D ....T... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.470716, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.470727, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.470737, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.470780, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.470796, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.470807, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.470817, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.470826, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.470836, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.470847, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.470866, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.470880, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.470891, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.470925, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.470949, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.471007, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.471019, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.471032, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.471042, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.471053, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.471062, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.471091, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.471115, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.471129, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 0F 57 32 1D ....V... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.471168, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000056-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.471225, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000056-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.471333, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 0F 57 32 1D ....V... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.471366, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.471378, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.471390, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.471400, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.471412, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.471421, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.471453, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.471476, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.471490, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.471501, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.471512, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.471523, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.471533, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.471559, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.471582, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.471595, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.471607, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.471617, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.471634, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.471644, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.471667, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.471690, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.471703, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.471715, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.471725, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.471738, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.471747, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.471787, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.471800, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.471812, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.471823, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.471837, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.471846, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.471874, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.471887, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.471899, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.471909, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.471923, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.471936, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.471961, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.471985, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.471998, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.472009, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.472020, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.472033, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.472043, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.472064, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.472087, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.472101, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.472113, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.472125, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.472136, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.472148, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.472164, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.472177, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 0F 57 32 1D ....W... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.472209, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.472268, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-0f57-321d31320000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/04/14 10:01:46.472323, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 0F 57 32 1D ....W... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.472357, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.472369, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.472392, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.472405, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.472428, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000001 (1) max_valnamelen : * max_valnamelen : 0x00000012 (18) max_valbufsize : * max_valbufsize : 0x000000b0 (176) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/04/14 10:01:46.472546, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-0f57-321d31320000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0014 (20) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2016/04/14 10:01:46.472640, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 0F 57 32 1D ....W... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.472673, 8, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.472686, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0014 (20) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) size : * size : 0x000000b0 (176) length : * length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.473499, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.473587, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 0F 57 32 1D ....W... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.473620, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.473631, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.473643, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2016/04/14 10:01:46.473653, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2016/04/14 10:01:46.473717, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.473771, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.473783, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.473799, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.473809, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.473820, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.473830, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.473859, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.473883, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.473897, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 0F 57 32 1D ....X... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.473930, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000058-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.473987, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000058-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.474091, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 0F 57 32 1D ....X... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.474126, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.474138, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.474154, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.474170, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.474182, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.474192, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.474223, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.474247, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.474260, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.474272, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.474282, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.474294, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.474304, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.474330, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.474353, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.474366, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.474377, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.474387, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.474399, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.474409, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.474432, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.474455, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.474471, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.474484, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.474494, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.474507, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.474516, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.474555, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.474569, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.474581, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.474592, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.474605, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.474615, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.474642, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.474655, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (10->11) [2016/04/14 10:01:46.474667, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.474678, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.474691, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.474701, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.474725, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.474752, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.474765, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (11->12) [2016/04/14 10:01:46.474780, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.474791, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.474805, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.474814, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.474836, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.474859, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.474873, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (12->11) [2016/04/14 10:01:46.474884, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (11->10) [2016/04/14 10:01:46.474897, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.474908, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.474919, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.474931, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.474942, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 0F 57 32 1D ....Y... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.474974, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.475032, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.475119, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 0F 57 32 1D ....Y... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.475153, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.475169, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.475181, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.475192, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.475216, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.475230, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.475295, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.475380, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 0F 57 32 1D ....Y... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.475417, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.475429, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.475441, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.476188, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000059-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.476224, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 0F 57 32 1D ....Y... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.476257, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 0F 57 32 1D ....Y... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.476291, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.476302, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.476313, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.476361, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000058-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.476393, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 0F 57 32 1D ....X... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.476424, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 0F 57 32 1D ....X... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.476454, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.476465, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.476476, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.476523, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000057-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.476556, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 0F 57 32 1D ....W... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.476587, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 0F 57 32 1D ....W... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.476620, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.476631, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.476642, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.476689, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000056-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.476721, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 0F 57 32 1D ....V... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.476754, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 0F 57 32 1D ....V... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.476785, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.476796, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.476806, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.476849, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.476878, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2837(print_job_start) print_job_start: Queue Print number of jobs (6), max printjobs = 1000 [2016/04/14 10:01:46.476897, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2605(allocate_print_jobid) allocate_print_jobid: Read jobid 81 from Print [2016/04/14 10:01:46.476934, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2769(print_job_spool_file) print_job_spool_file:External spooling activated [2016/04/14 10:01:46.476961, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x10 for printer Print to notify_queue_head [2016/04/14 10:01:46.476974, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x03 for printer Print to notify_queue_head [2016/04/14 10:01:46.476990, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0d for printer Print to notify_queue_head [2016/04/14 10:01:46.477002, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head [2016/04/14 10:01:46.477014, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x16 for printer Print to notify_queue_head [2016/04/14 10:01:46.477025, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x14 for printer Print to notify_queue_head [2016/04/14 10:01:46.477036, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2669(add_to_jobs_added) add_to_jobs_added: Added jobid 82 [2016/04/14 10:01:46.477053, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter out: struct spoolss_StartDocPrinter job_id : * job_id : 0x00000052 (82) result : WERR_OK [2016/04/14 10:01:46.477090, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:80(pjobid_to_rap) pjobid_to_rap: called. [2016/04/14 10:01:46.477107, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:115(pjobid_to_rap) pjobid_to_rap: created jobid 82 maps to RAP jobid 7 [2016/04/14 10:01:46.477122, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5795(reply_printopen) openprint fd=45 fnum 43321 [2016/04/14 10:01:46.477133, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.477141, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=7120 smb_uid=59137 smb_mid=49536 smt_wct=1 smb_vwv[ 0]=43321 (0xA939) smb_bcc=0 [2016/04/14 10:01:46.477180, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.477672, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 60 [2016/04/14 10:01:46.477704, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x3c [2016/04/14 10:01:46.477720, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 17 of length 64 (0 toread) [2016/04/14 10:01:46.477732, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.477739, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=60 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=5808 smb_uid=59137 smb_mid=49600 smt_wct=2 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1 (0x1) smb_bcc=21 [2016/04/14 10:01:46.477774, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [0000] 04 53 00 53 00 48 00 49 00 56 00 41 00 50 00 50 .S.S.H.I .V.A.P.P [0010] 00 41 00 00 00 .A... [2016/04/14 10:01:46.477809, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplopen (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.477822, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.477838, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.477855, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.477869, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key C71BCFB9 [2016/04/14 10:01:46.477884, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d59878 [2016/04/14 10:01:46.477895, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) smbXsrv_open_global_verify_record: empty value [2016/04/14 10:01:46.477921, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) smbXsrv_open_global_store: key 'C71BCFB9' stored [2016/04/14 10:01:46.477935, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0xc71bcfb9 (3340488633) open_persistent_id : 0x00000000c71bcfb9 (3340488633) open_volatile_id : 0x000000000000b03c (45116) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:46 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2016/04/14 10:01:46.478055, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key C71BCFB9 [2016/04/14 10:01:46.478068, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.478078, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.478090, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) smbXsrv_open_create: global_id (0xc71bcfb9) stored [2016/04/14 10:01:46.478100, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x0000b03c (45116) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0xc71bcfb9 (3340488633) open_persistent_id : 0x00000000c71bcfb9 (3340488633) open_volatile_id : 0x000000000000b03c (45116) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:46 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Thu Apr 14 10:01:46 AM 2016 IST compat : NULL flags : 0x00 (0) 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE create_action : 0x00000000 (0) [2016/04/14 10:01:46.478291, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:128(file_new) allocated file structure fnum 45116 (2 used) [2016/04/14 10:01:46.478344, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection spoolss [2016/04/14 10:01:46.478367, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:1072(rpc_pipe_open_interface) Connecting to spoolss pipe. [2016/04/14 10:01:46.478386, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested spoolss [2016/04/14 10:01:46.478400, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe spoolss [2016/04/14 10:01:46.478412, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss [2016/04/14 10:01:46.478446, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe spoolss [2016/04/14 10:01:46.478472, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'Print' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ [2016/04/14 10:01:46.478543, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.478556, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 [2016/04/14 10:01:46.478566, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.478576, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:01:46.478586, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:01:46.478612, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/server_reload.c:75(delete_and_reload_printers) skipping printer reload, already up to date. [2016/04/14 10:01:46.478628, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 checking name: Print [2016/04/14 10:01:46.478641, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:735(open_printer_hnd) open_printer_hnd: name [Print] [2016/04/14 10:01:46.478652, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 0F 57 32 1D ....Z... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.478685, 3, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:507(set_printer_hnd_printertype) Setting printer type=Print Printer is a printer [2016/04/14 10:01:46.478698, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:567(set_printer_hnd_name) Setting printer name=Print (len=5) searching for [Print] [2016/04/14 10:01:46.478720, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Thu Jan 1 05:30:00 AM 1970 IST] (-1460608306 seconds in the past) [2016/04/14 10:01:46.478786, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Fri Jan 16 10:49:41 PM 1970 IST] (-1459249925 seconds in the past) set_printer_hnd_name: Printer found: Print -> Print [2016/04/14 10:01:46.478841, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:771(open_printer_hnd) 1 printer handles active [2016/04/14 10:01:46.478853, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 0F 57 32 1D ....Z... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.478885, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 0F 57 32 1D ....Z... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.478915, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.478934, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.188.101.162 (10.188.101.162) [2016/04/14 10:01:46.478976, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share Print is ok for unix user nobody [2016/04/14 10:01:46.479002, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.479016, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.479027, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.479060, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.479081, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.479134, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.479146, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.479159, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.479179, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.479191, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.479200, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.479231, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.479254, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.479268, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 0F 57 32 1D ....[... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.479301, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005b-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.479360, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005b-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.479467, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 0F 57 32 1D ....[... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.479501, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.479512, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.479524, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.479534, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.479546, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.479555, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.479587, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.479611, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.479624, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.479636, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.479646, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.479657, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.479667, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.479698, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.479722, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.479734, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.479746, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.479756, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.479768, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.479778, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.479801, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.479824, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.479836, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.479847, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.479858, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.479870, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.479880, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.479918, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.479931, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.479942, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.479953, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.479966, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.479976, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.480009, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.480022, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.480034, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.480045, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.480059, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.480068, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.480093, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.480117, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.480130, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.480141, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.480152, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.480172, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.480182, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.480205, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.480228, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.480241, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.480253, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.480265, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.480277, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.480292, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.480304, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.480316, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 0F 57 32 1D ....\... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.480349, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005c-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.480408, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005c-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.480490, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 0F 57 32 1D ....\... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.480523, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.480534, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.480545, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.480556, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.480579, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.480593, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.480663, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005c-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.480748, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 0F 57 32 1D ....\... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.480780, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.480791, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.480803, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.481590, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005c-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.481627, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 0F 57 32 1D ....\... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.481658, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 0F 57 32 1D ....\... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.481688, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.481700, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.481711, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.481758, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005b-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.481794, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 0F 57 32 1D ....[... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.481827, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 0F 57 32 1D ....[... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.481862, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.481874, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.481884, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.481928, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.481943, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.481954, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.481964, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.481973, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.481983, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.481994, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.482005, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1922(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2016/04/14 10:01:46.482024, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.482038, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.482049, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.482081, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.482101, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.482153, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.482176, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.482189, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.482199, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.482210, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.482219, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.482248, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.482272, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.482286, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 0F 57 32 1D ....]... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.482327, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.482392, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.482492, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 0F 57 32 1D ....]... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.482532, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.482544, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.482556, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.482566, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.482578, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.482587, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.482619, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.482643, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.482655, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.482667, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.482677, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.482689, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.482698, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.482724, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.482747, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.482759, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.482770, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.482781, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.482793, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.482802, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.482825, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.482851, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.482864, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.482876, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.482886, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.482898, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.482908, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.482946, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.482959, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.482971, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.482981, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.482994, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.483004, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.483032, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.483045, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.483057, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.483068, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.483081, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.483091, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.483116, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.483140, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.483156, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.483175, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.483186, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.483200, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.483209, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.483231, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.483254, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.483268, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.483280, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.483292, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.483303, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.483314, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.483326, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.483337, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 0F 57 32 1D ....^... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.483369, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005e-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.483414, 2, pid=12849, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print already exists [2016/04/14 10:01:46.483434, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005e-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.483471, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 0F 57 32 1D ....^... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.483503, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 0F 57 32 1D ....^... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.483533, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.483543, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.483554, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.483601, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005d-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.483633, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 0F 57 32 1D ....]... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.483664, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 0F 57 32 1D ....]... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.483694, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.483704, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.483715, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.483757, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.483772, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005a-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.483832, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter in: struct spoolss_StartDocPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005a-0000-0000-0f57-321d31320000 info_ctr : * info_ctr: struct spoolss_DocumentInfoCtr level : 0x00000001 (1) info : union spoolss_DocumentInfo(case 1) info1 : * info1: struct spoolss_DocumentInfo1 document_name : * document_name : 'Remote Downlevel Document' output_file : * output_file : '/var/spool/samba//smbprn.u8dxhB' datatype : * datatype : 'RAW' [2016/04/14 10:01:46.483916, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 0F 57 32 1D ....Z... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.483948, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 0F 57 32 1D ....Z... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.483978, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.484008, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.484023, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.484034, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.484067, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.484087, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.484139, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.484155, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.484174, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.484184, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.484195, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.484205, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.484234, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.484257, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.484271, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 5F 00 00 00 00 00 00 00 0F 57 32 1D ...._... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.484304, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005f-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.484361, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005f-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.484464, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5F 00 00 00 00 00 00 00 0F 57 32 1D ...._... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.484498, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.484514, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.484526, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.484536, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.484548, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.484557, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.484588, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.484611, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.484624, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.484635, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.484646, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.484657, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.484667, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.484693, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.484715, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.484728, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.484739, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.484749, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.484761, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.484771, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.484794, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.484816, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.484833, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.484845, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.484855, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.484867, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.484877, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.484916, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.484930, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.484942, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.484953, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.484966, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.484976, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.485003, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.485016, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.485028, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.485038, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.485052, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.485062, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.485086, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.485110, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.485126, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.485139, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.485149, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.485168, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.485178, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.485201, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.485223, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.485237, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.485249, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.485261, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.485272, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.485283, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.485295, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.485306, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 0F 57 32 1D ....`... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.485338, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000060-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.485395, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000060-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.485482, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 0F 57 32 1D ....`... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.485515, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.485526, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.485537, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.485548, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.485572, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.485586, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.485651, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000060-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.485736, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 0F 57 32 1D ....`... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.485773, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.485784, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.485797, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.486592, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000060-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.486629, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 0F 57 32 1D ....`... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.486666, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 0F 57 32 1D ....`... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.486697, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.486708, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.486720, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.486768, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005f-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.486801, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5F 00 00 00 00 00 00 00 0F 57 32 1D ...._... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.486832, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5F 00 00 00 00 00 00 00 0F 57 32 1D ...._... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.486863, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.486873, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.486884, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.486927, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.486942, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.486953, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.486963, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.486973, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.486987, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.486997, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.487018, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.487032, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.487043, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.487077, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.487101, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.487154, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.487173, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.487186, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.487196, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.487207, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.487216, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.487246, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.487269, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.487283, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 61 00 00 00 00 00 00 00 0F 57 32 1D ....a... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.487317, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000061-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.487378, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000061-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.487482, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 61 00 00 00 00 00 00 00 0F 57 32 1D ....a... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.487517, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.487528, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.487541, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.487551, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.487562, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.487572, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.487603, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.487626, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.487639, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.487651, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.487661, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.487677, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.487687, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.487714, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.487738, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.487751, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.487763, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.487773, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.487785, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.487795, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.487819, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.487842, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.487855, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.487866, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.487877, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.487889, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.487899, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.487937, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.487951, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.487963, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.487973, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.487987, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.488001, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.488029, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.488042, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.488054, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.488065, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.488079, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.488089, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.488113, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.488137, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.488150, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.488167, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.488179, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.488193, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.488202, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.488224, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.488247, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.488261, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.488273, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.488285, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.488300, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.488312, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.488323, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.488335, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 0F 57 32 1D ....b... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.488366, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000062-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.488421, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000062-0000-0000-0f57-321d31320000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/04/14 10:01:46.488477, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 0F 57 32 1D ....b... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.488512, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.488524, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.488547, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.488560, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.488583, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000001 (1) max_valnamelen : * max_valnamelen : 0x00000012 (18) max_valbufsize : * max_valbufsize : 0x000000b0 (176) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/04/14 10:01:46.488705, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000062-0000-0000-0f57-321d31320000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0014 (20) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2016/04/14 10:01:46.488796, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 0F 57 32 1D ....b... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.488829, 8, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.488842, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0014 (20) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) size : * size : 0x000000b0 (176) length : * length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.489664, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000062-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.489748, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 0F 57 32 1D ....b... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.489781, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.489792, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.489804, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2016/04/14 10:01:46.489815, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2016/04/14 10:01:46.489884, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.489938, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.489951, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.489963, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.489973, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.489984, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.489994, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.490022, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.490045, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.490059, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 63 00 00 00 00 00 00 00 0F 57 32 1D ....c... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.490093, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000063-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.490149, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000063-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.490264, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 63 00 00 00 00 00 00 00 0F 57 32 1D ....c... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.490300, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.490312, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.490324, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.490334, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.490345, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.490355, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.490386, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.490410, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.490423, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.490435, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.490445, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.490457, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.490466, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.490492, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.490515, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.490528, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.490544, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.490554, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.490566, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.490575, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.490599, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.490622, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.490634, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.490646, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.490656, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.490669, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.490678, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.490717, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.490731, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.490742, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.490753, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.490766, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.490776, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.490806, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.490819, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (10->11) [2016/04/14 10:01:46.490831, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.490845, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.490859, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.490868, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.490893, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.490916, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.490929, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (11->12) [2016/04/14 10:01:46.490940, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.490951, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.490964, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.490974, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.490995, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.491020, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.491034, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (12->11) [2016/04/14 10:01:46.491046, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (11->10) [2016/04/14 10:01:46.491058, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.491069, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.491081, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.491092, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.491104, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 0F 57 32 1D ....d... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.491140, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000064-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.491203, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000064-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.491284, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 0F 57 32 1D ....d... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.491316, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.491327, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.491338, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.491349, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.491372, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.491386, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.491452, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000064-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.491550, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 0F 57 32 1D ....d... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.491584, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.491595, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.491608, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.492391, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000064-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.492428, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 0F 57 32 1D ....d... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.492461, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 0F 57 32 1D ....d... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.492492, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.492504, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.492515, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.492563, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000063-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.492596, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 63 00 00 00 00 00 00 00 0F 57 32 1D ....c... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.492628, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 63 00 00 00 00 00 00 00 0F 57 32 1D ....c... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.492660, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.492671, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.492682, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.492734, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000062-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.492768, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 0F 57 32 1D ....b... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.492799, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 0F 57 32 1D ....b... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.492830, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.492841, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.492852, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.492898, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000061-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.492931, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 61 00 00 00 00 00 00 00 0F 57 32 1D ....a... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.492963, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 61 00 00 00 00 00 00 00 0F 57 32 1D ....a... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.492995, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.493005, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.493016, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.493063, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.493094, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2837(print_job_start) print_job_start: Queue Print number of jobs (7), max printjobs = 1000 [2016/04/14 10:01:46.493111, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2605(allocate_print_jobid) allocate_print_jobid: Read jobid 82 from Print [2016/04/14 10:01:46.493144, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2769(print_job_spool_file) print_job_spool_file:External spooling activated [2016/04/14 10:01:46.493176, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x10 for printer Print to notify_queue_head [2016/04/14 10:01:46.493191, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x03 for printer Print to notify_queue_head [2016/04/14 10:01:46.493203, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0d for printer Print to notify_queue_head [2016/04/14 10:01:46.493214, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head [2016/04/14 10:01:46.493226, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x16 for printer Print to notify_queue_head [2016/04/14 10:01:46.493238, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x14 for printer Print to notify_queue_head [2016/04/14 10:01:46.493248, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2669(add_to_jobs_added) add_to_jobs_added: Added jobid 83 [2016/04/14 10:01:46.493266, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter out: struct spoolss_StartDocPrinter job_id : * job_id : 0x00000053 (83) result : WERR_OK [2016/04/14 10:01:46.493303, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:80(pjobid_to_rap) pjobid_to_rap: called. [2016/04/14 10:01:46.493320, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:115(pjobid_to_rap) pjobid_to_rap: created jobid 83 maps to RAP jobid 8 [2016/04/14 10:01:46.493334, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5795(reply_printopen) openprint fd=46 fnum 45116 [2016/04/14 10:01:46.493346, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.493354, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=5808 smb_uid=59137 smb_mid=49600 smt_wct=1 smb_vwv[ 0]=45116 (0xB03C) smb_bcc=0 [2016/04/14 10:01:46.493386, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.493805, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 70 [2016/04/14 10:01:46.493836, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x46 [2016/04/14 10:01:46.493857, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 18 of length 74 (0 toread) [2016/04/14 10:01:46.493869, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.493877, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=5808 smb_uid=59137 smb_mid=49664 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [2016/04/14 10:01:46.493940, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 00 00 05 01 ..... [2016/04/14 10:01:46.493961, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBtrans2 (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.493974, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.493993, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/trans2.c:3966(call_trans2qfsinfo) call_trans2qfsinfo: level = 261 [2016/04/14 10:01:46.494009, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/trans2.c:3347(smbd_do_qfsinfo) smbd_do_qfsinfo: level = 261 [2016/04/14 10:01:46.494028, 9, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/trans2.c:1055(send_trans2_replies) t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 16584 [2016/04/14 10:01:46.494040, 9, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/trans2.c:1057(send_trans2_replies) t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 [2016/04/14 10:01:46.494051, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.494058, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=5808 smb_uid=59137 smb_mid=49664 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [2016/04/14 10:01:46.494119, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 6F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 .o...... .....N.T [0010] 00 46 00 53 00 .F.S. [2016/04/14 10:01:46.494164, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/trans2.c:3984(call_trans2qfsinfo) SMBtrans2 info_level = 261 [2016/04/14 10:01:46.494193, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 70 [2016/04/14 10:01:46.494207, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x46 [2016/04/14 10:01:46.494218, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 19 of length 74 (0 toread) [2016/04/14 10:01:46.494228, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.494235, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=7120 smb_uid=59137 smb_mid=49729 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [2016/04/14 10:01:46.494301, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 00 00 05 01 ..... [2016/04/14 10:01:46.494320, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBtrans2 (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.494332, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.494344, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/trans2.c:3966(call_trans2qfsinfo) call_trans2qfsinfo: level = 261 [2016/04/14 10:01:46.494357, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/trans2.c:3347(smbd_do_qfsinfo) smbd_do_qfsinfo: level = 261 [2016/04/14 10:01:46.494372, 9, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/trans2.c:1055(send_trans2_replies) t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 16584 [2016/04/14 10:01:46.494383, 9, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/trans2.c:1057(send_trans2_replies) t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 [2016/04/14 10:01:46.494394, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.494401, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=7120 smb_uid=59137 smb_mid=49729 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [2016/04/14 10:01:46.494451, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 6F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 .o...... .....N.T [0010] 00 46 00 53 00 .F.S. [2016/04/14 10:01:46.494492, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/trans2.c:3984(call_trans2qfsinfo) SMBtrans2 info_level = 261 [2016/04/14 10:01:46.494968, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 9386 [2016/04/14 10:01:46.495200, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x24aa [2016/04/14 10:01:46.495236, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 20 of length 9390 (0 toread) [2016/04/14 10:01:46.495251, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.495259, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=9386 smb_com=0xb smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=49793 smt_wct=5 smb_vwv[ 0]=45116 (0xB03C) smb_vwv[ 1]= 9338 (0x247A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_bcc=9341 [2016/04/14 10:01:46.495301, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [0000] 01 7A 24 20 20 73 77 69 74 63 68 20 6D 65 73 73 .z$ swi tch mess [0010] 61 67 65 20 53 4D 42 73 70 6C 6F 70 65 6E 20 28 age SMBs plopen ( [0020] 70 69 64 20 34 39 35 31 29 20 63 6F 6E 6E 20 30 pid 4951 ) conn 0 [0030] 78 32 31 32 33 35 31 66 30 0D 0A 0D 0A 20 20 73 x212351f 0.... s [0040] 77 69 74 63 68 20 6D 65 73 73 61 67 65 20 53 4D witch me ssage SM [0050] 42 73 70 6C 6F 70 65 6E 20 28 70 69 64 20 34 39 Bsplopen (pid 49 [0060] 35 31 29 20 63 6F 6E 6E 20 30 78 32 31 32 33 35 51) conn 0x21235 [0070] 31 66 30 3D 3D 3E 31 30 31 34 31 36 34 30 34 32 1f0==>10 14164042 [0080] 0D 0A 0D 0A 20 20 73 77 69 74 63 68 20 6D 65 73 .... sw itch mes [0090] 73 61 67 65 20 53 4D 42 73 70 6C 63 6C 6F 73 65 sage SMB splclose [00A0] 20 28 70 69 64 20 34 39 35 31 29 20 63 6F 6E 6E (pid 49 51) conn [00B0] 20 30 78 32 31 32 33 35 31 66 30 3D 3D 3E 31 30 0x21235 1f0==>10 [00C0] 31 34 31 36 34 30 34 32 20 6A 6F 62 20 65 6E 64 14164042 job end [00D0] 0D 0A 0D 0A 20 20 73 77 69 74 63 68 20 6D 65 73 .... sw itch mes [00E0] 73 61 67 65 20 53 4D 42 73 70 6C 63 6C 6F 73 65 sage SMB splclose [00F0] 20 28 70 69 64 20 34 39 35 31 29 20 63 6F 6E 6E (pid 49 51) conn [0100] 20 30 78 32 31 32 33 35 31 66 30 0D 0A 0D 0A 0D 0x21235 1f0..... [0110] 0A 20 20 73 77 69 74 63 68 20 6D 65 73 73 61 67 . switc h messag [0120] 65 20 53 4D 42 73 70 6C 6F 70 65 6E 20 28 70 69 e SMBspl open (pi [0130] 64 20 34 39 35 31 29 20 63 6F 6E 6E 20 30 78 32 d 4951) conn 0x2 [0140] 31 32 33 35 31 66 30 3D 3D 3E 31 30 31 34 32 38 12351f0= =>101428 [0150] 31 39 36 34 0D 0A 0D 0A 20 20 73 77 69 74 63 68 1964.... switch [0160] 20 6D 65 73 73 61 67 65 20 53 4D 42 73 70 6C 6F message SMBsplo [0170] 70 65 6E 20 28 70 69 64 20 34 39 35 31 29 20 63 pen (pid 4951) c [0180] 6F 6E 6E 20 30 78 32 31 32 33 35 31 66 30 3D 3D onn 0x21 2351f0== [0190] 3E 31 30 31 34 33 35 35 37 34 38 20 6A 6F 62 20 >1014355 748 job [01A0] 65 6E 64 0D 0A 0D 0A 0D 0A 20 20 73 77 69 74 63 end..... . switc [01B0] 68 20 6D 65 73 73 61 67 65 20 53 4D 42 73 70 6C h messag e SMBspl [01C0] 63 6C 6F 73 65 20 28 70 69 64 20 34 39 35 31 29 close (p id 4951) [01D0] 20 63 6F 6E 6E 20 30 78 32 31 32 33 35 31 66 30 conn 0x 212351f0 [01E0] 3D 3D 3E 31 30 31 34 33 35 35 37 34 38 0D 0A 0D ==>10143 55748... [01F0] 0A 20 20 73 77 69 74 63 68 20 6D 65 73 73 61 67 . switc h messag [2016/04/14 10:01:46.495727, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBwrite (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.495740, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.495771, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:4843(reply_write) write fnum 45116 num=9338 wrote=9338 [2016/04/14 10:01:46.495785, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.495793, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xb smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=49793 smt_wct=1 smb_vwv[ 0]= 9338 (0x247A) smb_bcc=0 [2016/04/14 10:01:46.495825, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.496201, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 10238 [2016/04/14 10:01:46.496258, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x27fe [2016/04/14 10:01:46.496275, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 21 of length 10242 (0 toread) [2016/04/14 10:01:46.496286, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.496304, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=10238 smb_com=0xb smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=49857 smt_wct=5 smb_vwv[ 0]=43321 (0xA939) smb_vwv[ 1]=10190 (0x27CE) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_bcc=10193 [2016/04/14 10:01:46.496348, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [0000] 01 CE 27 48 49 20 53 41 4D 42 41 20 20 73 77 69 ..'HI SA MBA swi [0010] 74 63 68 20 6D 65 73 73 61 67 65 20 53 4D 42 73 tch mess age SMBs [0020] 70 6C 6F 70 65 6E 20 28 70 69 64 20 34 39 35 31 plopen ( pid 4951 [0030] 29 20 63 6F 6E 6E 20 30 78 32 31 32 33 35 31 66 ) conn 0 x212351f [0040] 30 0D 0A 0D 0A 48 49 20 53 41 4D 42 41 20 20 73 0....HI SAMBA s [0050] 77 69 74 63 68 20 6D 65 73 73 61 67 65 20 53 4D witch me ssage SM [0060] 42 73 70 6C 6F 70 65 6E 20 28 70 69 64 20 34 39 Bsplopen (pid 49 [0070] 35 31 29 20 63 6F 6E 6E 20 30 78 32 31 32 33 35 51) conn 0x21235 [0080] 31 66 30 3D 3D 3E 31 30 31 34 31 36 34 30 34 32 1f0==>10 14164042 [0090] 0D 0A 0D 0A 48 49 20 53 41 4D 42 41 20 20 73 77 ....HI S AMBA sw [00A0] 69 74 63 68 20 6D 65 73 73 61 67 65 20 53 4D 42 itch mes sage SMB [00B0] 73 70 6C 63 6C 6F 73 65 20 28 70 69 64 20 34 39 splclose (pid 49 [00C0] 35 31 29 20 63 6F 6E 6E 20 30 78 32 31 32 33 35 51) conn 0x21235 [00D0] 31 66 30 3D 3D 3E 31 30 31 34 31 36 34 30 34 32 1f0==>10 14164042 [00E0] 20 6A 6F 62 20 65 6E 64 0D 0A 0D 0A 48 49 20 53 job end ....HI S [00F0] 41 4D 42 41 20 20 73 77 69 74 63 68 20 6D 65 73 AMBA sw itch mes [0100] 73 61 67 65 20 53 4D 42 73 70 6C 63 6C 6F 73 65 sage SMB splclose [0110] 20 28 70 69 64 20 34 39 35 31 29 20 63 6F 6E 6E (pid 49 51) conn [0120] 20 30 78 32 31 32 33 35 31 66 30 0D 0A 0D 0A 0D 0x21235 1f0..... [0130] 0A 48 49 20 53 41 4D 42 41 20 20 73 77 69 74 63 .HI SAMB A switc [0140] 68 20 6D 65 73 73 61 67 65 20 53 4D 42 73 70 6C h messag e SMBspl [0150] 6F 70 65 6E 20 28 70 69 64 20 34 39 35 31 29 20 open (pi d 4951) [0160] 63 6F 6E 6E 20 30 78 32 31 32 33 35 31 66 30 3D conn 0x2 12351f0= [0170] 3D 3E 31 30 31 34 32 38 31 39 36 34 0D 0A 0D 0A =>101428 1964.... [0180] 48 49 20 53 41 4D 42 41 20 20 73 77 69 74 63 68 HI SAMBA switch [0190] 20 6D 65 73 73 61 67 65 20 53 4D 42 73 70 6C 6F message SMBsplo [01A0] 70 65 6E 20 28 70 69 64 20 34 39 35 31 29 20 63 pen (pid 4951) c [01B0] 6F 6E 6E 20 30 78 32 31 32 33 35 31 66 30 3D 3D onn 0x21 2351f0== [01C0] 3E 31 30 31 34 33 35 35 37 34 38 20 6A 6F 62 20 >1014355 748 job [01D0] 65 6E 64 0D 0A 0D 0A 0D 0A 48 49 20 53 41 4D 42 end..... .HI SAMB [01E0] 41 20 20 73 77 69 74 63 68 20 6D 65 73 73 61 67 A switc h messag [01F0] 65 20 53 4D 42 73 70 6C 63 6C 6F 73 65 20 28 70 e SMBspl close (p [2016/04/14 10:01:46.496767, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBwrite (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.496780, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.496809, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:4843(reply_write) write fnum 43321 num=10190 wrote=10190 [2016/04/14 10:01:46.496822, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.496830, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xb smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=49857 smt_wct=1 smb_vwv[ 0]=10190 (0x27CE) smb_bcc=0 [2016/04/14 10:01:46.496862, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.497146, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 116 [2016/04/14 10:01:46.497178, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x74 [2016/04/14 10:01:46.497194, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 22 of length 120 (0 toread) [2016/04/14 10:01:46.497206, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.497214, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=116 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=5808 smb_uid=59137 smb_mid=49921 smt_wct=15 smb_vwv[ 0]= 6 (0x6) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 6 (0x6) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 40 (0x28) smb_vwv[12]= 76 (0x4C) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 8 (0x8) smb_bcc=51 [2016/04/14 10:01:46.497278, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 00 00 3C B0 EC 03 00 00 00 00 00 00 00 00 00 ...<.... ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 55 89 A1 B0 38 ........ ...U...8 [0020] 8E D1 01 55 89 A1 B0 38 8E D1 01 00 00 00 00 00 ...U...8 ........ [0030] 00 00 00 ... [2016/04/14 10:01:46.497338, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBtrans2 (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.497350, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.497366, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/error.c:82(error_packet_set) NT error packet at ../source3/smbd/trans2.c(8602) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_PATH_NOT_FOUND [2016/04/14 10:01:46.497380, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.497388, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=35 smb_com=0x32 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=5808 smb_uid=59137 smb_mid=49921 smt_wct=0 smb_bcc=0 [2016/04/14 10:01:46.497417, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.497736, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 116 [2016/04/14 10:01:46.497755, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x74 [2016/04/14 10:01:46.497766, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 23 of length 120 (0 toread) [2016/04/14 10:01:46.497776, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.497783, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=116 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=7120 smb_uid=59137 smb_mid=49985 smt_wct=15 smb_vwv[ 0]= 6 (0x6) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 6 (0x6) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 40 (0x28) smb_vwv[12]= 76 (0x4C) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 8 (0x8) smb_bcc=51 [2016/04/14 10:01:46.497845, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 00 00 39 A9 EC 03 00 00 00 00 00 00 00 00 00 ...9.... ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 12 70 3A D7 38 ........ ....p:.8 [0020] 8E D1 01 12 70 3A D7 38 8E D1 01 00 00 00 00 00 ....p:.8 ........ [0030] 00 00 00 ... [2016/04/14 10:01:46.497908, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBtrans2 (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.497921, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.497936, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/error.c:82(error_packet_set) NT error packet at ../source3/smbd/trans2.c(8602) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_PATH_NOT_FOUND [2016/04/14 10:01:46.497949, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.497956, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=35 smb_com=0x32 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=7120 smb_uid=59137 smb_mid=49985 smt_wct=0 smb_bcc=0 [2016/04/14 10:01:46.497985, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.498339, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 37 [2016/04/14 10:01:46.498368, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x25 [2016/04/14 10:01:46.498381, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 24 of length 41 (0 toread) [2016/04/14 10:01:46.498392, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.498400, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=50049 smt_wct=1 smb_vwv[ 0]=45116 (0xB03C) smb_bcc=0 [2016/04/14 10:01:46.498433, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.498443, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplclose (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.498456, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.498468, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5833(reply_printclose) printclose fd=46 fnum 45116 [2016/04/14 10:01:46.498490, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000005a-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.498525, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 0F 57 32 1D ....Z... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.498559, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 0F 57 32 1D ....Z... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.498595, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 0F 57 32 1D ....Z... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.498627, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.498642, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:469(print_job_find) print_job_find: looking up job 83 for share Print [2016/04/14 10:01:46.498661, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:497(print_job_find) print_job_find: returning system job -1 for jobid 83. lpr: The printer or class does not exist. [2016/04/14 10:01:46.507444, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/print_generic.c:90(print_run_command) Running the command `lpr -r -P'Print' smbprn.u8dxhB' gave 1 [2016/04/14 10:01:46.507514, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:469(print_job_find) print_job_find: looking up job 83 for share Print [2016/04/14 10:01:46.507546, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:497(print_job_find) print_job_find: returning system job -1 for jobid 83. [2016/04/14 10:01:46.507571, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head [2016/04/14 10:01:46.507604, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2139(remove_from_jobs_added) remove_from_jobs_added: removed jobid 83 [2016/04/14 10:01:46.507626, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:159(rap_jobid_delete) rap_jobid_delete: called. [2016/04/14 10:01:46.507640, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:179(rap_jobid_delete) rap_jobid_delete: deleting jobid 83 [2016/04/14 10:01:46.507657, 2, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:5927(_spoolss_EndDocPrinter) _spoolss_EndDocPrinter: print_job_end failed [NT_STATUS_PRINT_CANCELLED] [2016/04/14 10:01:46.507672, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 0F 57 32 1D ....Z... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.507706, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 0F 57 32 1D ....Z... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.507737, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.507750, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.507823, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.507838, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.507860, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key C71BCFB9 [2016/04/14 10:01:46.507875, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d58c38 [2016/04/14 10:01:46.507893, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key C71BCFB9 [2016/04/14 10:01:46.507905, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.507916, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.507937, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:554(file_free) freed files structure 45116 (1 used) [2016/04/14 10:01:46.507952, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.507960, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=35 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=50049 smt_wct=0 smb_bcc=0 [2016/04/14 10:01:46.507990, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.508330, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 37 [2016/04/14 10:01:46.508352, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x25 [2016/04/14 10:01:46.508363, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 25 of length 41 (0 toread) [2016/04/14 10:01:46.508374, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.508381, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=50113 smt_wct=1 smb_vwv[ 0]=43321 (0xA939) smb_bcc=0 [2016/04/14 10:01:46.508413, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.508424, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplclose (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.508440, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.508455, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5833(reply_printclose) printclose fd=45 fnum 43321 [2016/04/14 10:01:46.508480, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004f-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.508515, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:348(find_policy_by_hnd_internal) Policy not found: [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 0F 57 32 1D ....O... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.508548, 2, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:344(find_printer_index_by_hnd) find_printer_index_by_hnd: Printer handle not found: Policy not found: [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 0F 57 32 1D ....O... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.508585, 2, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:344(find_printer_index_by_hnd) find_printer_index_by_hnd: Printer handle not found: close_printer_handle: Invalid handle (OURS:12849:12849) [2016/04/14 10:01:46.508603, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printspoolss.c:326(print_spool_end) Failed to close printer Print [NT code 0x1c00001a] [2016/04/14 10:01:46.508622, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.508633, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.508646, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 8C5BAEF2 [2016/04/14 10:01:46.508660, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d58c38 [2016/04/14 10:01:46.508677, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 8C5BAEF2 [2016/04/14 10:01:46.508689, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.508700, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.508716, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:554(file_free) freed files structure 43321 (0 used) [2016/04/14 10:01:46.508728, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.508736, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=35 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=50113 smt_wct=0 smb_bcc=0 [2016/04/14 10:01:46.508766, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.509219, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 60 [2016/04/14 10:01:46.509238, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x3c [2016/04/14 10:01:46.509249, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 26 of length 64 (0 toread) [2016/04/14 10:01:46.509259, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.509267, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=60 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=5808 smb_uid=59137 smb_mid=50177 smt_wct=2 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1 (0x1) smb_bcc=21 [2016/04/14 10:01:46.509301, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [0000] 04 53 00 53 00 48 00 49 00 56 00 41 00 50 00 50 .S.S.H.I .V.A.P.P [0010] 00 41 00 00 00 .A... [2016/04/14 10:01:46.509335, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplopen (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.509348, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.509368, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.509380, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.509393, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 51807A36 [2016/04/14 10:01:46.509406, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d59878 [2016/04/14 10:01:46.509417, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) smbXsrv_open_global_verify_record: empty value [2016/04/14 10:01:46.509449, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) smbXsrv_open_global_store: key '51807A36' stored [2016/04/14 10:01:46.509463, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x51807a36 (1367374390) open_persistent_id : 0x0000000051807a36 (1367374390) open_volatile_id : 0x000000000000ed3f (60735) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:47 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2016/04/14 10:01:46.509587, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 51807A36 [2016/04/14 10:01:46.509600, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.509611, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.509622, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) smbXsrv_open_create: global_id (0x51807a36) stored [2016/04/14 10:01:46.509632, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x0000ed3f (60735) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x51807a36 (1367374390) open_persistent_id : 0x0000000051807a36 (1367374390) open_volatile_id : 0x000000000000ed3f (60735) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:47 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Thu Apr 14 10:01:47 AM 2016 IST compat : NULL flags : 0x00 (0) 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE create_action : 0x00000000 (0) [2016/04/14 10:01:46.509811, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:128(file_new) allocated file structure fnum 60735 (1 used) [2016/04/14 10:01:46.509914, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection spoolss [2016/04/14 10:01:46.509944, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:1072(rpc_pipe_open_interface) Connecting to spoolss pipe. [2016/04/14 10:01:46.509964, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested spoolss [2016/04/14 10:01:46.509980, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe spoolss [2016/04/14 10:01:46.509992, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss [2016/04/14 10:01:46.510032, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe spoolss [2016/04/14 10:01:46.510062, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'Print' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ [2016/04/14 10:01:46.510135, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.510166, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 [2016/04/14 10:01:46.510179, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.510198, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:01:46.510208, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:01:46.510240, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/server_reload.c:75(delete_and_reload_printers) skipping printer reload, already up to date. [2016/04/14 10:01:46.510256, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 checking name: Print [2016/04/14 10:01:46.510270, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:735(open_printer_hnd) open_printer_hnd: name [Print] [2016/04/14 10:01:46.510281, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 65 00 00 00 00 00 00 00 0F 57 32 1D ....e... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.510313, 3, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:507(set_printer_hnd_printertype) Setting printer type=Print Printer is a printer [2016/04/14 10:01:46.510326, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:567(set_printer_hnd_name) Setting printer name=Print (len=5) searching for [Print] [2016/04/14 10:01:46.510351, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Thu Jan 1 05:30:00 AM 1970 IST] (-1460608306 seconds in the past) [2016/04/14 10:01:46.510420, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Fri Jan 16 10:49:41 PM 1970 IST] (-1459249925 seconds in the past) set_printer_hnd_name: Printer found: Print -> Print [2016/04/14 10:01:46.510475, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:771(open_printer_hnd) 1 printer handles active [2016/04/14 10:01:46.510487, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 65 00 00 00 00 00 00 00 0F 57 32 1D ....e... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.510519, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 65 00 00 00 00 00 00 00 0F 57 32 1D ....e... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.510549, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.510571, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.188.101.162 (10.188.101.162) [2016/04/14 10:01:46.510613, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share Print is ok for unix user nobody [2016/04/14 10:01:46.510641, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.510656, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.510667, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.510701, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.510725, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.510780, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.510792, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.510805, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.510816, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.510828, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.510838, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.510870, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.510896, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.510910, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 0F 57 32 1D ....f... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.510943, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000066-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.511003, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000066-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.511112, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 0F 57 32 1D ....f... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.511155, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.511186, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.511198, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.511209, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.511220, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.511230, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.511262, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.511286, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.511299, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.511311, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.511321, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.511333, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.511342, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.511373, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.511397, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.511410, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.511421, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.511432, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.511444, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.511453, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.511477, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.511500, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.511512, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.511523, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.511534, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.511546, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.511556, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.511594, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.511607, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.511619, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.511629, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.511643, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.511652, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.511683, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.511696, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.511708, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.511719, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.511732, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.511742, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.511766, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.511790, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.511802, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.511813, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.511824, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.511838, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.511861, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.511884, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.511907, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.511921, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.511932, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.511945, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.511956, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.511971, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.511983, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.511995, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 67 00 00 00 00 00 00 00 0F 57 32 1D ....g... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.512028, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000067-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.512089, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000067-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.512179, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 67 00 00 00 00 00 00 00 0F 57 32 1D ....g... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.512213, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.512224, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.512235, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.512246, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.512270, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.512284, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.512355, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000067-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.512440, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 67 00 00 00 00 00 00 00 0F 57 32 1D ....g... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.512473, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.512484, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.512496, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.513275, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000067-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.513312, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 67 00 00 00 00 00 00 00 0F 57 32 1D ....g... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.513344, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 67 00 00 00 00 00 00 00 0F 57 32 1D ....g... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.513376, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.513386, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.513397, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.513445, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000066-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.513478, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 0F 57 32 1D ....f... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.513510, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 0F 57 32 1D ....f... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.513545, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.513556, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.513567, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.513611, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.513627, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.513637, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.513647, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.513657, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.513667, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.513677, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.513688, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1922(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2016/04/14 10:01:46.513707, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.513721, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.513732, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.513765, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.513785, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.513838, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.513853, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.513866, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.513876, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.513887, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.513897, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.513926, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.513949, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.513963, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 0F 57 32 1D ....h... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.513996, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000068-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.514052, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000068-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.514154, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 0F 57 32 1D ....h... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.514205, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.514218, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.514230, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.514240, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.514252, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.514261, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.514293, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.514317, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.514330, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.514342, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.514352, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.514364, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.514373, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.514399, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.514422, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.514435, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.514447, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.514457, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.514469, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.514479, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.514502, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.514529, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.514542, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.514553, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.514564, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.514576, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.514586, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.514624, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.514637, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.514649, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.514660, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.514673, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.514683, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.514710, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.514722, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.514734, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.514745, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.514758, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.514768, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.514793, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.514816, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.514832, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.514844, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.514855, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.514868, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.514878, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.514900, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.514922, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.514936, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.514948, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.514960, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.514971, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.514982, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.514993, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.515005, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 69 00 00 00 00 00 00 00 0F 57 32 1D ....i... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.515037, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000069-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.515082, 2, pid=12849, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print already exists [2016/04/14 10:01:46.515102, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000069-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.515138, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 69 00 00 00 00 00 00 00 0F 57 32 1D ....i... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.515176, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 69 00 00 00 00 00 00 00 0F 57 32 1D ....i... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.515206, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.515216, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.515227, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.515275, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000068-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.515313, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 0F 57 32 1D ....h... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.515344, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 0F 57 32 1D ....h... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.515374, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.515385, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.515396, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.515438, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.515454, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000065-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.515517, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter in: struct spoolss_StartDocPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000065-0000-0000-0f57-321d31320000 info_ctr : * info_ctr: struct spoolss_DocumentInfoCtr level : 0x00000001 (1) info : union spoolss_DocumentInfo(case 1) info1 : * info1: struct spoolss_DocumentInfo1 document_name : * document_name : 'Remote Downlevel Document' output_file : * output_file : '/var/spool/samba//smbprn.iqIyrm' datatype : * datatype : 'RAW' [2016/04/14 10:01:46.515602, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 65 00 00 00 00 00 00 00 0F 57 32 1D ....e... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.515636, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 65 00 00 00 00 00 00 00 0F 57 32 1D ....e... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.515666, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.515696, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.515712, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.515723, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.515755, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.515776, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.515829, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.515845, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.515857, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.515867, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.515878, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.515887, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.515916, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.515939, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.515953, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 0F 57 32 1D ....j... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.515985, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006a-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.516042, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006a-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.516144, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 0F 57 32 1D ....j... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.516187, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.516204, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.516216, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.516226, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.516238, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.516247, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.516279, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.516303, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.516315, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.516327, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.516337, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.516349, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.516358, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.516385, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.516408, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.516420, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.516432, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.516442, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.516454, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.516464, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.516487, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.516510, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.516526, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.516537, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.516548, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.516560, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.516570, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.516607, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.516620, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.516632, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.516643, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.516656, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.516666, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.516692, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.516705, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.516717, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.516727, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.516741, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.516750, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.516775, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.516799, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.516815, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.516827, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.516838, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.516852, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.516861, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.516883, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.516906, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.516919, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.516931, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.516943, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.516954, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.516966, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.516977, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.516989, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 6B 00 00 00 00 00 00 00 0F 57 32 1D ....k... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.517021, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006b-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.517078, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006b-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.517172, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6B 00 00 00 00 00 00 00 0F 57 32 1D ....k... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.517204, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.517215, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.517226, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.517237, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.517261, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.517275, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.517342, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006b-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.517427, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6B 00 00 00 00 00 00 00 0F 57 32 1D ....k... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.517464, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.517475, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.517487, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.518276, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006b-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.518314, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6B 00 00 00 00 00 00 00 0F 57 32 1D ....k... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.518351, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6B 00 00 00 00 00 00 00 0F 57 32 1D ....k... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.518382, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.518393, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.518405, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.518453, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006a-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.518485, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 0F 57 32 1D ....j... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.518518, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 0F 57 32 1D ....j... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.518550, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.518560, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.518571, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.518614, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.518629, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.518640, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.518650, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.518660, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.518673, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.518684, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.518704, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.518718, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.518729, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.518764, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.518789, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.518842, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.518854, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.518866, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.518877, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.518888, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.518897, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.518926, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.518950, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.518964, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 0F 57 32 1D ....l... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.518997, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006c-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.519057, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006c-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.519164, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 0F 57 32 1D ....l... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.519199, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.519211, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.519223, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.519233, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.519244, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.519254, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.519285, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.519309, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.519322, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.519334, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.519345, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.519360, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.519370, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.519397, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.519420, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.519433, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.519445, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.519455, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.519467, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.519477, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.519500, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.519523, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.519536, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.519548, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.519558, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.519571, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.519580, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.519619, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.519633, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.519644, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.519655, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.519669, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.519683, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.519712, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.519725, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.519737, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.519747, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.519761, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.519771, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.519795, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.519821, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.519833, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.519845, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.519855, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.519869, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.519879, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.519900, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.519923, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.519937, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.519948, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.519961, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.519975, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.519987, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.519999, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.520011, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 0F 57 32 1D ....m... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.520042, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006d-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.520098, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006d-0000-0000-0f57-321d31320000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/04/14 10:01:46.520153, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 0F 57 32 1D ....m... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.520196, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.520209, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.520233, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.520246, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.520268, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000001 (1) max_valnamelen : * max_valnamelen : 0x00000012 (18) max_valbufsize : * max_valbufsize : 0x000000b0 (176) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/04/14 10:01:46.520394, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006d-0000-0000-0f57-321d31320000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0014 (20) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2016/04/14 10:01:46.520486, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 0F 57 32 1D ....m... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.520519, 8, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.520533, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0014 (20) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) size : * size : 0x000000b0 (176) length : * length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.521342, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006d-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.521424, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 0F 57 32 1D ....m... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.521456, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.521467, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.521479, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2016/04/14 10:01:46.521489, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2016/04/14 10:01:46.521558, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.521612, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.521624, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.521637, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.521646, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.521657, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.521667, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.521696, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.521719, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.521733, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 6E 00 00 00 00 00 00 00 0F 57 32 1D ....n... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.521766, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006e-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.521822, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006e-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.521930, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 00 00 00 00 00 00 00 0F 57 32 1D ....n... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.521964, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.521976, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.521988, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.521998, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.522010, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.522019, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.522051, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.522075, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.522088, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.522099, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.522110, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.522121, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.522131, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.522157, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.522187, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.522200, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.522216, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.522226, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.522238, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.522248, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.522272, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.522295, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.522307, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.522319, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.522329, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.522342, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.522351, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.522390, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.522403, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.522415, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.522426, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.522439, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.522449, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.522478, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.522491, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (10->11) [2016/04/14 10:01:46.522503, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.522517, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.522531, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.522540, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.522565, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.522589, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.522601, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (11->12) [2016/04/14 10:01:46.522613, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.522623, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.522637, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.522646, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.522668, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.522691, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.522704, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (12->11) [2016/04/14 10:01:46.522716, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (11->10) [2016/04/14 10:01:46.522729, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.522740, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.522751, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.522763, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.522774, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 6F 00 00 00 00 00 00 00 0F 57 32 1D ....o... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.522810, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006f-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.522869, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006f-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.522951, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 00 00 00 00 00 00 00 0F 57 32 1D ....o... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.522984, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.522994, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.523005, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.523017, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.523040, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.523054, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.523119, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006f-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.523215, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 00 00 00 00 00 00 00 0F 57 32 1D ....o... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.523249, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.523260, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.523273, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.524061, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006f-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.524097, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 00 00 00 00 00 00 00 0F 57 32 1D ....o... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.524130, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 00 00 00 00 00 00 00 0F 57 32 1D ....o... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.524167, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.524179, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.524191, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.524238, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006e-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.524273, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 00 00 00 00 00 00 00 0F 57 32 1D ....n... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.524305, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 00 00 00 00 00 00 00 0F 57 32 1D ....n... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.524337, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.524347, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.524358, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.524411, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006d-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.524444, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 0F 57 32 1D ....m... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.524476, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 0F 57 32 1D ....m... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.524506, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.524517, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.524528, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.524574, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000006c-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.524606, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 0F 57 32 1D ....l... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.524637, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 0F 57 32 1D ....l... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.524667, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.524678, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.524689, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.524735, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.524765, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2837(print_job_start) print_job_start: Queue Print number of jobs (8), max printjobs = 1000 [2016/04/14 10:01:46.524784, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2605(allocate_print_jobid) allocate_print_jobid: Read jobid 83 from Print [2016/04/14 10:01:46.524818, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2769(print_job_spool_file) print_job_spool_file:External spooling activated [2016/04/14 10:01:46.524846, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x10 for printer Print to notify_queue_head [2016/04/14 10:01:46.524859, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x03 for printer Print to notify_queue_head [2016/04/14 10:01:46.524871, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0d for printer Print to notify_queue_head [2016/04/14 10:01:46.524882, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head [2016/04/14 10:01:46.524896, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x16 for printer Print to notify_queue_head [2016/04/14 10:01:46.524907, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x14 for printer Print to notify_queue_head [2016/04/14 10:01:46.524918, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2669(add_to_jobs_added) add_to_jobs_added: Added jobid 84 [2016/04/14 10:01:46.524935, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter out: struct spoolss_StartDocPrinter job_id : * job_id : 0x00000054 (84) result : WERR_OK [2016/04/14 10:01:46.524973, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:80(pjobid_to_rap) pjobid_to_rap: called. [2016/04/14 10:01:46.524991, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:115(pjobid_to_rap) pjobid_to_rap: created jobid 84 maps to RAP jobid 9 [2016/04/14 10:01:46.525006, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5795(reply_printopen) openprint fd=47 fnum 60735 [2016/04/14 10:01:46.525018, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.525025, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=5808 smb_uid=59137 smb_mid=50177 smt_wct=1 smb_vwv[ 0]=60735 (0xED3F) smb_bcc=0 [2016/04/14 10:01:46.525058, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.525549, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 60 [2016/04/14 10:01:46.525573, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x3c [2016/04/14 10:01:46.525585, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 27 of length 64 (0 toread) [2016/04/14 10:01:46.525595, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.525603, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=60 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=7120 smb_uid=59137 smb_mid=50241 smt_wct=2 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1 (0x1) smb_bcc=21 [2016/04/14 10:01:46.525637, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [0000] 04 53 00 53 00 48 00 49 00 56 00 41 00 50 00 50 .S.S.H.I .V.A.P.P [0010] 00 41 00 00 00 .A... [2016/04/14 10:01:46.525672, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplopen (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.525685, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.525702, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.525713, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.525727, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 31847F33 [2016/04/14 10:01:46.525741, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d597b0 [2016/04/14 10:01:46.525752, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) smbXsrv_open_global_verify_record: empty value [2016/04/14 10:01:46.525778, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) smbXsrv_open_global_store: key '31847F33' stored [2016/04/14 10:01:46.525792, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x31847f33 (830766899) open_persistent_id : 0x0000000031847f33 (830766899) open_volatile_id : 0x00000000000096b3 (38579) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:47 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2016/04/14 10:01:46.525914, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 31847F33 [2016/04/14 10:01:46.525927, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.525938, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.525950, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) smbXsrv_open_create: global_id (0x31847f33) stored [2016/04/14 10:01:46.525960, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x000096b3 (38579) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000003231 (12849) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x67994761415eb6ee (7465076340377433838) open_global_id : 0x31847f33 (830766899) open_persistent_id : 0x0000000031847f33 (830766899) open_volatile_id : 0x00000000000096b3 (38579) open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 open_time : Thu Apr 14 10:01:47 AM 2016 IST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Thu Apr 14 10:01:47 AM 2016 IST compat : NULL flags : 0x00 (0) 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE create_action : 0x00000000 (0) [2016/04/14 10:01:46.526138, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:128(file_new) allocated file structure fnum 38579 (2 used) [2016/04/14 10:01:46.526197, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection spoolss [2016/04/14 10:01:46.526220, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:1072(rpc_pipe_open_interface) Connecting to spoolss pipe. [2016/04/14 10:01:46.526238, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested spoolss [2016/04/14 10:01:46.526252, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe spoolss [2016/04/14 10:01:46.526268, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss [2016/04/14 10:01:46.526303, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe spoolss [2016/04/14 10:01:46.526330, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter in: struct spoolss_OpenPrinter printername : * printername : 'Print' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ [2016/04/14 10:01:46.526396, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.526409, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 [2016/04/14 10:01:46.526419, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/04/14 10:01:46.526429, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:01:46.526439, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:01:46.526464, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/server_reload.c:75(delete_and_reload_printers) skipping printer reload, already up to date. [2016/04/14 10:01:46.526480, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 checking name: Print [2016/04/14 10:01:46.526493, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:735(open_printer_hnd) open_printer_hnd: name [Print] [2016/04/14 10:01:46.526505, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 0F 57 32 1D ....p... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.526536, 3, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:507(set_printer_hnd_printertype) Setting printer type=Print Printer is a printer [2016/04/14 10:01:46.526548, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:567(set_printer_hnd_name) Setting printer name=Print (len=5) searching for [Print] [2016/04/14 10:01:46.526570, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Thu Jan 1 05:30:00 AM 1970 IST] (-1460608306 seconds in the past) [2016/04/14 10:01:46.526634, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Fri Jan 16 10:49:41 PM 1970 IST] (-1459249925 seconds in the past) set_printer_hnd_name: Printer found: Print -> Print [2016/04/14 10:01:46.526694, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:771(open_printer_hnd) 1 printer handles active [2016/04/14 10:01:46.526706, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 0F 57 32 1D ....p... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.526738, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 0F 57 32 1D ....p... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.526768, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.526787, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.188.101.162 (10.188.101.162) [2016/04/14 10:01:46.526825, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share Print is ok for unix user nobody [2016/04/14 10:01:46.526851, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.526866, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.526877, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.526910, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.526931, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.526984, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.526996, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.527009, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.527019, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.527030, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.527040, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.527074, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.527098, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.527112, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 71 00 00 00 00 00 00 00 0F 57 32 1D ....q... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.527145, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000071-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.527212, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000071-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.527317, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 71 00 00 00 00 00 00 00 0F 57 32 1D ....q... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.527352, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.527363, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.527375, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.527386, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.527397, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.527406, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.527442, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.527467, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.527480, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.527492, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.527502, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.527514, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.527523, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.527549, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.527573, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.527585, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.527597, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.527607, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.527619, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.527628, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.527651, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.527674, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.527686, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.527698, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.527708, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.527720, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.527734, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.527773, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.527787, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.527798, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.527809, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.527822, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.527832, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.527860, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.527874, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.527885, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.527896, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.527910, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.527920, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.527944, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.527968, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.527980, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.527992, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.528003, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.528017, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.528026, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.528052, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.528075, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.528089, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.528101, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.528113, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.528125, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.528136, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.528147, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.528164, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 0F 57 32 1D ....r... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.528197, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000072-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.528256, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000072-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.528339, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 0F 57 32 1D ....r... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.528376, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.528387, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.528398, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.528409, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.528433, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.528447, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.528513, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000072-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.528598, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 0F 57 32 1D ....r... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.528631, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.528642, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.528654, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.529439, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000072-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.529476, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 0F 57 32 1D ....r... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.529509, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 0F 57 32 1D ....r... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.529540, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.529551, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.529563, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.529614, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000071-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.529647, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 71 00 00 00 00 00 00 00 0F 57 32 1D ....q... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.529679, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 71 00 00 00 00 00 00 00 0F 57 32 1D ....q... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.529710, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.529721, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.529732, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.529774, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.529790, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.529801, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.529811, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.529821, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.529830, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.529841, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.529852, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1922(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2016/04/14 10:01:46.529870, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.529884, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.529900, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.529934, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.529954, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.530007, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.530018, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.530030, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.530041, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.530051, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.530061, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.530091, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.530114, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.530128, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 73 00 00 00 00 00 00 00 0F 57 32 1D ....s... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.530167, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000073-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.530224, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000073-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.530331, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 00 00 00 00 00 00 00 0F 57 32 1D ....s... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.530364, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.530376, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.530388, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.530398, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.530409, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.530419, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.530450, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.530474, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.530486, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.530498, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.530508, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.530520, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.530529, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.530556, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.530579, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.530595, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.530607, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.530617, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.530629, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.530638, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.530662, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.530684, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.530696, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.530708, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.530718, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.530730, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.530740, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.530778, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.530791, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.530802, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.530813, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.530826, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.530836, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.530864, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.530877, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.530892, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.530904, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.530917, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.530927, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.530952, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.530976, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.530988, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.531000, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.531011, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.531024, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.531034, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.531055, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.531078, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.531092, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.531104, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.531116, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.531128, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.531139, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.531151, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.531171, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 0F 57 32 1D ....t... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.531204, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000074-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.531250, 2, pid=12849, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print already exists [2016/04/14 10:01:46.531269, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000074-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.531302, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 0F 57 32 1D ....t... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.531333, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 0F 57 32 1D ....t... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.531363, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.531374, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.531385, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.531431, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000073-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.531465, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 00 00 00 00 00 00 00 0F 57 32 1D ....s... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.531497, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 00 00 00 00 00 00 00 0F 57 32 1D ....s... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.531531, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.531542, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.531553, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.531596, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.531611, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinter: struct spoolss_OpenPrinter out: struct spoolss_OpenPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000070-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.531669, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter in: struct spoolss_StartDocPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000070-0000-0000-0f57-321d31320000 info_ctr : * info_ctr: struct spoolss_DocumentInfoCtr level : 0x00000001 (1) info : union spoolss_DocumentInfo(case 1) info1 : * info1: struct spoolss_DocumentInfo1 document_name : * document_name : 'Remote Downlevel Document' output_file : * output_file : '/var/spool/samba//smbprn.0oNJE7' datatype : * datatype : 'RAW' [2016/04/14 10:01:46.531752, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 0F 57 32 1D ....p... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.531784, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 0F 57 32 1D ....p... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.531814, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.531843, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.531859, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.531874, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.531907, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.531928, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.531981, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.531993, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.532005, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.532015, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.532026, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.532035, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.532065, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.532087, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.532101, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 75 00 00 00 00 00 00 00 0F 57 32 1D ....u... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.532134, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000075-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.532197, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000075-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.532306, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 75 00 00 00 00 00 00 00 0F 57 32 1D ....u... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.532340, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.532352, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.532364, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.532374, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.532385, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.532394, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.532426, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.532449, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.532462, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.532473, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.532484, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.532495, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.532505, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.532531, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.532553, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.532570, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.532582, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.532592, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.532604, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.532613, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.532637, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.532659, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.532672, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.532683, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.532693, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.532706, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.532716, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.532756, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.532769, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.532781, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.532791, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.532805, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.532814, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.532842, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.532855, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.532870, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.532881, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.532895, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.532904, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.532929, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.532953, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.532965, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.532976, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.532987, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.533001, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.533010, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.533032, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.533054, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2016/04/14 10:01:46.533068, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.533080, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.533092, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.533103, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.533115, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.533126, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.533141, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 0F 57 32 1D ....v... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.533182, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000076-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.533242, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000076-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.533323, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 0F 57 32 1D ....v... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.533356, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.533367, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.533378, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.533389, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.533413, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.533427, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.533498, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000076-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.533583, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 0F 57 32 1D ....v... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.533615, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.533625, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.533638, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.534430, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000076-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.534467, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 0F 57 32 1D ....v... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.534500, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 0F 57 32 1D ....v... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.534531, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.534542, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.534554, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.534601, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000075-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.534634, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 75 00 00 00 00 00 00 00 0F 57 32 1D ....u... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.534667, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 75 00 00 00 00 00 00 00 0F 57 32 1D ....u... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.534697, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.534708, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.534719, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.534766, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.534782, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2016/04/14 10:01:46.534793, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.534803, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.534813, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.534823, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2016/04/14 10:01:46.534833, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) access check was SUCCESS [2016/04/14 10:01:46.534853, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/04/14 10:01:46.534868, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/04/14 10:01:46.534879, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/04/14 10:01:46.534912, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/04/14 10:01:46.534936, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.534989, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.535002, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/04/14 10:01:46.535014, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.535024, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.535035, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.535048, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.535078, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.535101, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.535116, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 77 00 00 00 00 00 00 00 0F 57 32 1D ....w... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.535148, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000077-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.535211, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000077-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.535313, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 00 00 00 00 00 00 00 0F 57 32 1D ....w... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.535347, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.535358, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/04/14 10:01:46.535370, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.535381, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.535396, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.535406, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.535438, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.535461, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.535474, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.535486, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.535496, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.535508, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.535518, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.535544, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.535567, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.535580, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.535592, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.535602, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.535614, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.535624, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.535648, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.535671, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.535684, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.535696, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.535706, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.535722, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.535732, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.535770, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.535784, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.535795, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.535806, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.535819, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.535829, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.535856, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.535869, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.535881, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.535891, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.535905, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.535914, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.535938, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.535962, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.535974, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.535986, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.535997, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.536015, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.536025, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.536047, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.536072, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.536086, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.536098, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.536111, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.536122, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.536133, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.536145, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.536157, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 0F 57 32 1D ....x... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.536194, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000078-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.536249, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000078-0000-0000-0f57-321d31320000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/04/14 10:01:46.536303, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 0F 57 32 1D ....x... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.536338, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.536354, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.536378, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.536391, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.536413, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000001 (1) max_valnamelen : * max_valnamelen : 0x00000012 (18) max_valbufsize : * max_valbufsize : 0x000000b0 (176) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/04/14 10:01:46.536530, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000078-0000-0000-0f57-321d31320000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0014 (20) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2016/04/14 10:01:46.536620, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 0F 57 32 1D ....x... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.536652, 8, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.536669, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0014 (20) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) size : * size : 0x000000b0 (176) length : * length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.537472, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000078-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.537558, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 0F 57 32 1D ....x... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.537591, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.537602, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.537613, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2016/04/14 10:01:46.537624, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2016/04/14 10:01:46.537687, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.537741, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/04/14 10:01:46.537753, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/04/14 10:01:46.537766, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/04/14 10:01:46.537776, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/04/14 10:01:46.537787, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.537797, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] [2016/04/14 10:01:46.537826, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2016/04/14 10:01:46.537849, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.537863, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 79 00 00 00 00 00 00 00 0F 57 32 1D ....y... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.537901, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000079-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.537957, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000079-0000-0000-0f57-321d31320000 keyname: struct winreg_String name_len : 0x0084 (132) name_size : 0x0084 (132) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/04/14 10:01:46.538061, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 79 00 00 00 00 00 00 00 0F 57 32 1D ....y... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.538094, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/04/14 10:01:46.538106, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/04/14 10:01:46.538119, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/04/14 10:01:46.538129, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/04/14 10:01:46.538140, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.538150, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] [2016/04/14 10:01:46.538188, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2016/04/14 10:01:46.538212, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/04/14 10:01:46.538225, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/04/14 10:01:46.538241, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.538252, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.538264, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.538274, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.538300, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2016/04/14 10:01:46.538324, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/04/14 10:01:46.538336, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/04/14 10:01:46.538348, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.538358, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.538370, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.538380, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.538403, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2016/04/14 10:01:46.538426, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/04/14 10:01:46.538439, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/04/14 10:01:46.538450, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.538461, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.538473, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.538497, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/04/14 10:01:46.538539, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.538553, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/04/14 10:01:46.538569, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.538580, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.538594, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.538604, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/04/14 10:01:46.538632, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/04/14 10:01:46.538645, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (10->11) [2016/04/14 10:01:46.538657, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.538667, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.538681, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.538691, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.538715, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/04/14 10:01:46.538742, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/04/14 10:01:46.538754, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (11->12) [2016/04/14 10:01:46.538766, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.538777, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.538790, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/04/14 10:01:46.538800, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.538821, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.538844, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 [2016/04/14 10:01:46.538862, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (12->11) [2016/04/14 10:01:46.538874, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (11->10) [2016/04/14 10:01:46.538886, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/04/14 10:01:46.538897, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/04/14 10:01:46.538909, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/04/14 10:01:46.538920, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/04/14 10:01:46.538932, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 0F 57 32 1D ....z... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.538964, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000007a-0000-0000-0f57-321d31320000 result : WERR_OK [2016/04/14 10:01:46.539021, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000007a-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.539102, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 0F 57 32 1D ....z... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.539135, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.539146, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.539161, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) [2016/04/14 10:01:46.539178, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.539202, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2016/04/14 10:01:46.539217, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/04/14 10:01:46.539283, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000007a-0000-0000-0f57-321d31320000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2016/04/14 10:01:46.539367, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 0F 57 32 1D ....z... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.539400, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] [2016/04/14 10:01:46.539411, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/04/14 10:01:46.539423, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2016/04/14 10:01:46.540209, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000007a-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.540245, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 0F 57 32 1D ....z... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.540277, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 0F 57 32 1D ....z... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.540307, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.540318, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/04/14 10:01:46.540329, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.540376, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000079-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.540415, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 79 00 00 00 00 00 00 00 0F 57 32 1D ....y... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.540446, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 79 00 00 00 00 00 00 00 0F 57 32 1D ....y... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.540476, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.540487, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/04/14 10:01:46.540498, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.540546, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000078-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.540579, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 0F 57 32 1D ....x... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.540610, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 0F 57 32 1D ....x... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.540640, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.540651, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/04/14 10:01:46.540662, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.540707, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000077-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.540744, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 00 00 00 00 00 00 00 0F 57 32 1D ....w... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.540777, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 00 00 00 00 00 00 00 0F 57 32 1D ....w... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.540808, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.540819, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/04/14 10:01:46.540830, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.540873, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/04/14 10:01:46.540903, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2837(print_job_start) print_job_start: Queue Print number of jobs (9), max printjobs = 1000 [2016/04/14 10:01:46.540921, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2605(allocate_print_jobid) allocate_print_jobid: Read jobid 84 from Print [2016/04/14 10:01:46.540954, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2769(print_job_spool_file) print_job_spool_file:External spooling activated [2016/04/14 10:01:46.540980, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x10 for printer Print to notify_queue_head [2016/04/14 10:01:46.540994, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x03 for printer Print to notify_queue_head [2016/04/14 10:01:46.541005, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0d for printer Print to notify_queue_head [2016/04/14 10:01:46.541017, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head [2016/04/14 10:01:46.541029, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x16 for printer Print to notify_queue_head [2016/04/14 10:01:46.541041, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x14 for printer Print to notify_queue_head [2016/04/14 10:01:46.541051, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2669(add_to_jobs_added) add_to_jobs_added: Added jobid 85 [2016/04/14 10:01:46.541068, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter out: struct spoolss_StartDocPrinter job_id : * job_id : 0x00000055 (85) result : WERR_OK [2016/04/14 10:01:46.541110, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:80(pjobid_to_rap) pjobid_to_rap: called. [2016/04/14 10:01:46.541127, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:115(pjobid_to_rap) pjobid_to_rap: created jobid 85 maps to RAP jobid 10 [2016/04/14 10:01:46.541142, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5795(reply_printopen) openprint fd=48 fnum 38579 [2016/04/14 10:01:46.541154, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.541168, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=7120 smb_uid=59137 smb_mid=50241 smt_wct=1 smb_vwv[ 0]=38579 (0x96B3) smb_bcc=0 [2016/04/14 10:01:46.541201, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.541569, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 37 [2016/04/14 10:01:46.541589, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x25 [2016/04/14 10:01:46.541600, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 28 of length 41 (0 toread) [2016/04/14 10:01:46.541611, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.541618, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=50305 smt_wct=1 smb_vwv[ 0]=38579 (0x96B3) smb_bcc=0 [2016/04/14 10:01:46.541650, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.541661, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplclose (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.541674, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.541688, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5833(reply_printclose) printclose fd=48 fnum 38579 [2016/04/14 10:01:46.541709, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000070-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.541743, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 0F 57 32 1D ....p... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.541776, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 0F 57 32 1D ....p... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.541807, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 0F 57 32 1D ....p... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.541842, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:Print [2016/04/14 10:01:46.541859, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:469(print_job_find) print_job_find: looking up job 85 for share Print [2016/04/14 10:01:46.541876, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:497(print_job_find) print_job_find: returning system job -1 for jobid 85. [2016/04/14 10:01:46.541890, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:3009(print_job_end) print_job_end: canceling spool of /var/spool/samba//smbprn.0oNJE7 (zero length) [2016/04/14 10:01:46.541910, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:469(print_job_find) print_job_find: looking up job 85 for share Print [2016/04/14 10:01:46.541925, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:497(print_job_find) print_job_find: returning system job -1 for jobid 85. [2016/04/14 10:01:46.541936, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head [2016/04/14 10:01:46.541960, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2139(remove_from_jobs_added) remove_from_jobs_added: removed jobid 85 [2016/04/14 10:01:46.541972, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:159(rap_jobid_delete) rap_jobid_delete: called. [2016/04/14 10:01:46.541983, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:179(rap_jobid_delete) rap_jobid_delete: deleting jobid 85 [2016/04/14 10:01:46.541996, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 0F 57 32 1D ....p... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.542028, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 0F 57 32 1D ....p... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.542059, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) Closed policy [2016/04/14 10:01:46.542069, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/04/14 10:01:46.542114, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.542135, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.542150, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 31847F33 [2016/04/14 10:01:46.542164, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d5a1e0 [2016/04/14 10:01:46.542181, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 31847F33 [2016/04/14 10:01:46.542193, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.542208, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.542224, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:554(file_free) freed files structure 38579 (1 used) [2016/04/14 10:01:46.542236, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.542244, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=35 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=50305 smt_wct=0 smb_bcc=0 [2016/04/14 10:01:46.542274, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.542650, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 37 [2016/04/14 10:01:46.542668, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x25 [2016/04/14 10:01:46.542679, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 29 of length 41 (0 toread) [2016/04/14 10:01:46.542690, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.542697, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=37 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=50369 smt_wct=1 smb_vwv[ 0]=60735 (0xED3F) smb_bcc=0 [2016/04/14 10:01:46.542728, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:46.542739, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBsplclose (pid 12849) conn 0x81d5a330 [2016/04/14 10:01:46.542751, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/04/14 10:01:46.542763, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5833(reply_printclose) printclose fd=47 fnum 60735 [2016/04/14 10:01:46.542783, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000065-0000-0000-0f57-321d31320000 [2016/04/14 10:01:46.542816, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:348(find_policy_by_hnd_internal) Policy not found: [0000] 00 00 00 00 65 00 00 00 00 00 00 00 0F 57 32 1D ....e... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.542849, 2, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:344(find_printer_index_by_hnd) find_printer_index_by_hnd: Printer handle not found: Policy not found: [0000] 00 00 00 00 65 00 00 00 00 00 00 00 0F 57 32 1D ....e... .....W2. [0010] 31 32 00 00 12.. [2016/04/14 10:01:46.542881, 2, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:344(find_printer_index_by_hnd) find_printer_index_by_hnd: Printer handle not found: close_printer_handle: Invalid handle (OURS:12849:12849) [2016/04/14 10:01:46.542897, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printspoolss.c:326(print_spool_end) Failed to close printer Print [NT code 0x1c00001a] [2016/04/14 10:01:46.542919, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.542930, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2: 3: [2016/04/14 10:01:46.542943, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 51807A36 [2016/04/14 10:01:46.542957, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d5a1e0 [2016/04/14 10:01:46.542973, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 51807A36 [2016/04/14 10:01:46.542985, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb [2016/04/14 10:01:46.542995, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:01:46.543010, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:554(file_free) freed files structure 60735 (0 used) [2016/04/14 10:01:46.543022, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:01:46.543030, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) size=35 smb_com=0xc2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=50369 smt_wct=0 smb_bcc=0 [2016/04/14 10:01:46.543059, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:01:47.381357, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/04/14 10:01:47.381420, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:01:47.381434, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:01:47.381461, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/04/14 10:01:47.381548, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/printing/notify.c:180(print_notify_send_messages_to_printer) print_notify_send_messages_to_printer: sending 65 print notify messages to printer Print [2016/04/14 10:02:01.454636, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 35 [2016/04/14 10:02:01.454713, 6, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x23 [2016/04/14 10:02:01.454729, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 30 of length 39 (0 toread) [2016/04/14 10:02:01.454742, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:02:01.454750, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=50433 smt_wct=0 smb_bcc=0 [2016/04/14 10:02:01.454798, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:02:01.454815, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBtdis (pid 12849) conn 0x81d5a330 [2016/04/14 10:02:01.454857, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/04/14 10:02:01.454874, 5, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:02:01.454886, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:02:01.454928, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/04/14 10:02:01.454946, 5, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb [2016/04/14 10:02:01.454973, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_tcon_global.tdb 2: 3: [2016/04/14 10:02:01.454990, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 90C692B2 [2016/04/14 10:02:01.455025, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d59038 [2016/04/14 10:02:01.455050, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 90C692B2 [2016/04/14 10:02:01.455087, 5, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb [2016/04/14 10:02:01.455101, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:02:01.455146, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/04/14 10:02:01.455195, 5, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:02:01.455209, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:02:01.455226, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/04/14 10:02:01.455243, 2, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:1140(close_cnum) shivappas (ipv4:10.188.101.162:52845) closed connection to service Print [2016/04/14 10:02:01.455266, 4, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:844(vfs_ChDir) vfs_ChDir to / [2016/04/14 10:02:01.455308, 4, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:855(vfs_ChDir) vfs_ChDir got / [2016/04/14 10:02:01.455342, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/04/14 10:02:01.455360, 5, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:02:01.455371, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:02:01.455387, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/04/14 10:02:01.455404, 10, pid=12849, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) Deleted handle list for RPC connection spoolss [2016/04/14 10:02:01.455443, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/04/14 10:02:01.455460, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51207 smb_tid=6392 smb_pid=65279 smb_uid=59137 smb_mid=50433 smt_wct=0 smb_bcc=0 [2016/04/14 10:02:01.455516, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [2016/04/14 10:02:46.371209, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/events.c:426(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) called [2016/04/14 10:02:46.371285, 2, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:2875(deadtime_fn) Closing idle connection [2016/04/14 10:02:46.371310, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/04/14 10:02:46.371326, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2016/04/14 10:02:46.371342, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/04/14 10:02:46.371357, 5, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:02:46.371371, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:02:46.371401, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/messages_dgm.c:323(messaging_dgm_send) messaging_dgm_send: Sending message to 12849 [2016/04/14 10:02:46.371439, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/04/14 10:02:46.371456, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/events.c:430(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) stopped [2016/04/14 10:02:46.371479, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/events.c:426(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) (nil) called [2016/04/14 10:02:46.371494, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:2894(housekeeping_fn) housekeeping [2016/04/14 10:02:46.371508, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/04/14 10:02:46.371522, 5, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:02:46.371535, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:02:46.371555, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/04/14 10:02:46.371574, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/events.c:437(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) (nil) rescheduled [2016/04/14 10:02:46.371605, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:254(messaging_recv_cb) messaging_recv_cb: Received message 0xd len 0 (num_fds:0) from 12849 [2016/04/14 10:02:46.371625, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/server.c:154(msg_exit_server) got a SHUTDOWN message [2016/04/14 10:02:46.371640, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/04/14 10:02:46.371654, 5, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:02:46.371668, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:02:46.371697, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/04/14 10:02:46.371712, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/04/14 10:02:46.371725, 5, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:02:46.371737, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:02:46.371756, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/04/14 10:02:46.371770, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/04/14 10:02:46.371783, 5, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:02:46.371795, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:02:46.371813, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/04/14 10:02:46.371834, 5, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /usr/local/samba/var/lock/smbXsrv_session_global.tdb [2016/04/14 10:02:46.371848, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/smbXsrv_session_global.tdb 2: 3: [2016/04/14 10:02:46.371867, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 738839AF [2016/04/14 10:02:46.371893, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x81d4ed38 [2016/04/14 10:02:46.371937, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 738839AF [2016/04/14 10:02:46.371954, 5, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /usr/local/samba/var/lock/smbXsrv_session_global.tdb [2016/04/14 10:02:46.371968, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/04/14 10:02:46.371989, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/04/14 10:02:46.372003, 5, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/14 10:02:46.372015, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/14 10:02:46.372034, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/04/14 10:02:46.372090, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/messages_dgm_ref.c:142(msg_dgm_ref_destructor) msg_dgm_ref_destructor: refs=(nil) [2016/04/14 10:02:46.372246, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/server_exit.c:246(exit_server_common) Server exit (normal exit)