The Samba-Bugzilla – Attachment 11991 Details for
Bug 11835
Simultaneous print from windows two command line misses print data
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
printlog
log.shivappas (text/plain), 2.04 MB, created by
shivappa
on 2016-04-14 05:14:56 UTC
(
hide
)
Description:
printlog
Filename:
MIME Type:
Creator:
shivappa
Created:
2016-04-14 05:14:56 UTC
Size:
2.04 MB
patch
obsolete
>[2016/04/14 10:01:46.351366, 6, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2215(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Apr 7 15:38:04 2016 > >[2016/04/14 10:01:46.351405, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.351413, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=120 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51207 > smb_tid=65535 > smb_pid=65279 > smb_uid=59137 > smb_mid=48640 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=77 >[2016/04/14 10:01:46.351453, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d > [0010] 00 6F 00 77 00 73 00 20 00 36 00 2E 00 31 00 00 .o.w.s. .6...1.. > [0020] 00 53 00 61 00 6D 00 62 00 61 00 20 00 34 00 2E .S.a.m.b .a. .4.. > [0030] 00 34 00 2E 00 30 00 00 00 57 00 4F 00 52 00 4B .4...0.. .W.O.R.K > [0040] 00 47 00 52 00 4F 00 55 00 50 00 00 00 .G.R.O.U .P... >[2016/04/14 10:01:46.351933, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 96 >[2016/04/14 10:01:46.351955, 6, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x60 >[2016/04/14 10:01:46.351971, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 3 of length 100 (0 toread) >[2016/04/14 10:01:46.351986, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.351995, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=96 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=59137 > smb_mid=48704 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=53 >[2016/04/14 10:01:46.352034, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 00 5C 00 5C 00 31 00 30 00 2E 00 31 00 38 00 38 .\.\.1.0 ...1.8.8 > [0010] 00 2E 00 31 00 30 00 31 00 2E 00 31 00 36 00 36 ...1.0.1 ...1.6.6 > [0020] 00 5C 00 50 00 52 00 49 00 4E 00 54 00 00 00 3F .\.P.R.I .N.T...? > [0030] 3F 3F 3F 3F 00 ????. >[2016/04/14 10:01:46.352095, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBtconX (pid 12849) conn 0x0 >[2016/04/14 10:01:46.352108, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2016/04/14 10:01:46.352118, 5, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/14 10:01:46.352128, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/14 10:01:46.352144, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2016/04/14 10:01:46.352156, 5, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /usr/local/samba/var/lock/smbXsrv_session_global.tdb >[2016/04/14 10:01:46.352177, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/usr/local/samba/var/lock/smbXsrv_session_global.tdb 2:<none> 3:<none> >[2016/04/14 10:01:46.352190, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 738839AF >[2016/04/14 10:01:46.352205, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x81d58ba8 >[2016/04/14 10:01:46.352243, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:930(smbXsrv_session_global_store) >[2016/04/14 10:01:46.352254, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:932(smbXsrv_session_global_store) > smbXsrv_session_global_store: key '738839AF' stored >[2016/04/14 10:01:46.352265, 1, pid=12849, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_session_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000004 (4) > info : union smbXsrv_session_globalU(case 0) > info0 : * > info0: struct smbXsrv_session_global0 > db_rec : * > session_global_id : 0x738839af (1938307503) > session_wire_id : 0x000000000000e701 (59137) > creation_time : Thu Apr 14 10:01:46 AM 2016 IST > expiration_time : Thu Jan 1 05:30:00 AM 1970 IST > auth_time : Thu Apr 14 10:01:46 AM 2016 IST > auth_session_info_seqnum : 0x00000001 (1) > auth_session_info : * > auth_session_info: struct auth_session_info > security_token : * > security_token: struct security_token > num_sids : 0x00000007 (7) > sids: ARRAY(7) > sids : S-1-5-21-4169439650-4212734061-2710409060-501 > sids : S-1-5-21-4169439650-4212734061-2710409060-514 > sids : S-1-22-2-99 > sids : S-1-1-0 > sids : S-1-5-2 > sids : S-1-5-32-546 > sids : S-1-22-1-99 > privilege_mask : 0x0000000000000000 (0) > 0: SEC_PRIV_MACHINE_ACCOUNT_BIT > 0: SEC_PRIV_PRINT_OPERATOR_BIT > 0: SEC_PRIV_ADD_USERS_BIT > 0: SEC_PRIV_DISK_OPERATOR_BIT > 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT > 0: SEC_PRIV_BACKUP_BIT > 0: SEC_PRIV_RESTORE_BIT > 0: SEC_PRIV_TAKE_OWNERSHIP_BIT > 0: SEC_PRIV_INCREASE_QUOTA_BIT > 0: SEC_PRIV_SECURITY_BIT > 0: SEC_PRIV_LOAD_DRIVER_BIT > 0: SEC_PRIV_SYSTEM_PROFILE_BIT > 0: SEC_PRIV_SYSTEMTIME_BIT > 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT > 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT > 0: SEC_PRIV_CREATE_PAGEFILE_BIT > 0: SEC_PRIV_SHUTDOWN_BIT > 0: SEC_PRIV_DEBUG_BIT > 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT > 0: SEC_PRIV_CHANGE_NOTIFY_BIT > 0: SEC_PRIV_UNDOCK_BIT > 0: SEC_PRIV_ENABLE_DELEGATION_BIT > 0: SEC_PRIV_MANAGE_VOLUME_BIT > 0: SEC_PRIV_IMPERSONATE_BIT > 0: SEC_PRIV_CREATE_GLOBAL_BIT > rights_mask : 0x00000000 (0) > 0: LSA_POLICY_MODE_INTERACTIVE > 0: LSA_POLICY_MODE_NETWORK > 0: LSA_POLICY_MODE_BATCH > 0: LSA_POLICY_MODE_SERVICE > 0: LSA_POLICY_MODE_PROXY > 0: LSA_POLICY_MODE_DENY_INTERACTIVE > 0: LSA_POLICY_MODE_DENY_NETWORK > 0: LSA_POLICY_MODE_DENY_BATCH > 0: LSA_POLICY_MODE_DENY_SERVICE > 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE > 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE > 0x00: LSA_POLICY_MODE_ALL (0) > 0x00: LSA_POLICY_MODE_ALL_NT4 (0) > unix_token : * > unix_token: struct security_unix_token > uid : 0x0000000000000063 (99) > gid : 0x0000000000000063 (99) > ngroups : 0x00000001 (1) > groups: ARRAY(1) > groups : 0x0000000000000063 (99) > info : * > info: struct auth_user_info > account_name : * > account_name : 'nobody' > domain_name : * > domain_name : 'SHIVHTTPSERVER' > full_name : NULL > logon_script : NULL > profile_path : NULL > home_directory : NULL > home_drive : NULL > logon_server : NULL > last_logon : NTTIME(0) > last_logoff : NTTIME(0) > acct_expiry : NTTIME(0) > last_password_change : NTTIME(0) > allow_password_change : NTTIME(0) > force_password_change : NTTIME(0) > logon_count : 0x0000 (0) > bad_password_count : 0x0000 (0) > acct_flags : 0x00000000 (0) > authenticated : 0x00 (0) > unix_info : * > unix_info: struct auth_user_info_unix > unix_name : * > unix_name : 'nobody' > sanitized_username : * > sanitized_username : 'sshivappa' > torture : NULL > credentials : NULL > connection_dialect : 0x0000 (0) > signing_flags : 0x04 (4) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > num_channels : 0x00000001 (1) > channels: ARRAY(1) > channels: struct smbXsrv_channel_global0 > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > local_address : 'ipv4:10.188.101.166:445' > remote_address : 'ipv4:10.188.101.162:52845' > remote_name : '10.188.101.162' > auth_session_info_seqnum : 0x00000001 (1) > connection : * > encryption_cipher : 0x8000 (32768) >[2016/04/14 10:01:46.352854, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 738839AF >[2016/04/14 10:01:46.352868, 5, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /usr/local/samba/var/lock/smbXsrv_session_global.tdb >[2016/04/14 10:01:46.352879, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/14 10:01:46.352891, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:1391(smbXsrv_session_update) >[2016/04/14 10:01:46.352898, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:1399(smbXsrv_session_update) > smbXsrv_session_update: global_id (0x738839af) stored >[2016/04/14 10:01:46.352908, 1, pid=12849, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &session_blob: struct smbXsrv_sessionB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_sessionU(case 0) > info0 : * > info0: struct smbXsrv_session > table : * > db_rec : NULL > client : * > local_id : 0x0000e701 (59137) > global : * > global: struct smbXsrv_session_global0 > db_rec : NULL > session_global_id : 0x738839af (1938307503) > session_wire_id : 0x000000000000e701 (59137) > creation_time : Thu Apr 14 10:01:46 AM 2016 IST > expiration_time : Thu Jan 1 05:30:00 AM 1970 IST > auth_time : Thu Apr 14 10:01:46 AM 2016 IST > auth_session_info_seqnum : 0x00000001 (1) > auth_session_info : * > auth_session_info: struct auth_session_info > security_token : * > security_token: struct security_token > num_sids : 0x00000007 (7) > sids: ARRAY(7) > sids : S-1-5-21-4169439650-4212734061-2710409060-501 > sids : S-1-5-21-4169439650-4212734061-2710409060-514 > sids : S-1-22-2-99 > sids : S-1-1-0 > sids : S-1-5-2 > sids : S-1-5-32-546 > sids : S-1-22-1-99 > privilege_mask : 0x0000000000000000 (0) > 0: SEC_PRIV_MACHINE_ACCOUNT_BIT > 0: SEC_PRIV_PRINT_OPERATOR_BIT > 0: SEC_PRIV_ADD_USERS_BIT > 0: SEC_PRIV_DISK_OPERATOR_BIT > 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT > 0: SEC_PRIV_BACKUP_BIT > 0: SEC_PRIV_RESTORE_BIT > 0: SEC_PRIV_TAKE_OWNERSHIP_BIT > 0: SEC_PRIV_INCREASE_QUOTA_BIT > 0: SEC_PRIV_SECURITY_BIT > 0: SEC_PRIV_LOAD_DRIVER_BIT > 0: SEC_PRIV_SYSTEM_PROFILE_BIT > 0: SEC_PRIV_SYSTEMTIME_BIT > 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT > 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT > 0: SEC_PRIV_CREATE_PAGEFILE_BIT > 0: SEC_PRIV_SHUTDOWN_BIT > 0: SEC_PRIV_DEBUG_BIT > 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT > 0: SEC_PRIV_CHANGE_NOTIFY_BIT > 0: SEC_PRIV_UNDOCK_BIT > 0: SEC_PRIV_ENABLE_DELEGATION_BIT > 0: SEC_PRIV_MANAGE_VOLUME_BIT > 0: SEC_PRIV_IMPERSONATE_BIT > 0: SEC_PRIV_CREATE_GLOBAL_BIT > rights_mask : 0x00000000 (0) > 0: LSA_POLICY_MODE_INTERACTIVE > 0: LSA_POLICY_MODE_NETWORK > 0: LSA_POLICY_MODE_BATCH > 0: LSA_POLICY_MODE_SERVICE > 0: LSA_POLICY_MODE_PROXY > 0: LSA_POLICY_MODE_DENY_INTERACTIVE > 0: LSA_POLICY_MODE_DENY_NETWORK > 0: LSA_POLICY_MODE_DENY_BATCH > 0: LSA_POLICY_MODE_DENY_SERVICE > 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE > 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE > 0x00: LSA_POLICY_MODE_ALL (0) > 0x00: LSA_POLICY_MODE_ALL_NT4 (0) > unix_token : * > unix_token: struct security_unix_token > uid : 0x0000000000000063 (99) > gid : 0x0000000000000063 (99) > ngroups : 0x00000001 (1) > groups: ARRAY(1) > groups : 0x0000000000000063 (99) > info : * > info: struct auth_user_info > account_name : * > account_name : 'nobody' > domain_name : * > domain_name : 'SHIVHTTPSERVER' > full_name : NULL > logon_script : NULL > profile_path : NULL > home_directory : NULL > home_drive : NULL > logon_server : NULL > last_logon : NTTIME(0) > last_logoff : NTTIME(0) > acct_expiry : NTTIME(0) > last_password_change : NTTIME(0) > allow_password_change : NTTIME(0) > force_password_change : NTTIME(0) > logon_count : 0x0000 (0) > bad_password_count : 0x0000 (0) > acct_flags : 0x00000000 (0) > authenticated : 0x00 (0) > unix_info : * > unix_info: struct auth_user_info_unix > unix_name : * > unix_name : 'nobody' > sanitized_username : * > sanitized_username : 'sshivappa' > torture : NULL > credentials : NULL > connection_dialect : 0x0000 (0) > signing_flags : 0x04 (4) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > num_channels : 0x00000001 (1) > channels: ARRAY(1) > channels: struct smbXsrv_channel_global0 > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > local_address : 'ipv4:10.188.101.166:445' > remote_address : 'ipv4:10.188.101.162:52845' > remote_name : '10.188.101.162' > auth_session_info_seqnum : 0x00000001 (1) > connection : * > encryption_cipher : 0x8000 (32768) > status : NT_STATUS_OK > idle_time : Thu Apr 14 10:01:46 AM 2016 IST > nonce_high_random : 0x0000000000000000 (0) > nonce_high_max : 0x0000000000000000 (0) > nonce_high : 0x0000000000000000 (0) > nonce_low : 0x0000000000000000 (0) > compat : * > tcon_table : NULL > pending_auth : * > pending_auth: struct smbXsrv_session_auth0 > prev : * > next : NULL > session : * > connection : * > gensec : * > preauth : NULL > in_flags : 0x00 (0) > in_security_mode : 0x00 (0) > creation_time : Thu Apr 14 10:01:46 AM 2016 IST > idle_time : Thu Apr 14 10:01:46 AM 2016 IST >[2016/04/14 10:01:46.353689, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/reply.c:972(reply_tcon_and_X) > Client requested device type [?????] for share [PRINT] >[2016/04/14 10:01:46.353716, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:1116(make_connection) > making a connection to 'normal' service print >[2016/04/14 10:01:46.353732, 5, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb >[2016/04/14 10:01:46.353743, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/usr/local/samba/var/lock/smbXsrv_tcon_global.tdb 2:<none> 3:<none> >[2016/04/14 10:01:46.353756, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 90C692B2 >[2016/04/14 10:01:46.353771, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x81d5aa80 >[2016/04/14 10:01:46.353811, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:709(smbXsrv_tcon_global_store) >[2016/04/14 10:01:46.353822, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:711(smbXsrv_tcon_global_store) > smbXsrv_tcon_global_store: key '90C692B2' stored >[2016/04/14 10:01:46.353833, 1, pid=12849, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_tcon_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000001 (1) > info : union smbXsrv_tcon_globalU(case 0) > info0 : * > info0: struct smbXsrv_tcon_global0 > db_rec : * > tcon_global_id : 0x90c692b2 (2428932786) > tcon_wire_id : 0x000018f8 (6392) > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > creation_time : Thu Apr 14 10:01:46 AM 2016 IST > share_name : NULL > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0x00000000 (0) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET >[2016/04/14 10:01:46.353953, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 90C692B2 >[2016/04/14 10:01:46.353967, 5, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb >[2016/04/14 10:01:46.353977, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/14 10:01:46.353989, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:831(smbXsrv_tcon_create) >[2016/04/14 10:01:46.353996, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:839(smbXsrv_tcon_create) > smbXsrv_tcon_create: global_id (0x90c692b2) stored >[2016/04/14 10:01:46.354006, 1, pid=12849, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &tcon_blob: struct smbXsrv_tconB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_tconU(case 0) > info0 : * > info0: struct smbXsrv_tcon > table : * > db_rec : NULL > local_id : 0x000018f8 (6392) > global : * > global: struct smbXsrv_tcon_global0 > db_rec : NULL > tcon_global_id : 0x90c692b2 (2428932786) > tcon_wire_id : 0x000018f8 (6392) > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > creation_time : Thu Apr 14 10:01:46 AM 2016 IST > share_name : NULL > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0x00000000 (0) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET > status : NT_STATUS_INTERNAL_ERROR > idle_time : Thu Apr 14 10:01:46 AM 2016 IST > compat : NULL >[2016/04/14 10:01:46.354175, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/access.c:338(allow_access) > Allowed connection from 10.188.101.162 (10.188.101.162) >[2016/04/14 10:01:46.354224, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:164(set_conn_connectpath) > set_conn_connectpath: service Print, connectpath = /var/spool/samba >[2016/04/14 10:01:46.354240, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:614(make_connection_snum) > Connect path is '/var/spool/samba/' for service [Print] >[2016/04/14 10:01:46.354253, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) > user_ok_token: share Print is ok for unix user nobody >[2016/04/14 10:01:46.354265, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:284(is_share_read_only_for_token) > is_share_read_only_for_user: share Print is read-write for unix user nobody >[2016/04/14 10:01:46.354295, 10, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:337(se_file_access_check) > se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff >[2016/04/14 10:01:46.354310, 3, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:113(vfs_init_default) > Initialising default vfs hooks >[2016/04/14 10:01:46.354327, 10, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ >[2016/04/14 10:01:46.354338, 5, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:103(smb_register_vfs) > Successfully added vfs backend '/[Default VFS]/' >[2016/04/14 10:01:46.354354, 10, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) > vfs_find_backend_entry called for posixacl >[2016/04/14 10:01:46.354365, 5, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:103(smb_register_vfs) > Successfully added vfs backend 'posixacl' >[2016/04/14 10:01:46.354380, 10, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) > vfs_find_backend_entry called for dfs_samba4 >[2016/04/14 10:01:46.354394, 5, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:103(smb_register_vfs) > Successfully added vfs backend 'dfs_samba4' >[2016/04/14 10:01:46.354408, 10, pid=12849, effective(0, 0), real(0, 0), class=dfs_samba4] ../source3/modules/vfs_dfs_samba4.c:155(vfs_dfs_samba4_init) > vfs_dfs_samba4: Debug class number of 'fileid': 24 >[2016/04/14 10:01:46.354418, 3, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:139(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] >[2016/04/14 10:01:46.354429, 10, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2016/04/14 10:01:46.354445, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2016/04/14 10:01:46.354456, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2016/04/14 10:01:46.354466, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/04/14 10:01:46.354476, 5, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/14 10:01:46.354486, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/14 10:01:46.354529, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2016/04/14 10:01:46.354561, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:164(set_conn_connectpath) > set_conn_connectpath: service Print, connectpath = /var/spool/samba >[2016/04/14 10:01:46.354577, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) > user_ok_token: share Print is ok for unix user nobody >[2016/04/14 10:01:46.354589, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:284(is_share_read_only_for_token) > is_share_read_only_for_user: share Print is read-write for unix user nobody >[2016/04/14 10:01:46.354608, 10, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:337(se_file_access_check) > se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff >[2016/04/14 10:01:46.354646, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 >[2016/04/14 10:01:46.354664, 5, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (7): > SID[ 0]: S-1-5-21-4169439650-4212734061-2710409060-501 > SID[ 1]: S-1-5-21-4169439650-4212734061-2710409060-514 > SID[ 2]: S-1-22-2-99 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-32-546 > SID[ 6]: S-1-22-1-99 > Privileges (0x 0): > Rights (0x 0): >[2016/04/14 10:01:46.354704, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 99 > Primary group is 99 and contains 1 supplementary groups > Group[ 0]: 99 >[2016/04/14 10:01:46.354725, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(99,99), gid=(0,99) >[2016/04/14 10:01:46.354740, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2016/04/14 10:01:46.354751, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/14 10:01:46.354760, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/14 10:01:46.354776, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2016/04/14 10:01:46.354792, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:164(set_conn_connectpath) > set_conn_connectpath: service Print, connectpath = /var/spool/samba >[2016/04/14 10:01:46.354839, 10, pid=12849, effective(0, 0), real(0, 0), class=vfs] ../source3/modules/vfs_default.c:170(vfswrap_fs_capabilities) > vfswrap_fs_capabilities: timestamp resolution of sec available on share Print, directory /var/spool/samba >[2016/04/14 10:01:46.354854, 2, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:864(make_connection_snum) > shivappas (ipv4:10.188.101.162:52845) connect to service Print initially as user nobody (uid=99, gid=99) (pid 12849) >[2016/04/14 10:01:46.354872, 5, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb >[2016/04/14 10:01:46.354884, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/usr/local/samba/var/lock/smbXsrv_tcon_global.tdb 2:<none> 3:<none> >[2016/04/14 10:01:46.354897, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 90C692B2 >[2016/04/14 10:01:46.354910, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x81d59038 >[2016/04/14 10:01:46.354927, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:709(smbXsrv_tcon_global_store) >[2016/04/14 10:01:46.354936, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:711(smbXsrv_tcon_global_store) > smbXsrv_tcon_global_store: key '90C692B2' stored >[2016/04/14 10:01:46.354947, 1, pid=12849, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_tcon_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000002 (2) > info : union smbXsrv_tcon_globalU(case 0) > info0 : * > info0: struct smbXsrv_tcon_global0 > db_rec : * > tcon_global_id : 0x90c692b2 (2428932786) > tcon_wire_id : 0x000018f8 (6392) > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > creation_time : Thu Apr 14 10:01:46 AM 2016 IST > share_name : 'Print' > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0x738839af (1938307503) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET >[2016/04/14 10:01:46.355067, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 90C692B2 >[2016/04/14 10:01:46.355079, 5, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb >[2016/04/14 10:01:46.355090, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/14 10:01:46.355101, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:876(smbXsrv_tcon_update) >[2016/04/14 10:01:46.355109, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:884(smbXsrv_tcon_update) > smbXsrv_tcon_update: global_id (0x90c692b2) stored >[2016/04/14 10:01:46.355118, 1, pid=12849, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &tcon_blob: struct smbXsrv_tconB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_tconU(case 0) > info0 : * > info0: struct smbXsrv_tcon > table : * > db_rec : NULL > local_id : 0x000018f8 (6392) > global : * > global: struct smbXsrv_tcon_global0 > db_rec : NULL > tcon_global_id : 0x90c692b2 (2428932786) > tcon_wire_id : 0x000018f8 (6392) > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > creation_time : Thu Apr 14 10:01:46 AM 2016 IST > share_name : 'Print' > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0x738839af (1938307503) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET > status : NT_STATUS_OK > idle_time : Thu Apr 14 10:01:46 AM 2016 IST > compat : * >[2016/04/14 10:01:46.355284, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/reply.c:1139(reply_tcon_and_X) > tconX service=PRINT >[2016/04/14 10:01:46.355302, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.355310, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=66 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51207 > smb_tid=6392 > smb_pid=65279 > smb_uid=59137 > smb_mid=48704 > smt_wct=7 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_vwv[ 3]= 511 (0x1FF) > smb_vwv[ 4]= 31 (0x1F) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_bcc=17 >[2016/04/14 10:01:46.355356, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 4C 50 54 31 3A 00 00 4E 00 54 00 46 00 53 00 00 LPT1:..N .T.F.S.. > [0010] 00 . >[2016/04/14 10:01:46.356028, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 60 >[2016/04/14 10:01:46.356059, 6, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x3c >[2016/04/14 10:01:46.356076, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 4 of length 64 (0 toread) >[2016/04/14 10:01:46.356089, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.356096, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=60 > smb_com=0xc0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=6392 > smb_pid=5808 > smb_uid=59137 > smb_mid=48768 > smt_wct=2 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1 (0x1) > smb_bcc=21 >[2016/04/14 10:01:46.356132, 10, pid=12849, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 04 53 00 53 00 48 00 49 00 56 00 41 00 50 00 50 .S.S.H.I .V.A.P.P > [0010] 00 41 00 00 00 .A... >[2016/04/14 10:01:46.356178, 3, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBsplopen (pid 12849) conn 0x81d5a330 >[2016/04/14 10:01:46.356194, 4, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 >[2016/04/14 10:01:46.356206, 5, pid=12849, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (7): > SID[ 0]: S-1-5-21-4169439650-4212734061-2710409060-501 > SID[ 1]: S-1-5-21-4169439650-4212734061-2710409060-514 > SID[ 2]: S-1-22-2-99 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-32-546 > SID[ 6]: S-1-22-1-99 > Privileges (0x 0): > Rights (0x 0): >[2016/04/14 10:01:46.356246, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 99 > Primary group is 99 and contains 1 supplementary groups > Group[ 0]: 99 >[2016/04/14 10:01:46.356268, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(99,99), gid=(0,99) >[2016/04/14 10:01:46.356281, 4, pid=12849, effective(99, 99), real(99, 0), class=vfs] ../source3/smbd/vfs.c:844(vfs_ChDir) > vfs_ChDir to /var/spool/samba >[2016/04/14 10:01:46.356304, 4, pid=12849, effective(99, 99), real(99, 0), class=vfs] ../source3/smbd/vfs.c:855(vfs_ChDir) > vfs_ChDir got /var/spool/samba >[2016/04/14 10:01:46.356316, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb >[2016/04/14 10:01:46.356327, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/usr/local/samba/var/lock/smbXsrv_tcon_global.tdb 2:<none> 3:<none> >[2016/04/14 10:01:46.356340, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 90C692B2 >[2016/04/14 10:01:46.356360, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x81d5aa18 >[2016/04/14 10:01:46.356380, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_tcon.c:709(smbXsrv_tcon_global_store) >[2016/04/14 10:01:46.356388, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_tcon.c:711(smbXsrv_tcon_global_store) > smbXsrv_tcon_global_store: key '90C692B2' stored >[2016/04/14 10:01:46.356400, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_tcon_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000003 (3) > info : union smbXsrv_tcon_globalU(case 0) > info0 : * > info0: struct smbXsrv_tcon_global0 > db_rec : * > tcon_global_id : 0x90c692b2 (2428932786) > tcon_wire_id : 0x000018f8 (6392) > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > creation_time : Thu Apr 14 10:01:46 AM 2016 IST > share_name : 'Print' > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0x738839af (1938307503) > signing_flags : 0x04 (4) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET >[2016/04/14 10:01:46.356519, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 90C692B2 >[2016/04/14 10:01:46.356533, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /usr/local/samba/var/lock/smbXsrv_tcon_global.tdb >[2016/04/14 10:01:46.356543, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/14 10:01:46.356555, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_tcon.c:876(smbXsrv_tcon_update) >[2016/04/14 10:01:46.356562, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_tcon.c:884(smbXsrv_tcon_update) > smbXsrv_tcon_update: global_id (0x90c692b2) stored >[2016/04/14 10:01:46.356572, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &tcon_blob: struct smbXsrv_tconB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_tconU(case 0) > info0 : * > info0: struct smbXsrv_tcon > table : * > db_rec : NULL > local_id : 0x000018f8 (6392) > global : * > global: struct smbXsrv_tcon_global0 > db_rec : NULL > tcon_global_id : 0x90c692b2 (2428932786) > tcon_wire_id : 0x000018f8 (6392) > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > creation_time : Thu Apr 14 10:01:46 AM 2016 IST > share_name : 'Print' > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0x738839af (1938307503) > signing_flags : 0x04 (4) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET > status : NT_STATUS_OK > idle_time : Thu Apr 14 10:01:46 AM 2016 IST > compat : * >[2016/04/14 10:01:46.356739, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.356750, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/04/14 10:01:46.356764, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 08703C0A >[2016/04/14 10:01:46.356779, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x81d59c68 >[2016/04/14 10:01:46.356790, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) > smbXsrv_open_global_verify_record: empty value >[2016/04/14 10:01:46.356836, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) > smbXsrv_open_global_store: key '08703C0A' stored >[2016/04/14 10:01:46.356852, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_open_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000001 (1) > info : union smbXsrv_open_globalU(case 0) > info0 : * > info0: struct smbXsrv_open_global0 > db_rec : * > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > open_global_id : 0x08703c0a (141573130) > open_persistent_id : 0x0000000008703c0a (141573130) > open_volatile_id : 0x0000000000002209 (8713) > open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 > open_time : Thu Apr 14 10:01:46 AM 2016 IST > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 >[2016/04/14 10:01:46.356968, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 08703C0A >[2016/04/14 10:01:46.356985, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.356996, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/14 10:01:46.357008, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) > smbXsrv_open_create: global_id (0x08703c0a) stored >[2016/04/14 10:01:46.357018, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &open_blob: struct smbXsrv_openB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_openU(case 0) > info0 : * > info0: struct smbXsrv_open > table : * > db_rec : NULL > local_id : 0x00002209 (8713) > global : * > global: struct smbXsrv_open_global0 > db_rec : NULL > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > open_global_id : 0x08703c0a (141573130) > open_persistent_id : 0x0000000008703c0a (141573130) > open_volatile_id : 0x0000000000002209 (8713) > open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 > open_time : Thu Apr 14 10:01:46 AM 2016 IST > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 > status : NT_STATUS_OK > idle_time : Thu Apr 14 10:01:46 AM 2016 IST > compat : NULL > flags : 0x00 (0) > 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE > 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE > create_action : 0x00000000 (0) >[2016/04/14 10:01:46.357202, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:128(file_new) > allocated file structure fnum 8713 (1 used) >[2016/04/14 10:01:46.357342, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:1072(rpc_pipe_open_interface) > Connecting to spoolss pipe. >[2016/04/14 10:01:46.357373, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested spoolss >[2016/04/14 10:01:46.357388, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe spoolss >[2016/04/14 10:01:46.357400, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss >[2016/04/14 10:01:46.357438, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe spoolss >[2016/04/14 10:01:46.357497, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_OpenPrinter: struct spoolss_OpenPrinter > in: struct spoolss_OpenPrinter > printername : * > printername : 'Print' > datatype : * > datatype : 'RAW' > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000008 (8) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 1: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ >[2016/04/14 10:01:46.357573, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 >[2016/04/14 10:01:46.357587, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 >[2016/04/14 10:01:46.357597, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/04/14 10:01:46.357607, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/14 10:01:46.357617, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/14 10:01:46.357656, 7, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4088(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2016/04/14 10:01:46.357671, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2044(process_registry_service) > process_registry_service: service name printers >[2016/04/14 10:01:46.357684, 7, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [printers] >[2016/04/14 10:01:46.357695, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.357712, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2016/04/14 10:01:46.357723, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2016/04/14 10:01:46.357736, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.357746, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb6fb5380 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2016/04/14 10:01:46.357769, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1739(regdb_fetch_keys_internal) > key [HKLM\SOFTWARE\Samba\smbconf\printers] not found >[2016/04/14 10:01:46.357782, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.357798, 7, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4088(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2016/04/14 10:01:46.357818, 7, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4088(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2016/04/14 10:01:46.357833, 7, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4088(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2016/04/14 10:01:46.357843, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/server_reload.c:87(delete_and_reload_printers) > reloading printer services from pcap cache >[2016/04/14 10:01:46.357862, 7, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4088(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2016/04/14 10:01:46.357873, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2044(process_registry_service) > process_registry_service: service name printers >[2016/04/14 10:01:46.357884, 7, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [printers] >[2016/04/14 10:01:46.357895, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.357906, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2016/04/14 10:01:46.357916, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2016/04/14 10:01:46.357928, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.357938, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb6fb5380 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2016/04/14 10:01:46.357954, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1739(regdb_fetch_keys_internal) > key [HKLM\SOFTWARE\Samba\smbconf\printers] not found >[2016/04/14 10:01:46.357965, 10, pid=12849, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.357981, 7, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4088(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2016/04/14 10:01:46.357995, 7, pid=12849, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4088(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2016/04/14 10:01:46.358009, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 > checking name: Print >[2016/04/14 10:01:46.358026, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:735(open_printer_hnd) > open_printer_hnd: name [Print] >[2016/04/14 10:01:46.358039, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.358071, 3, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:507(set_printer_hnd_printertype) > Setting printer type=Print > Printer is a printer >[2016/04/14 10:01:46.358083, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:567(set_printer_hnd_name) > Setting printer name=Print (len=5) > searching for [Print] >[2016/04/14 10:01:46.358126, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) > Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Thu Jan 1 05:30:00 AM 1970 IST] (-1460608306 seconds in the past) >[2016/04/14 10:01:46.358208, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) > Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Fri Jan 16 10:49:41 PM 1970 IST] (-1459249925 seconds in the past) > set_printer_hnd_name: Printer found: Print -> Print >[2016/04/14 10:01:46.358264, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:771(open_printer_hnd) > 1 printer handles active >[2016/04/14 10:01:46.358277, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.358308, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.358338, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) > short name:Print >[2016/04/14 10:01:46.358361, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) > Allowed connection from 10.188.101.162 (10.188.101.162) >[2016/04/14 10:01:46.358404, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) > user_ok_token: share Print is ok for unix user nobody >[2016/04/14 10:01:46.358441, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.358456, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.358467, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.358502, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.358530, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.358583, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.358596, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.358608, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.358618, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.358633, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.358644, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.358675, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.358698, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.358712, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.358746, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000e-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.358816, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000e-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.358922, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.358956, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.358967, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.358979, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.358989, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.359005, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.359015, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.359047, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.359071, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.359083, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.359095, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.359105, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.359117, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.359127, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.359153, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.359184, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.359197, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.359209, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.359219, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.359231, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.359240, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.359265, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.359288, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.359301, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.359312, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.359323, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.359339, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.359350, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.359391, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.359405, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.359417, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.359428, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.359441, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.359450, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.359478, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.359491, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.359502, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.359513, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.359527, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.359536, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.359560, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.359586, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.359598, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.359610, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.359620, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.359638, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.359648, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.359673, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.359697, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.359711, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.359722, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.359734, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.359746, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.359757, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.359769, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.359781, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.359813, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.359872, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.359958, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.359990, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.360002, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.360012, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.360024, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.360048, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.360062, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/04/14 10:01:46.360128, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.360223, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.360257, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.360268, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.360285, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x000000b0 (176) > result : WERR_OK >[2016/04/14 10:01:46.361056, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.361092, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.361125, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.361155, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.361177, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.361189, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.361239, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000e-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.361272, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.361305, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.361337, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.361347, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.361358, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.361402, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.361418, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x20020008 to 0x00020008 >[2016/04/14 10:01:46.361429, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.361439, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.361449, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.361458, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.361469, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) > access check was SUCCESS >[2016/04/14 10:01:46.361480, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1922(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2016/04/14 10:01:46.361503, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.361518, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.361529, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.361561, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.361583, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.361635, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.361646, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.361658, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.361669, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.361680, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.361689, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.361718, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.361741, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.361755, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.361788, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.361845, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.361950, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.361984, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.361995, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.362007, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.362017, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.362028, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.362038, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.362069, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.362093, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.362105, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.362117, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.362127, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.362139, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.362149, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.362186, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.362210, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.362223, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.362234, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.362244, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.362256, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.362266, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.362290, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.362314, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.362326, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.362338, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.362348, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.362360, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.362370, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.362408, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.362422, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.362434, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.362444, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.362458, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.362467, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.362498, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.362511, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.362523, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.362534, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.362548, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.362557, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.362581, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.362605, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.362617, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.362629, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.362639, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.362653, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.362662, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.362684, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.362706, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.362720, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.362732, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.362744, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.362755, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.362767, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.362781, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.362794, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.362825, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.362871, 2, pid=12849, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print already exists >[2016/04/14 10:01:46.362894, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.362927, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.362960, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.362991, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.363001, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.363013, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.363060, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.363093, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.363129, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.363169, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.363181, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.363192, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.363236, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.363251, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_OpenPrinter: struct spoolss_OpenPrinter > out: struct spoolss_OpenPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.363321, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_StartDocPrinter: struct spoolss_StartDocPrinter > in: struct spoolss_StartDocPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-0f57-321d31320000 > info_ctr : * > info_ctr: struct spoolss_DocumentInfoCtr > level : 0x00000001 (1) > info : union spoolss_DocumentInfo(case 1) > info1 : * > info1: struct spoolss_DocumentInfo1 > document_name : * > document_name : 'Remote Downlevel Document' > output_file : * > output_file : '/var/spool/samba//smbprn.nvdnXi' > datatype : * > datatype : 'RAW' >[2016/04/14 10:01:46.363407, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.363439, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.363469, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) > short name:Print >[2016/04/14 10:01:46.363499, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 >[2016/04/14 10:01:46.363518, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 >[2016/04/14 10:01:46.363529, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/04/14 10:01:46.363540, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/14 10:01:46.363549, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/14 10:01:46.363592, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 >[2016/04/14 10:01:46.363618, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.363633, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.363645, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.363676, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.363698, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.363751, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.363763, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.363775, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.363785, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.363796, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.363805, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.363834, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.363858, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.363872, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.363910, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.363967, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.364071, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.364105, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.364116, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.364128, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.364138, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.364149, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.364165, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.364198, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.364223, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.364239, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.364251, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.364261, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.364273, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.364283, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.364310, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.364333, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.364346, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.364357, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.364367, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.364379, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.364389, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.364413, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.364436, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.364448, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.364460, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.364470, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.364482, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.364492, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.364530, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.364543, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.364559, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.364569, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.364583, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.364593, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.364619, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.364632, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.364644, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.364655, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.364668, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.364678, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.364702, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.364726, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.364738, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.364749, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.364765, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.364779, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.364789, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.364811, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.364833, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.364851, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.364862, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.364874, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.364886, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.364897, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.364908, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.364920, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.364951, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.365008, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.365090, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.365123, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.365134, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.365148, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.365166, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.365190, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.365205, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/04/14 10:01:46.365271, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.365355, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.365388, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.365399, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.365412, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x000000b0 (176) > result : WERR_OK >[2016/04/14 10:01:46.366189, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.366227, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.366260, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.366291, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.366302, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.366314, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.366361, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.366399, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.366431, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.366462, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.366472, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.366483, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.366526, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.366542, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x20020008 to 0x00020008 >[2016/04/14 10:01:46.366553, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.366563, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.366572, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.366582, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.366592, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) > access check was SUCCESS >[2016/04/14 10:01:46.366613, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.366627, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.366638, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.366672, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.366696, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.366753, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.366766, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.366778, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.366788, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.366799, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.366808, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.366837, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.366861, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2016/04/14 10:01:46.366875, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.366907, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.366964, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.367071, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.367105, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.367117, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.367129, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.367140, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.367151, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.367167, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.367200, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.367224, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.367236, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.367248, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.367259, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.367270, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.367280, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.367307, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.367330, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.367342, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.367354, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.367364, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.367376, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.367390, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.367414, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.367437, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.367449, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.367461, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.367471, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.367484, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.367493, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.367531, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.367544, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.367556, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.367567, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.367580, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.367589, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.367617, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.367629, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.367641, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.367652, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.367665, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.367675, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.367703, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.367727, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.367739, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.367751, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.367762, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.367775, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.367785, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.367807, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.367832, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2016/04/14 10:01:46.367846, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.367858, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.367870, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.367881, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.367893, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.367904, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.367916, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.367948, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.368008, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-0f57-321d31320000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2016/04/14 10:01:46.368063, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.368098, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.368110, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.368133, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.368146, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.368175, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000000 (0) > max_subkeylen : * > max_subkeylen : 0x00000000 (0) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000001 (1) > max_valnamelen : * > max_valnamelen : 0x00000012 (18) > max_valbufsize : * > max_valbufsize : 0x000000b0 (176) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2016/04/14 10:01:46.368296, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-0f57-321d31320000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0014 (20) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x00000000 (0) >[2016/04/14 10:01:46.368390, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.368423, 8, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.368436, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0014 (20) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x000000b0 (176) > result : WERR_OK >[2016/04/14 10:01:46.369216, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.369300, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.369332, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.369343, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.369355, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2016/04/14 10:01:46.369365, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2016/04/14 10:01:46.369430, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.369483, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.369496, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.369512, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.369523, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.369534, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.369543, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.369572, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.369595, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2016/04/14 10:01:46.369610, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.369643, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000016-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.369699, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000016-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.369803, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.369836, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.369847, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.369863, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.369874, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.369885, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.369895, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.369926, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.369950, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.369963, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.369975, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.369985, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.369997, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.370006, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.370032, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.370055, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.370068, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.370080, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.370090, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.370102, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.370111, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.370135, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.370162, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.370177, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.370193, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.370204, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.370217, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.370226, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.370266, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.370280, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.370292, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.370302, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.370315, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.370325, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.370352, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.370366, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (10->11) >[2016/04/14 10:01:46.370377, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.370388, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.370401, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.370411, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.370435, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.370459, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.370471, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (11->12) >[2016/04/14 10:01:46.370486, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.370497, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.370511, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.370520, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.370542, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.370565, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2016/04/14 10:01:46.370579, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (12->11) >[2016/04/14 10:01:46.370590, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (11->10) >[2016/04/14 10:01:46.370603, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.370614, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.370625, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.370637, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.370649, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.370680, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000017-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.370737, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000017-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.370822, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.370856, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.370867, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.370878, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.370889, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.370912, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.370926, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/04/14 10:01:46.370992, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000017-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.371075, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.371111, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.371123, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.371136, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x000000b0 (176) > result : WERR_OK >[2016/04/14 10:01:46.371890, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000017-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.371926, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.371959, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.371993, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.372005, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.372016, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.372063, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000016-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.372101, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.372134, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.372171, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.372183, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.372194, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.372243, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.372276, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.372308, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.372343, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.372354, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.372365, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.372412, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.372445, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.372477, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.372508, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.372518, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.372529, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.372572, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.372596, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:1374(print_cache_expired) > print_cache_expired: cache expired for queue Print (last_qscan_time = 1460607694, time now = 1460608306, qcachetime = 30) >[2016/04/14 10:01:46.372627, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:1791(print_queue_update) > print_queue_update: Sending message -> printer = Print, type = 6, lpq command = [lpq -P'Print'] lprm command = [lprm -P'Print' %j] >[2016/04/14 10:01:46.372662, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 >[2016/04/14 10:01:46.372677, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 >[2016/04/14 10:01:46.372688, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/04/14 10:01:46.372702, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/14 10:01:46.372712, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/14 10:01:46.372731, 10, pid=12849, effective(0, 0), real(0, 0)] ../source3/lib/messages_dgm.c:323(messaging_dgm_send) > messaging_dgm_send: Sending message to 12821 >[2016/04/14 10:01:46.372762, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 >[2016/04/14 10:01:46.372783, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2837(print_job_start) > print_job_start: Queue Print number of jobs (9), max printjobs = 1000 >[2016/04/14 10:01:46.372802, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2605(allocate_print_jobid) > allocate_print_jobid: Read jobid 75 from Print >[2016/04/14 10:01:46.372839, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2769(print_job_spool_file) > print_job_spool_file:External spooling activated >[2016/04/14 10:01:46.372866, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x10 for printer Print to notify_queue_head >[2016/04/14 10:01:46.372881, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x03 for printer Print to notify_queue_head >[2016/04/14 10:01:46.372893, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x0d for printer Print to notify_queue_head >[2016/04/14 10:01:46.372905, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head >[2016/04/14 10:01:46.372916, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x16 for printer Print to notify_queue_head >[2016/04/14 10:01:46.372927, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x14 for printer Print to notify_queue_head >[2016/04/14 10:01:46.372938, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2669(add_to_jobs_added) > add_to_jobs_added: Added jobid 76 >[2016/04/14 10:01:46.372955, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_StartDocPrinter: struct spoolss_StartDocPrinter > out: struct spoolss_StartDocPrinter > job_id : * > job_id : 0x0000004c (76) > result : WERR_OK >[2016/04/14 10:01:46.372999, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:80(pjobid_to_rap) > pjobid_to_rap: called. >[2016/04/14 10:01:46.373022, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:115(pjobid_to_rap) > pjobid_to_rap: created jobid 76 maps to RAP jobid 1 >[2016/04/14 10:01:46.373037, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5795(reply_printopen) > openprint fd=35 fnum 8713 >[2016/04/14 10:01:46.373049, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.373057, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) > size=37 > smb_com=0xc0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51207 > smb_tid=6392 > smb_pid=5808 > smb_uid=59137 > smb_mid=48768 > smt_wct=1 > smb_vwv[ 0]= 8713 (0x2209) > smb_bcc=0 >[2016/04/14 10:01:46.373093, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) >[2016/04/14 10:01:46.373714, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 60 >[2016/04/14 10:01:46.373757, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x3c >[2016/04/14 10:01:46.373773, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 5 of length 64 (0 toread) >[2016/04/14 10:01:46.373792, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.373799, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) > size=60 > smb_com=0xc0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=6392 > smb_pid=7120 > smb_uid=59137 > smb_mid=48832 > smt_wct=2 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1 (0x1) > smb_bcc=21 >[2016/04/14 10:01:46.373834, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) > [0000] 04 53 00 53 00 48 00 49 00 56 00 41 00 50 00 50 .S.S.H.I .V.A.P.P > [0010] 00 41 00 00 00 .A... >[2016/04/14 10:01:46.373870, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBsplopen (pid 12849) conn 0x81d5a330 >[2016/04/14 10:01:46.373884, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2016/04/14 10:01:46.373903, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.373915, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/04/14 10:01:46.373929, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 7E0A93ED >[2016/04/14 10:01:46.373945, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x81d5a800 >[2016/04/14 10:01:46.373957, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) > smbXsrv_open_global_verify_record: empty value >[2016/04/14 10:01:46.373986, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) > smbXsrv_open_global_store: key '7E0A93ED' stored >[2016/04/14 10:01:46.374000, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_open_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000001 (1) > info : union smbXsrv_open_globalU(case 0) > info0 : * > info0: struct smbXsrv_open_global0 > db_rec : * > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > open_global_id : 0x7e0a93ed (2114622445) > open_persistent_id : 0x000000007e0a93ed (2114622445) > open_volatile_id : 0x000000000000a676 (42614) > open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 > open_time : Thu Apr 14 10:01:46 AM 2016 IST > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 >[2016/04/14 10:01:46.374138, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 7E0A93ED >[2016/04/14 10:01:46.374152, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.374187, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/14 10:01:46.374200, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) > smbXsrv_open_create: global_id (0x7e0a93ed) stored >[2016/04/14 10:01:46.374210, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &open_blob: struct smbXsrv_openB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_openU(case 0) > info0 : * > info0: struct smbXsrv_open > table : * > db_rec : NULL > local_id : 0x0000a676 (42614) > global : * > global: struct smbXsrv_open_global0 > db_rec : NULL > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > open_global_id : 0x7e0a93ed (2114622445) > open_persistent_id : 0x000000007e0a93ed (2114622445) > open_volatile_id : 0x000000000000a676 (42614) > open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 > open_time : Thu Apr 14 10:01:46 AM 2016 IST > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 > status : NT_STATUS_OK > idle_time : Thu Apr 14 10:01:46 AM 2016 IST > compat : NULL > flags : 0x00 (0) > 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE > 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE > create_action : 0x00000000 (0) >[2016/04/14 10:01:46.374392, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:128(file_new) > allocated file structure fnum 42614 (2 used) >[2016/04/14 10:01:46.374449, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection spoolss >[2016/04/14 10:01:46.374473, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:1072(rpc_pipe_open_interface) > Connecting to spoolss pipe. >[2016/04/14 10:01:46.374500, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested spoolss >[2016/04/14 10:01:46.374515, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe spoolss >[2016/04/14 10:01:46.374526, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss >[2016/04/14 10:01:46.374565, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe spoolss >[2016/04/14 10:01:46.374595, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_OpenPrinter: struct spoolss_OpenPrinter > in: struct spoolss_OpenPrinter > printername : * > printername : 'Print' > datatype : * > datatype : 'RAW' > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000008 (8) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 1: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ >[2016/04/14 10:01:46.374663, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 >[2016/04/14 10:01:46.374677, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 >[2016/04/14 10:01:46.374688, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/04/14 10:01:46.374698, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/14 10:01:46.374708, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/14 10:01:46.374735, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/server_reload.c:75(delete_and_reload_printers) > skipping printer reload, already up to date. >[2016/04/14 10:01:46.374752, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 > checking name: Print >[2016/04/14 10:01:46.374765, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:735(open_printer_hnd) > open_printer_hnd: name [Print] >[2016/04/14 10:01:46.374777, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.374808, 3, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:507(set_printer_hnd_printertype) > Setting printer type=Print > Printer is a printer >[2016/04/14 10:01:46.374821, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:567(set_printer_hnd_name) > Setting printer name=Print (len=5) > searching for [Print] >[2016/04/14 10:01:46.374845, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) > Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Thu Jan 1 05:30:00 AM 1970 IST] (-1460608306 seconds in the past) >[2016/04/14 10:01:46.374918, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) > Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Fri Jan 16 10:49:41 PM 1970 IST] (-1459249925 seconds in the past) > set_printer_hnd_name: Printer found: Print -> Print >[2016/04/14 10:01:46.374973, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:771(open_printer_hnd) > 1 printer handles active >[2016/04/14 10:01:46.374985, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.375017, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.375047, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) > short name:Print >[2016/04/14 10:01:46.375077, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) > Allowed connection from 10.188.101.162 (10.188.101.162) >[2016/04/14 10:01:46.375117, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) > user_ok_token: share Print is ok for unix user nobody >[2016/04/14 10:01:46.375146, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.375168, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.375180, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.375221, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.375244, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.375298, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.375310, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.375323, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.375333, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.375350, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.375360, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.375392, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.375417, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.375431, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.375465, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.375527, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.375632, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.375667, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.375678, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.375690, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.375700, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.375716, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.375726, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.375758, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.375782, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.375794, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.375806, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.375816, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.375828, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.375838, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.375864, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.375887, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.375900, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.375911, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.375921, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.375933, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.375943, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.375967, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.375990, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.376002, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.376013, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.376027, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.376040, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.376050, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.376091, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.376104, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.376116, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.376127, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.376148, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.376163, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.376201, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.376214, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.376226, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.376237, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.376250, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.376260, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.376284, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.376309, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.376321, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.376333, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.376343, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.376361, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.376371, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.376392, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.376414, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.376428, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.376439, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.376451, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.376462, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.376474, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.376485, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.376497, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.376529, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.376591, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.376678, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.376712, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.376723, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.376734, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.376745, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.376769, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.376783, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/04/14 10:01:46.376849, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.376935, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.376968, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.376979, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.376996, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x000000b0 (176) > result : WERR_OK >[2016/04/14 10:01:46.377806, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.377842, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.377874, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.377905, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.377919, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.377930, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.377979, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.378011, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.378042, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.378072, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.378083, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.378094, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.378145, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.378166, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x20020008 to 0x00020008 >[2016/04/14 10:01:46.378179, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.378189, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.378207, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.378217, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.378228, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) > access check was SUCCESS >[2016/04/14 10:01:46.378239, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1922(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2016/04/14 10:01:46.378263, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.378278, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.378289, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.378323, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.378344, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.378395, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.378406, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.378419, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.378429, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.378440, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.378450, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.378480, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.378503, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.378518, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.378551, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001b-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.378607, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001b-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.378715, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.378749, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.378760, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.378772, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.378782, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.378794, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.378803, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.378834, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.378858, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.378871, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.378882, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.378892, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.378904, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.378914, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.378945, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.378968, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.378980, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.378992, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.379002, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.379014, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.379024, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.379047, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.379070, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.379083, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.379094, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.379104, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.379117, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.379126, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.379181, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.379204, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.379216, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.379226, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.379239, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.379249, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.379281, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.379294, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.379306, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.379316, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.379330, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.379339, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.379363, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.379386, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.379399, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.379410, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.379420, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.379434, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.379443, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.379464, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.379486, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.379500, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.379511, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.379523, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.379535, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.379549, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.379562, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.379573, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.379605, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001c-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.379651, 2, pid=12849, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print already exists >[2016/04/14 10:01:46.379671, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001c-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.379703, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.379734, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.379764, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.379774, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.379785, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.379832, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001b-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.379865, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.379900, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.379930, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.379940, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.379951, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.379994, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.380009, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_OpenPrinter: struct spoolss_OpenPrinter > out: struct spoolss_OpenPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.380069, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_StartDocPrinter: struct spoolss_StartDocPrinter > in: struct spoolss_StartDocPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-0f57-321d31320000 > info_ctr : * > info_ctr: struct spoolss_DocumentInfoCtr > level : 0x00000001 (1) > info : union spoolss_DocumentInfo(case 1) > info1 : * > info1: struct spoolss_DocumentInfo1 > document_name : * > document_name : 'Remote Downlevel Document' > output_file : * > output_file : '/var/spool/samba//smbprn.r5CeH3' > datatype : * > datatype : 'RAW' >[2016/04/14 10:01:46.380153, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.380202, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.380242, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) > short name:Print >[2016/04/14 10:01:46.380280, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.380296, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.380307, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.380339, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.380361, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.380413, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.380425, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.380437, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.380447, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.380458, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.380467, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.380496, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.380519, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.380533, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.380566, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.380623, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.380731, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.380766, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.380777, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.380789, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.380799, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.380810, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.380819, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.380850, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.380874, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.380887, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.380899, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.380909, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.380920, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.380930, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.380956, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.380983, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.380996, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.381007, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.381018, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.381029, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.381039, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.381062, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.381085, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.381097, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.381108, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.381118, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.381131, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.381140, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.381202, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.381218, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.381230, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.381241, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.381255, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.381265, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.381308, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.381325, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.381338, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.381349, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.381362, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.381388, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.381413, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.381445, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.381457, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.381468, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.381481, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.381495, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.381505, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.381526, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.381548, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.381561, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.381573, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.381585, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.381596, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.381608, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.381623, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.381635, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.381667, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.381727, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.381823, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.381858, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.381869, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.381880, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.381892, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.381917, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.381931, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/04/14 10:01:46.382003, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.382089, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.382122, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.382141, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.382154, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x000000b0 (176) > result : WERR_OK >[2016/04/14 10:01:46.382939, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.382975, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.383008, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.383039, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.383050, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.383061, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.383108, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.383141, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.383197, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.383228, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.383244, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.383256, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.383299, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.383315, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x20020008 to 0x00020008 >[2016/04/14 10:01:46.383326, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.383336, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.383345, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.383355, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.383366, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) > access check was SUCCESS >[2016/04/14 10:01:46.383386, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.383400, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.383411, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.383446, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.383470, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.383523, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.383535, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.383547, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.383562, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.383573, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.383583, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.383612, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.383636, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2016/04/14 10:01:46.383649, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.383682, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001f-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.383739, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001f-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.383843, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.383877, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.383889, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.383901, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.383915, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.383927, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.383936, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.383968, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.383991, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.384004, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.384016, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.384026, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.384037, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.384047, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.384073, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.384096, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.384108, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.384120, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.384130, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.384150, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.384166, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.384199, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.384222, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.384234, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.384246, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.384260, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.384273, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.384282, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.384320, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.384334, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.384345, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.384356, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.384369, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.384378, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.384405, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.384418, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.384430, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.384441, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.384454, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.384463, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.384488, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.384511, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.384523, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.384535, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.384549, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.384563, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.384572, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.384595, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.384617, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2016/04/14 10:01:46.384631, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.384643, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.384655, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.384666, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.384678, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.384690, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.384701, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 0F 57 32 1D .... ... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.384733, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000020-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.384788, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000020-0000-0000-0f57-321d31320000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2016/04/14 10:01:46.384843, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 0F 57 32 1D .... ... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.384881, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.384894, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.384918, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.384930, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.384953, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000000 (0) > max_subkeylen : * > max_subkeylen : 0x00000000 (0) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000001 (1) > max_valnamelen : * > max_valnamelen : 0x00000012 (18) > max_valbufsize : * > max_valbufsize : 0x000000b0 (176) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2016/04/14 10:01:46.385071, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000020-0000-0000-0f57-321d31320000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0014 (20) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x00000000 (0) >[2016/04/14 10:01:46.385177, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 0F 57 32 1D .... ... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.385222, 8, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.385236, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0014 (20) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x000000b0 (176) > result : WERR_OK >[2016/04/14 10:01:46.386061, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000020-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.386157, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 0F 57 32 1D .... ... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.386207, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.386219, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.386230, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2016/04/14 10:01:46.386241, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2016/04/14 10:01:46.386308, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.386362, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.386374, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.386387, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.386397, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.386408, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.386417, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.386446, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.386469, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2016/04/14 10:01:46.386489, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 0F 57 32 1D ....!... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.386522, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000021-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.386578, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000021-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.386682, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 0F 57 32 1D ....!... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.386717, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.386728, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.386740, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.386751, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.386762, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.386771, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.386802, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.386830, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.386844, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.386855, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.386866, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.386877, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.386887, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.386913, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.386936, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.386949, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.386961, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.386971, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.386983, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.386992, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.387016, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.387039, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.387051, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.387063, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.387073, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.387085, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.387095, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.387136, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.387168, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.387189, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.387200, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.387213, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.387222, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.387250, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.387264, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (10->11) >[2016/04/14 10:01:46.387276, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.387286, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.387300, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.387309, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.387333, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.387358, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.387371, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (11->12) >[2016/04/14 10:01:46.387383, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.387394, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.387407, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.387417, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.387438, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.387465, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2016/04/14 10:01:46.387479, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (12->11) >[2016/04/14 10:01:46.387491, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (11->10) >[2016/04/14 10:01:46.387503, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.387514, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.387526, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.387537, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.387549, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 0F 57 32 1D ...."... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.387581, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000022-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.387638, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000022-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.387719, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 0F 57 32 1D ...."... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.387751, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.387765, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.387776, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.387788, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.387811, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.387825, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/04/14 10:01:46.387890, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000022-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.387975, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 0F 57 32 1D ...."... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.388009, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.388019, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.388032, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x000000b0 (176) > result : WERR_OK >[2016/04/14 10:01:46.388821, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000022-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.388858, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 0F 57 32 1D ...."... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.388890, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 0F 57 32 1D ...."... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.388920, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.388931, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.388942, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.388993, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000021-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.389027, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 0F 57 32 1D ....!... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.389059, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 0F 57 32 1D ....!... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.389090, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.389101, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.389112, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.389164, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000020-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.389199, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 0F 57 32 1D .... ... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.389231, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 0F 57 32 1D .... ... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.389260, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.389271, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.389282, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.389328, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001f-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.389365, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.389397, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.389428, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.389439, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.389450, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.389493, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.389523, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2837(print_job_start) > print_job_start: Queue Print number of jobs (1), max printjobs = 1000 >[2016/04/14 10:01:46.389541, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2605(allocate_print_jobid) > allocate_print_jobid: Read jobid 76 from Print >[2016/04/14 10:01:46.389583, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2769(print_job_spool_file) > print_job_spool_file:External spooling activated >[2016/04/14 10:01:46.389613, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x10 for printer Print to notify_queue_head >[2016/04/14 10:01:46.389626, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x03 for printer Print to notify_queue_head >[2016/04/14 10:01:46.389638, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x0d for printer Print to notify_queue_head >[2016/04/14 10:01:46.389650, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head >[2016/04/14 10:01:46.389661, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x16 for printer Print to notify_queue_head >[2016/04/14 10:01:46.389672, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x14 for printer Print to notify_queue_head >[2016/04/14 10:01:46.389683, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2669(add_to_jobs_added) > add_to_jobs_added: Added jobid 77 >[2016/04/14 10:01:46.389704, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_StartDocPrinter: struct spoolss_StartDocPrinter > out: struct spoolss_StartDocPrinter > job_id : * > job_id : 0x0000004d (77) > result : WERR_OK >[2016/04/14 10:01:46.389743, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:80(pjobid_to_rap) > pjobid_to_rap: called. >[2016/04/14 10:01:46.389760, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:115(pjobid_to_rap) > pjobid_to_rap: created jobid 77 maps to RAP jobid 2 >[2016/04/14 10:01:46.389776, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5795(reply_printopen) > openprint fd=38 fnum 42614 >[2016/04/14 10:01:46.389789, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.389796, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) > size=37 > smb_com=0xc0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51207 > smb_tid=6392 > smb_pid=7120 > smb_uid=59137 > smb_mid=48832 > smt_wct=1 > smb_vwv[ 0]=42614 (0xA676) > smb_bcc=0 >[2016/04/14 10:01:46.389829, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) >[2016/04/14 10:01:46.390365, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 37 >[2016/04/14 10:01:46.390399, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x25 >[2016/04/14 10:01:46.390414, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 6 of length 41 (0 toread) >[2016/04/14 10:01:46.390425, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.390433, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) > size=37 > smb_com=0xc2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=6392 > smb_pid=65279 > smb_uid=59137 > smb_mid=48896 > smt_wct=1 > smb_vwv[ 0]=42614 (0xA676) > smb_bcc=0 >[2016/04/14 10:01:46.390466, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) >[2016/04/14 10:01:46.390478, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBsplclose (pid 12849) conn 0x81d5a330 >[2016/04/14 10:01:46.390492, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2016/04/14 10:01:46.390507, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5833(reply_printclose) > printclose fd=38 fnum 42614 >[2016/04/14 10:01:46.390536, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.390572, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.390605, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.390641, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.390672, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) > short name:Print >[2016/04/14 10:01:46.390688, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:469(print_job_find) > print_job_find: looking up job 77 for share Print >[2016/04/14 10:01:46.390706, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:497(print_job_find) > print_job_find: returning system job -1 for jobid 77. >[2016/04/14 10:01:46.390720, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:3009(print_job_end) > print_job_end: canceling spool of /var/spool/samba//smbprn.r5CeH3 (zero length) >[2016/04/14 10:01:46.390742, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:469(print_job_find) > print_job_find: looking up job 77 for share Print >[2016/04/14 10:01:46.390757, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:497(print_job_find) > print_job_find: returning system job -1 for jobid 77. >[2016/04/14 10:01:46.390769, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head >[2016/04/14 10:01:46.390794, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2139(remove_from_jobs_added) > remove_from_jobs_added: removed jobid 77 >[2016/04/14 10:01:46.390805, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:159(rap_jobid_delete) > rap_jobid_delete: called. >[2016/04/14 10:01:46.390816, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:179(rap_jobid_delete) > rap_jobid_delete: deleting jobid 77 >[2016/04/14 10:01:46.390830, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.390860, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.390890, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.390901, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > out: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.390949, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.390962, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/04/14 10:01:46.390976, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 7E0A93ED >[2016/04/14 10:01:46.390990, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x81d582f8 >[2016/04/14 10:01:46.391011, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 7E0A93ED >[2016/04/14 10:01:46.391024, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.391034, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/14 10:01:46.391050, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:554(file_free) > freed files structure 42614 (1 used) >[2016/04/14 10:01:46.391062, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.391070, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) > size=35 > smb_com=0xc2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51207 > smb_tid=6392 > smb_pid=65279 > smb_uid=59137 > smb_mid=48896 > smt_wct=0 > smb_bcc=0 >[2016/04/14 10:01:46.391100, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) >[2016/04/14 10:01:46.391496, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 37 >[2016/04/14 10:01:46.391528, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x25 >[2016/04/14 10:01:46.391544, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 7 of length 41 (0 toread) >[2016/04/14 10:01:46.391556, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.391564, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) > size=37 > smb_com=0xc2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=6392 > smb_pid=65279 > smb_uid=59137 > smb_mid=48960 > smt_wct=1 > smb_vwv[ 0]= 8713 (0x2209) > smb_bcc=0 >[2016/04/14 10:01:46.391597, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) >[2016/04/14 10:01:46.391608, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBsplclose (pid 12849) conn 0x81d5a330 >[2016/04/14 10:01:46.391620, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2016/04/14 10:01:46.391633, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5833(reply_printclose) > printclose fd=35 fnum 8713 >[2016/04/14 10:01:46.391654, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.391689, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:348(find_policy_by_hnd_internal) > Policy not found: [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.391722, 2, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:344(find_printer_index_by_hnd) > find_printer_index_by_hnd: Printer handle not found: Policy not found: [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.391754, 2, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:344(find_printer_index_by_hnd) > find_printer_index_by_hnd: Printer handle not found: close_printer_handle: Invalid handle (OURS:12849:12849) >[2016/04/14 10:01:46.391777, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printspoolss.c:326(print_spool_end) > Failed to close printer Print [NT code 0x1c00001a] >[2016/04/14 10:01:46.391805, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.391817, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/04/14 10:01:46.391830, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 08703C0A >[2016/04/14 10:01:46.391845, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x81d582f8 >[2016/04/14 10:01:46.391863, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 08703C0A >[2016/04/14 10:01:46.391875, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.391885, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/14 10:01:46.391901, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:554(file_free) > freed files structure 8713 (0 used) >[2016/04/14 10:01:46.391913, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.391920, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) > size=35 > smb_com=0xc2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51207 > smb_tid=6392 > smb_pid=65279 > smb_uid=59137 > smb_mid=48960 > smt_wct=0 > smb_bcc=0 >[2016/04/14 10:01:46.391950, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) >[2016/04/14 10:01:46.392429, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 60 >[2016/04/14 10:01:46.392461, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x3c >[2016/04/14 10:01:46.392477, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 8 of length 64 (0 toread) >[2016/04/14 10:01:46.392489, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.392497, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) > size=60 > smb_com=0xc0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=6392 > smb_pid=7120 > smb_uid=59137 > smb_mid=49024 > smt_wct=2 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1 (0x1) > smb_bcc=21 >[2016/04/14 10:01:46.392533, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) > [0000] 04 53 00 53 00 48 00 49 00 56 00 41 00 50 00 50 .S.S.H.I .V.A.P.P > [0010] 00 41 00 00 00 .A... >[2016/04/14 10:01:46.392568, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBsplopen (pid 12849) conn 0x81d5a330 >[2016/04/14 10:01:46.392581, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2016/04/14 10:01:46.392598, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.392610, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/04/14 10:01:46.392629, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 7C16796C >[2016/04/14 10:01:46.392644, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x81d407f8 >[2016/04/14 10:01:46.392655, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) > smbXsrv_open_global_verify_record: empty value >[2016/04/14 10:01:46.392683, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) > smbXsrv_open_global_store: key '7C16796C' stored >[2016/04/14 10:01:46.392697, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_open_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000001 (1) > info : union smbXsrv_open_globalU(case 0) > info0 : * > info0: struct smbXsrv_open_global0 > db_rec : * > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > open_global_id : 0x7c16796c (2081847660) > open_persistent_id : 0x000000007c16796c (2081847660) > open_volatile_id : 0x00000000000049f7 (18935) > open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 > open_time : Thu Apr 14 10:01:46 AM 2016 IST > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 >[2016/04/14 10:01:46.392825, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 7C16796C >[2016/04/14 10:01:46.392838, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.392849, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/14 10:01:46.392861, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) > smbXsrv_open_create: global_id (0x7c16796c) stored >[2016/04/14 10:01:46.392871, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &open_blob: struct smbXsrv_openB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_openU(case 0) > info0 : * > info0: struct smbXsrv_open > table : * > db_rec : NULL > local_id : 0x000049f7 (18935) > global : * > global: struct smbXsrv_open_global0 > db_rec : NULL > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > open_global_id : 0x7c16796c (2081847660) > open_persistent_id : 0x000000007c16796c (2081847660) > open_volatile_id : 0x00000000000049f7 (18935) > open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 > open_time : Thu Apr 14 10:01:46 AM 2016 IST > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 > status : NT_STATUS_OK > idle_time : Thu Apr 14 10:01:46 AM 2016 IST > compat : NULL > flags : 0x00 (0) > 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE > 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE > create_action : 0x00000000 (0) >[2016/04/14 10:01:46.393051, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:128(file_new) > allocated file structure fnum 18935 (1 used) >[2016/04/14 10:01:46.393176, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection spoolss >[2016/04/14 10:01:46.393202, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:1072(rpc_pipe_open_interface) > Connecting to spoolss pipe. >[2016/04/14 10:01:46.393222, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested spoolss >[2016/04/14 10:01:46.393236, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe spoolss >[2016/04/14 10:01:46.393248, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss >[2016/04/14 10:01:46.393282, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe spoolss >[2016/04/14 10:01:46.393310, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_OpenPrinter: struct spoolss_OpenPrinter > in: struct spoolss_OpenPrinter > printername : * > printername : 'Print' > datatype : * > datatype : 'RAW' > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000008 (8) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 1: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ >[2016/04/14 10:01:46.393376, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 >[2016/04/14 10:01:46.393395, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 >[2016/04/14 10:01:46.393406, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/04/14 10:01:46.393416, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/14 10:01:46.393426, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/14 10:01:46.393455, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/server_reload.c:75(delete_and_reload_printers) > skipping printer reload, already up to date. >[2016/04/14 10:01:46.393471, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 > checking name: Print >[2016/04/14 10:01:46.393485, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:735(open_printer_hnd) > open_printer_hnd: name [Print] >[2016/04/14 10:01:46.393497, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 0F 57 32 1D ....#... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.393529, 3, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:507(set_printer_hnd_printertype) > Setting printer type=Print > Printer is a printer >[2016/04/14 10:01:46.393541, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:567(set_printer_hnd_name) > Setting printer name=Print (len=5) > searching for [Print] >[2016/04/14 10:01:46.393565, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) > Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Thu Jan 1 05:30:00 AM 1970 IST] (-1460608306 seconds in the past) >[2016/04/14 10:01:46.393636, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) > Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Fri Jan 16 10:49:41 PM 1970 IST] (-1459249925 seconds in the past) > set_printer_hnd_name: Printer found: Print -> Print >[2016/04/14 10:01:46.393691, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:771(open_printer_hnd) > 1 printer handles active >[2016/04/14 10:01:46.393704, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 0F 57 32 1D ....#... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.393736, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 0F 57 32 1D ....#... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.393767, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) > short name:Print >[2016/04/14 10:01:46.393788, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) > Allowed connection from 10.188.101.162 (10.188.101.162) >[2016/04/14 10:01:46.393827, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) > user_ok_token: share Print is ok for unix user nobody >[2016/04/14 10:01:46.393853, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.393873, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.393885, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.393918, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.393940, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.393993, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.394005, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.394018, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.394028, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.394039, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.394049, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.394079, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.394102, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.394116, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 0F 57 32 1D ....$... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.394149, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.394216, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.394324, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 0F 57 32 1D ....$... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.394358, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.394370, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.394382, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.394392, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.394404, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.394414, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.394445, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.394469, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.394482, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.394494, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.394504, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.394516, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.394525, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.394552, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.394579, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.394592, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.394604, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.394614, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.394626, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.394635, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.394659, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.394682, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.394694, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.394706, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.394716, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.394728, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.394738, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.394776, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.394789, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.394801, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.394812, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.394825, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.394835, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.394862, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.394878, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.394890, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.394901, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.394915, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.394924, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.394949, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.394972, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.394984, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.394995, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.395006, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.395019, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.395029, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.395050, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.395071, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.395085, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.395097, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.395109, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.395120, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.395132, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.395147, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.395164, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 0F 57 32 1D ....%... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.395198, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000025-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.395257, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000025-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.395339, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 0F 57 32 1D ....%... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.395372, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.395383, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.395394, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.395406, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.395430, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.395444, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/04/14 10:01:46.395514, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000025-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.395601, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 0F 57 32 1D ....%... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.395634, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.395644, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.395657, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x000000b0 (176) > result : WERR_OK >[2016/04/14 10:01:46.396463, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000025-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.396500, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 0F 57 32 1D ....%... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.396532, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 0F 57 32 1D ....%... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.396562, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.396573, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.396584, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.396631, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.396663, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 0F 57 32 1D ....$... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.396696, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 0F 57 32 1D ....$... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.396727, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.396742, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.396753, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.396797, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.396812, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x20020008 to 0x00020008 >[2016/04/14 10:01:46.396823, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.396833, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.396843, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.396853, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.396863, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) > access check was SUCCESS >[2016/04/14 10:01:46.396874, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1922(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2016/04/14 10:01:46.396893, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.396906, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.396918, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.396950, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.396971, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.397023, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.397035, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.397052, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.397062, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.397073, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.397083, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.397112, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.397135, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.397149, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 0F 57 32 1D ....&... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.397188, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000026-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.397246, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000026-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.397348, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 0F 57 32 1D ....&... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.397381, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.397393, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.397410, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.397420, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.397432, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.397441, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.397473, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.397497, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.397510, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.397522, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.397532, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.397543, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.397553, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.397579, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.397602, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.397614, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.397626, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.397636, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.397648, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.397658, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.397681, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.397703, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.397716, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.397731, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.397742, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.397754, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.397764, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.397802, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.397815, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.397827, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.397838, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.397851, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.397861, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.397888, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.397901, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.397912, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.397923, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.397936, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.397946, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.397969, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.397992, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.398004, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.398019, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.398030, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.398043, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.398053, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.398074, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.398097, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.398110, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.398122, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.398134, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.398146, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.398162, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.398175, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.398187, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 0F 57 32 1D ....'... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.398219, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.398264, 2, pid=12849, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print already exists >[2016/04/14 10:01:46.398285, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.398321, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 0F 57 32 1D ....'... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.398353, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 0F 57 32 1D ....'... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.398383, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.398393, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.398404, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.398451, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000026-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.398484, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 0F 57 32 1D ....&... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.398515, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 0F 57 32 1D ....&... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.398544, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.398555, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.398566, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.398608, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.398623, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_OpenPrinter: struct spoolss_OpenPrinter > out: struct spoolss_OpenPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000023-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.398685, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_StartDocPrinter: struct spoolss_StartDocPrinter > in: struct spoolss_StartDocPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000023-0000-0000-0f57-321d31320000 > info_ctr : * > info_ctr: struct spoolss_DocumentInfoCtr > level : 0x00000001 (1) > info : union spoolss_DocumentInfo(case 1) > info1 : * > info1: struct spoolss_DocumentInfo1 > document_name : * > document_name : 'Remote Downlevel Document' > output_file : * > output_file : '/var/spool/samba//smbprn.yDwHuO' > datatype : * > datatype : 'RAW' >[2016/04/14 10:01:46.398770, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 0F 57 32 1D ....#... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.398803, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 0F 57 32 1D ....#... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.398833, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) > short name:Print >[2016/04/14 10:01:46.398862, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.398878, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.398889, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.398921, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.398942, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.398994, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.399006, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.399023, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.399034, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.399045, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.399054, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.399083, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.399106, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.399120, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 0F 57 32 1D ....(... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.399153, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.399218, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.399321, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 0F 57 32 1D ....(... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.399355, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.399366, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.399382, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.399393, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.399404, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.399414, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.399445, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.399468, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.399480, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.399492, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.399502, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.399514, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.399524, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.399550, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.399573, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.399585, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.399597, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.399607, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.399619, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.399629, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.399652, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.399674, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.399687, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.399702, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.399713, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.399725, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.399735, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.399773, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.399786, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.399798, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.399808, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.399822, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.399831, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.399858, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.399870, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.399882, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.399892, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.399906, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.399915, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.399939, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.399962, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.399974, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.399986, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.400000, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.400014, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.400023, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.400044, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.400066, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.400079, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.400091, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.400103, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.400114, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.400126, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.400137, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.400149, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 0F 57 32 1D ....)... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.400187, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000029-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.400245, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000029-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.400334, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 0F 57 32 1D ....)... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.400367, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.400378, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.400389, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.400400, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.400424, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.400438, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/04/14 10:01:46.400504, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000029-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.400589, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 0F 57 32 1D ....)... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.400621, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.400635, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.400649, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x000000b0 (176) > result : WERR_OK >[2016/04/14 10:01:46.401438, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000029-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.401475, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 0F 57 32 1D ....)... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.401507, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 0F 57 32 1D ....)... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.401543, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.401554, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.401565, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.401612, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.401645, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 0F 57 32 1D ....(... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.401677, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 0F 57 32 1D ....(... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.401708, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.401718, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.401729, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.401771, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.401786, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x20020008 to 0x00020008 >[2016/04/14 10:01:46.401797, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.401807, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.401817, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.401826, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.401840, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) > access check was SUCCESS >[2016/04/14 10:01:46.401860, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.401874, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.401885, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.401919, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.401944, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.401997, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.402009, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.402022, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.402032, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.402043, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.402052, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.402081, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.402104, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2016/04/14 10:01:46.402118, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 0F 57 32 1D ....*... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.402152, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002a-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.402217, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002a-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.402331, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 0F 57 32 1D ....*... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.402366, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.402378, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.402391, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.402401, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.402412, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.402422, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.402453, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.402477, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.402490, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.402502, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.402512, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.402523, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.402533, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.402565, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.402589, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.402601, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.402613, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.402624, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.402636, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.402645, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.402669, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.402692, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.402704, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.402716, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.402726, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.402739, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.402748, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.402786, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.402799, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.402811, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.402822, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.402835, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.402844, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.402878, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.402891, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.402903, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.402914, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.402927, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.402936, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.402960, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.402983, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.402996, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.403007, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.403018, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.403031, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.403041, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.403062, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.403085, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2016/04/14 10:01:46.403098, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.403110, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.403122, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.403134, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.403149, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.403166, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.403179, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 0F 57 32 1D ....+... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.403211, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002b-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.403266, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002b-0000-0000-0f57-321d31320000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2016/04/14 10:01:46.403321, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 0F 57 32 1D ....+... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.403356, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.403368, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.403391, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.403404, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.403427, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000000 (0) > max_subkeylen : * > max_subkeylen : 0x00000000 (0) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000001 (1) > max_valnamelen : * > max_valnamelen : 0x00000012 (18) > max_valbufsize : * > max_valbufsize : 0x000000b0 (176) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2016/04/14 10:01:46.403550, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002b-0000-0000-0f57-321d31320000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0014 (20) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x00000000 (0) >[2016/04/14 10:01:46.403640, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 0F 57 32 1D ....+... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.403672, 8, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.403685, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0014 (20) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x000000b0 (176) > result : WERR_OK >[2016/04/14 10:01:46.404489, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002b-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.404571, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 0F 57 32 1D ....+... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.404603, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.404614, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.404626, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2016/04/14 10:01:46.404636, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2016/04/14 10:01:46.404703, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.404757, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.404769, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.404781, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.404792, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.404803, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.404812, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.404841, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.404864, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2016/04/14 10:01:46.404879, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 0F 57 32 1D ....,... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.404911, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002c-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.404967, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002c-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.405074, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 0F 57 32 1D ....,... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.405109, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.405121, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.405133, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.405143, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.405155, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.405170, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.405203, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.405227, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.405239, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.405251, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.405262, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.405274, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.405283, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.405309, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.405333, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.405345, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.405357, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.405371, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.405384, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.405393, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.405417, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.405440, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.405453, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.405465, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.405475, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.405487, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.405497, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.405535, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.405549, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.405561, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.405571, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.405584, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.405594, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.405621, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.405634, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (10->11) >[2016/04/14 10:01:46.405645, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.405656, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.405673, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.405683, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.405710, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.405734, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.405747, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (11->12) >[2016/04/14 10:01:46.405758, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.405769, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.405782, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.405792, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.405813, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.405836, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2016/04/14 10:01:46.405849, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (12->11) >[2016/04/14 10:01:46.405861, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (11->10) >[2016/04/14 10:01:46.405873, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.405885, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.405896, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.405908, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.405919, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 0F 57 32 1D ....-... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.405951, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002d-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.406012, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002d-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.406094, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 0F 57 32 1D ....-... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.406128, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.406139, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.406149, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.406166, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.406190, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.406205, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/04/14 10:01:46.406269, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002d-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.406358, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 0F 57 32 1D ....-... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.406390, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.406401, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.406413, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x000000b0 (176) > result : WERR_OK >[2016/04/14 10:01:46.407227, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002d-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.407263, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 0F 57 32 1D ....-... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.407295, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 0F 57 32 1D ....-... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.407325, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.407336, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.407347, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.407394, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002c-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.407428, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 0F 57 32 1D ....,... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.407460, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 0F 57 32 1D ....,... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.407492, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.407503, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.407514, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.407567, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002b-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.407600, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 0F 57 32 1D ....+... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.407632, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 0F 57 32 1D ....+... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.407663, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.407674, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.407684, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.407730, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002a-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.407763, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 0F 57 32 1D ....*... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.407796, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 0F 57 32 1D ....*... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.407827, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.407837, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.407848, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.407890, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.407924, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2837(print_job_start) > print_job_start: Queue Print number of jobs (2), max printjobs = 1000 >[2016/04/14 10:01:46.407943, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2605(allocate_print_jobid) > allocate_print_jobid: Read jobid 77 from Print >[2016/04/14 10:01:46.407976, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2769(print_job_spool_file) > print_job_spool_file:External spooling activated >[2016/04/14 10:01:46.408002, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x10 for printer Print to notify_queue_head >[2016/04/14 10:01:46.408016, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x03 for printer Print to notify_queue_head >[2016/04/14 10:01:46.408028, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x0d for printer Print to notify_queue_head >[2016/04/14 10:01:46.408039, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head >[2016/04/14 10:01:46.408050, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x16 for printer Print to notify_queue_head >[2016/04/14 10:01:46.408061, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x14 for printer Print to notify_queue_head >[2016/04/14 10:01:46.408072, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2669(add_to_jobs_added) > add_to_jobs_added: Added jobid 78 >[2016/04/14 10:01:46.408089, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_StartDocPrinter: struct spoolss_StartDocPrinter > out: struct spoolss_StartDocPrinter > job_id : * > job_id : 0x0000004e (78) > result : WERR_OK >[2016/04/14 10:01:46.408126, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:80(pjobid_to_rap) > pjobid_to_rap: called. >[2016/04/14 10:01:46.408143, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:115(pjobid_to_rap) > pjobid_to_rap: created jobid 78 maps to RAP jobid 3 >[2016/04/14 10:01:46.408163, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5795(reply_printopen) > openprint fd=41 fnum 18935 >[2016/04/14 10:01:46.408177, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.408184, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) > size=37 > smb_com=0xc0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51207 > smb_tid=6392 > smb_pid=7120 > smb_uid=59137 > smb_mid=49024 > smt_wct=1 > smb_vwv[ 0]=18935 (0x49F7) > smb_bcc=0 >[2016/04/14 10:01:46.408217, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) >[2016/04/14 10:01:46.408777, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 60 >[2016/04/14 10:01:46.408809, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x3c >[2016/04/14 10:01:46.408825, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 9 of length 64 (0 toread) >[2016/04/14 10:01:46.408842, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.408850, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) > size=60 > smb_com=0xc0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=6392 > smb_pid=5808 > smb_uid=59137 > smb_mid=49088 > smt_wct=2 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1 (0x1) > smb_bcc=21 >[2016/04/14 10:01:46.408886, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) > [0000] 04 53 00 53 00 48 00 49 00 56 00 41 00 50 00 50 .S.S.H.I .V.A.P.P > [0010] 00 41 00 00 00 .A... >[2016/04/14 10:01:46.408922, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBsplopen (pid 12849) conn 0x81d5a330 >[2016/04/14 10:01:46.408935, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2016/04/14 10:01:46.408952, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.408964, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/04/14 10:01:46.408977, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 5EC8D67A >[2016/04/14 10:01:46.408992, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x81d407f8 >[2016/04/14 10:01:46.409003, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) > smbXsrv_open_global_verify_record: empty value >[2016/04/14 10:01:46.409030, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) > smbXsrv_open_global_store: key '5EC8D67A' stored >[2016/04/14 10:01:46.409044, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_open_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000001 (1) > info : union smbXsrv_open_globalU(case 0) > info0 : * > info0: struct smbXsrv_open_global0 > db_rec : * > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > open_global_id : 0x5ec8d67a (1590220410) > open_persistent_id : 0x000000005ec8d67a (1590220410) > open_volatile_id : 0x000000000000a16c (41324) > open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 > open_time : Thu Apr 14 10:01:46 AM 2016 IST > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 >[2016/04/14 10:01:46.409177, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 5EC8D67A >[2016/04/14 10:01:46.409190, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.409206, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/14 10:01:46.409218, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) > smbXsrv_open_create: global_id (0x5ec8d67a) stored >[2016/04/14 10:01:46.409228, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &open_blob: struct smbXsrv_openB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_openU(case 0) > info0 : * > info0: struct smbXsrv_open > table : * > db_rec : NULL > local_id : 0x0000a16c (41324) > global : * > global: struct smbXsrv_open_global0 > db_rec : NULL > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > open_global_id : 0x5ec8d67a (1590220410) > open_persistent_id : 0x000000005ec8d67a (1590220410) > open_volatile_id : 0x000000000000a16c (41324) > open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 > open_time : Thu Apr 14 10:01:46 AM 2016 IST > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 > status : NT_STATUS_OK > idle_time : Thu Apr 14 10:01:46 AM 2016 IST > compat : NULL > flags : 0x00 (0) > 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE > 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE > create_action : 0x00000000 (0) >[2016/04/14 10:01:46.409401, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:128(file_new) > allocated file structure fnum 41324 (2 used) >[2016/04/14 10:01:46.409455, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection spoolss >[2016/04/14 10:01:46.409478, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:1072(rpc_pipe_open_interface) > Connecting to spoolss pipe. >[2016/04/14 10:01:46.409497, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested spoolss >[2016/04/14 10:01:46.409510, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe spoolss >[2016/04/14 10:01:46.409522, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss >[2016/04/14 10:01:46.409560, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe spoolss >[2016/04/14 10:01:46.409588, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_OpenPrinter: struct spoolss_OpenPrinter > in: struct spoolss_OpenPrinter > printername : * > printername : 'Print' > datatype : * > datatype : 'RAW' > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000008 (8) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 1: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ >[2016/04/14 10:01:46.409654, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 >[2016/04/14 10:01:46.409667, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 >[2016/04/14 10:01:46.409677, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/04/14 10:01:46.409688, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/14 10:01:46.409697, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/14 10:01:46.409724, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/server_reload.c:75(delete_and_reload_printers) > skipping printer reload, already up to date. >[2016/04/14 10:01:46.409740, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 > checking name: Print >[2016/04/14 10:01:46.409753, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:735(open_printer_hnd) > open_printer_hnd: name [Print] >[2016/04/14 10:01:46.409764, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.409796, 3, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:507(set_printer_hnd_printertype) > Setting printer type=Print > Printer is a printer >[2016/04/14 10:01:46.409808, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:567(set_printer_hnd_name) > Setting printer name=Print (len=5) > searching for [Print] >[2016/04/14 10:01:46.409830, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) > Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Thu Jan 1 05:30:00 AM 1970 IST] (-1460608306 seconds in the past) >[2016/04/14 10:01:46.409897, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) > Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Fri Jan 16 10:49:41 PM 1970 IST] (-1459249925 seconds in the past) > set_printer_hnd_name: Printer found: Print -> Print >[2016/04/14 10:01:46.409953, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:771(open_printer_hnd) > 1 printer handles active >[2016/04/14 10:01:46.409970, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.410002, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.410032, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) > short name:Print >[2016/04/14 10:01:46.410051, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) > Allowed connection from 10.188.101.162 (10.188.101.162) >[2016/04/14 10:01:46.410088, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) > user_ok_token: share Print is ok for unix user nobody >[2016/04/14 10:01:46.410114, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.410129, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.410140, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.410181, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.410205, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.410258, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.410270, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.410282, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.410293, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.410304, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.410313, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.410343, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.410372, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.410386, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 0F 57 32 1D ..../... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.410420, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.410479, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.410585, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 0F 57 32 1D ..../... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.410620, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.410631, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.410643, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.410653, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.410665, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.410674, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.410706, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.410735, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.410748, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.410760, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.410770, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.410782, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.410791, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.410818, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.410841, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.410853, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.410865, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.410875, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.410887, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.410897, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.410920, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.410942, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.410955, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.410966, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.410976, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.410989, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.410999, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.411040, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.411054, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.411066, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.411076, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.411089, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.411099, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.411126, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.411139, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.411151, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.411168, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.411183, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.411192, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.411217, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.411241, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.411253, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.411264, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.411275, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.411288, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.411298, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.411323, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.411346, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.411360, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.411371, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.411383, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.411394, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.411406, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.411417, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.411428, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 0F 57 32 1D ....0... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.411460, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.411519, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.411601, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 0F 57 32 1D ....0... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.411634, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.411650, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.411661, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.411673, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.411696, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.411710, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/04/14 10:01:46.411776, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.411861, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 0F 57 32 1D ....0... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.411894, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.411905, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.411917, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x000000b0 (176) > result : WERR_OK >[2016/04/14 10:01:46.412718, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.412756, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 0F 57 32 1D ....0... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.412789, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 0F 57 32 1D ....0... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.412820, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.412831, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.412842, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.412894, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.412934, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 0F 57 32 1D ..../... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.412966, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 0F 57 32 1D ..../... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.412996, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.413007, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.413018, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.413062, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.413078, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x20020008 to 0x00020008 >[2016/04/14 10:01:46.413089, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.413099, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.413108, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.413118, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.413129, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) > access check was SUCCESS >[2016/04/14 10:01:46.413140, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1922(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2016/04/14 10:01:46.413164, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.413179, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.413190, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.413228, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.413249, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.413301, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.413313, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.413325, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.413335, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.413347, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.413356, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.413385, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.413409, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.413423, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 0F 57 32 1D ....1... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.413456, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000031-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.413512, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000031-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.413621, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 0F 57 32 1D ....1... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.413655, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.413667, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.413678, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.413688, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.413700, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.413709, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.413741, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.413765, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.413777, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.413789, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.413799, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.413811, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.413820, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.413846, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.413869, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.413881, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.413896, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.413907, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.413919, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.413929, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.413952, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.413975, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.413987, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.413999, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.414009, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.414022, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.414031, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.414069, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.414082, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.414094, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.414105, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.414118, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.414128, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.414155, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.414175, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.414187, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.414202, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.414215, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.414225, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.414250, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.414273, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.414286, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.414297, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.414308, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.414321, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.414331, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.414352, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.414374, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.414388, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.414400, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.414412, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.414423, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.414434, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.414445, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.414457, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 0F 57 32 1D ....2... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.414493, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000032-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.414539, 2, pid=12849, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print already exists >[2016/04/14 10:01:46.414559, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000032-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.414592, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 0F 57 32 1D ....2... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.414624, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 0F 57 32 1D ....2... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.414653, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.414664, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.414674, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.414722, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000031-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.414755, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 0F 57 32 1D ....1... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.414788, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 0F 57 32 1D ....1... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.414819, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.414834, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.414845, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.414888, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.414903, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_OpenPrinter: struct spoolss_OpenPrinter > out: struct spoolss_OpenPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002e-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.414961, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_StartDocPrinter: struct spoolss_StartDocPrinter > in: struct spoolss_StartDocPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002e-0000-0000-0f57-321d31320000 > info_ctr : * > info_ctr: struct spoolss_DocumentInfoCtr > level : 0x00000001 (1) > info : union spoolss_DocumentInfo(case 1) > info1 : * > info1: struct spoolss_DocumentInfo1 > document_name : * > document_name : 'Remote Downlevel Document' > output_file : * > output_file : '/var/spool/samba//smbprn.Vbiklz' > datatype : * > datatype : 'RAW' >[2016/04/14 10:01:46.415045, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.415077, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.415108, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) > short name:Print >[2016/04/14 10:01:46.415137, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.415153, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.415171, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.415208, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.415230, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.415282, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.415294, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.415306, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.415317, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.415327, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.415337, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.415366, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.415389, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.415403, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 0F 57 32 1D ....3... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.415436, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000033-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.415493, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000033-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.415599, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 0F 57 32 1D ....3... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.415633, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.415644, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.415656, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.415666, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.415677, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.415687, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.415717, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.415741, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.415753, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.415765, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.415775, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.415787, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.415797, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.415823, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.415846, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.415858, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.415873, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.415884, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.415896, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.415905, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.415929, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.415951, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.415964, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.415975, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.415985, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.415998, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.416007, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.416046, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.416059, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.416071, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.416082, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.416095, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.416104, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.416131, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.416144, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.416155, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.416176, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.416190, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.416200, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.416225, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.416248, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.416260, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.416271, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.416282, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.416296, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.416305, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.416326, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.416348, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.416362, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.416374, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.416385, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.416397, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.416408, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.416419, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.416430, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 0F 57 32 1D ....4... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.416466, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000034-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.416524, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000034-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.416606, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 0F 57 32 1D ....4... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.416638, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.416649, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.416660, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.416671, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.416695, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.416709, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/04/14 10:01:46.416775, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000034-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.416866, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 0F 57 32 1D ....4... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.416900, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.416911, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.416923, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x000000b0 (176) > result : WERR_OK >[2016/04/14 10:01:46.417716, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000034-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.417753, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 0F 57 32 1D ....4... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.417786, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 0F 57 32 1D ....4... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.417817, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.417828, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.417839, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.417886, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000033-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.417919, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 0F 57 32 1D ....3... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.417951, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 0F 57 32 1D ....3... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.417981, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.417991, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.418002, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.418050, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.418066, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x20020008 to 0x00020008 >[2016/04/14 10:01:46.418076, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.418086, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.418096, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.418106, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.418116, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) > access check was SUCCESS >[2016/04/14 10:01:46.418135, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.418149, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.418166, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.418201, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.418226, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.418279, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.418292, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.418304, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.418314, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.418325, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.418335, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.418368, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.418392, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2016/04/14 10:01:46.418406, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 0F 57 32 1D ....5... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.418440, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000035-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.418496, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000035-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.418599, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 0F 57 32 1D ....5... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.418632, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.418644, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.418656, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.418667, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.418678, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.418688, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.418723, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.418747, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.418760, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.418772, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.418783, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.418794, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.418804, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.418830, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.418854, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.418866, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.418878, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.418888, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.418900, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.418909, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.418933, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.418956, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.418969, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.418980, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.418990, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.419003, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.419017, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.419056, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.419070, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.419082, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.419092, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.419106, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.419115, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.419142, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.419155, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.419173, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.419184, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.419198, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.419207, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.419231, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.419255, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.419267, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.419279, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.419289, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.419303, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.419313, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.419338, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.419362, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2016/04/14 10:01:46.419376, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.419388, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.419400, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.419411, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.419422, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.419434, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.419445, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 0F 57 32 1D ....6... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.419477, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.419531, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-0f57-321d31320000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2016/04/14 10:01:46.419587, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 0F 57 32 1D ....6... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.419622, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.419634, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.419661, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.419675, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.419698, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000000 (0) > max_subkeylen : * > max_subkeylen : 0x00000000 (0) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000001 (1) > max_valnamelen : * > max_valnamelen : 0x00000012 (18) > max_valbufsize : * > max_valbufsize : 0x000000b0 (176) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2016/04/14 10:01:46.419815, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-0f57-321d31320000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0014 (20) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x00000000 (0) >[2016/04/14 10:01:46.419904, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 0F 57 32 1D ....6... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.419938, 8, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.419951, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0014 (20) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x000000b0 (176) > result : WERR_OK >[2016/04/14 10:01:46.420761, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.420844, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 0F 57 32 1D ....6... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.420880, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.420892, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.420903, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2016/04/14 10:01:46.420914, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2016/04/14 10:01:46.420978, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.421032, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.421044, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.421056, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.421066, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.421078, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.421087, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.421116, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.421139, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2016/04/14 10:01:46.421153, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 0F 57 32 1D ....7... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.421193, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000037-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.421254, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000037-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.421358, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 0F 57 32 1D ....7... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.421392, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.421404, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.421416, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.421426, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.421437, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.421447, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.421479, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.421503, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.421516, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.421528, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.421542, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.421554, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.421563, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.421590, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.421613, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.421626, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.421637, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.421648, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.421660, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.421669, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.421693, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.421715, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.421728, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.421740, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.421750, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.421763, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.421772, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.421813, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.421827, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.421839, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.421853, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.421867, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.421877, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.421904, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.421917, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (10->11) >[2016/04/14 10:01:46.421929, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.421940, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.421953, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.421963, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.421987, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.422010, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.422022, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (11->12) >[2016/04/14 10:01:46.422034, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.422047, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.422060, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.422070, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.422091, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.422114, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x20019, remaining = 0x20019 >[2016/04/14 10:01:46.422128, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (12->11) >[2016/04/14 10:01:46.422146, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (11->10) >[2016/04/14 10:01:46.422164, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.422177, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.422188, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.422200, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.422212, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 0F 57 32 1D ....8... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.422243, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000038-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.422300, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000038-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.422381, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 0F 57 32 1D ....8... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.422415, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.422425, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.422436, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.422448, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.422475, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.422490, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/04/14 10:01:46.422555, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000038-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.422639, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 0F 57 32 1D ....8... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.422672, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.422683, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.422696, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x000000b0 (176) > result : WERR_OK >[2016/04/14 10:01:46.423522, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000038-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.423559, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 0F 57 32 1D ....8... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.423591, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 0F 57 32 1D ....8... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.423622, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.423633, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.423644, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.423691, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000037-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.423723, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 0F 57 32 1D ....7... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.423759, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 0F 57 32 1D ....7... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.423789, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.423800, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.423811, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.423859, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.423892, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 0F 57 32 1D ....6... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.423925, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 0F 57 32 1D ....6... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.423956, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.423967, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.423978, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.424025, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000035-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.424057, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 0F 57 32 1D ....5... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.424093, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 0F 57 32 1D ....5... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.424125, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.424135, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.424146, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.424195, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.424225, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2837(print_job_start) > print_job_start: Queue Print number of jobs (3), max printjobs = 1000 >[2016/04/14 10:01:46.424243, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2605(allocate_print_jobid) > allocate_print_jobid: Read jobid 78 from Print >[2016/04/14 10:01:46.424276, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2769(print_job_spool_file) > print_job_spool_file:External spooling activated >[2016/04/14 10:01:46.424302, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x10 for printer Print to notify_queue_head >[2016/04/14 10:01:46.424315, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x03 for printer Print to notify_queue_head >[2016/04/14 10:01:46.424327, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x0d for printer Print to notify_queue_head >[2016/04/14 10:01:46.424339, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head >[2016/04/14 10:01:46.424350, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x16 for printer Print to notify_queue_head >[2016/04/14 10:01:46.424361, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x14 for printer Print to notify_queue_head >[2016/04/14 10:01:46.424372, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2669(add_to_jobs_added) > add_to_jobs_added: Added jobid 79 >[2016/04/14 10:01:46.424389, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_StartDocPrinter: struct spoolss_StartDocPrinter > out: struct spoolss_StartDocPrinter > job_id : * > job_id : 0x0000004f (79) > result : WERR_OK >[2016/04/14 10:01:46.424427, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:80(pjobid_to_rap) > pjobid_to_rap: called. >[2016/04/14 10:01:46.424450, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:115(pjobid_to_rap) > pjobid_to_rap: created jobid 79 maps to RAP jobid 4 >[2016/04/14 10:01:46.424465, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5795(reply_printopen) > openprint fd=42 fnum 41324 >[2016/04/14 10:01:46.424477, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.424484, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) > size=37 > smb_com=0xc0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51207 > smb_tid=6392 > smb_pid=5808 > smb_uid=59137 > smb_mid=49088 > smt_wct=1 > smb_vwv[ 0]=41324 (0xA16C) > smb_bcc=0 >[2016/04/14 10:01:46.424517, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) >[2016/04/14 10:01:46.424988, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 37 >[2016/04/14 10:01:46.425020, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x25 >[2016/04/14 10:01:46.425036, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 10 of length 41 (0 toread) >[2016/04/14 10:01:46.425048, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.425055, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) > size=37 > smb_com=0xc2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=6392 > smb_pid=65279 > smb_uid=59137 > smb_mid=49152 > smt_wct=1 > smb_vwv[ 0]=41324 (0xA16C) > smb_bcc=0 >[2016/04/14 10:01:46.425088, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) >[2016/04/14 10:01:46.425110, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBsplclose (pid 12849) conn 0x81d5a330 >[2016/04/14 10:01:46.425123, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2016/04/14 10:01:46.425136, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5833(reply_printclose) > printclose fd=42 fnum 41324 >[2016/04/14 10:01:46.425159, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002e-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.425194, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.425227, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.425258, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.425288, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) > short name:Print >[2016/04/14 10:01:46.425303, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:469(print_job_find) > print_job_find: looking up job 79 for share Print >[2016/04/14 10:01:46.425327, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:497(print_job_find) > print_job_find: returning system job -1 for jobid 79. >[2016/04/14 10:01:46.425342, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:3009(print_job_end) > print_job_end: canceling spool of /var/spool/samba//smbprn.Vbiklz (zero length) >[2016/04/14 10:01:46.425362, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:469(print_job_find) > print_job_find: looking up job 79 for share Print >[2016/04/14 10:01:46.425377, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:497(print_job_find) > print_job_find: returning system job -1 for jobid 79. >[2016/04/14 10:01:46.425389, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x0a for printer Print to notify_queue_head >[2016/04/14 10:01:46.425413, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:2139(remove_from_jobs_added) > remove_from_jobs_added: removed jobid 79 >[2016/04/14 10:01:46.425425, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:159(rap_jobid_delete) > rap_jobid_delete: called. >[2016/04/14 10:01:46.425436, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printing.c:179(rap_jobid_delete) > rap_jobid_delete: deleting jobid 79 >[2016/04/14 10:01:46.425449, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.425480, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 0F 57 32 1D ........ .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.425510, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.425520, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > out: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.425567, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.425580, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/04/14 10:01:46.425594, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 5EC8D67A >[2016/04/14 10:01:46.425607, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x81d588a8 >[2016/04/14 10:01:46.425624, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 5EC8D67A >[2016/04/14 10:01:46.425635, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.425646, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/14 10:01:46.425666, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:554(file_free) > freed files structure 41324 (1 used) >[2016/04/14 10:01:46.425678, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.425686, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) > size=35 > smb_com=0xc2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51207 > smb_tid=6392 > smb_pid=65279 > smb_uid=59137 > smb_mid=49152 > smt_wct=0 > smb_bcc=0 >[2016/04/14 10:01:46.425716, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) >[2016/04/14 10:01:46.426104, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 37 >[2016/04/14 10:01:46.426135, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x25 >[2016/04/14 10:01:46.426151, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 11 of length 41 (0 toread) >[2016/04/14 10:01:46.426163, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.426171, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) > size=37 > smb_com=0xc2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=6392 > smb_pid=65279 > smb_uid=59137 > smb_mid=49216 > smt_wct=1 > smb_vwv[ 0]=18935 (0x49F7) > smb_bcc=0 >[2016/04/14 10:01:46.426204, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) >[2016/04/14 10:01:46.426215, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBsplclose (pid 12849) conn 0x81d5a330 >[2016/04/14 10:01:46.426227, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2016/04/14 10:01:46.426239, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/reply.c:5833(reply_printclose) > printclose fd=41 fnum 18935 >[2016/04/14 10:01:46.426261, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000023-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.426296, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:348(find_policy_by_hnd_internal) > Policy not found: [0000] 00 00 00 00 23 00 00 00 00 00 00 00 0F 57 32 1D ....#... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.426329, 2, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:344(find_printer_index_by_hnd) > find_printer_index_by_hnd: Printer handle not found: Policy not found: [0000] 00 00 00 00 23 00 00 00 00 00 00 00 0F 57 32 1D ....#... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.426361, 2, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:344(find_printer_index_by_hnd) > find_printer_index_by_hnd: Printer handle not found: close_printer_handle: Invalid handle (OURS:12849:12849) >[2016/04/14 10:01:46.426379, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/printspoolss.c:326(print_spool_end) > Failed to close printer Print [NT code 0x1c00001a] >[2016/04/14 10:01:46.426397, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.426413, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/04/14 10:01:46.426428, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 7C16796C >[2016/04/14 10:01:46.426442, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x81d5b508 >[2016/04/14 10:01:46.426460, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 7C16796C >[2016/04/14 10:01:46.426472, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.426483, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/14 10:01:46.426498, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:554(file_free) > freed files structure 18935 (0 used) >[2016/04/14 10:01:46.426509, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.426517, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) > size=35 > smb_com=0xc2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51207 > smb_tid=6392 > smb_pid=65279 > smb_uid=59137 > smb_mid=49216 > smt_wct=0 > smb_bcc=0 >[2016/04/14 10:01:46.426547, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) >[2016/04/14 10:01:46.427029, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 60 >[2016/04/14 10:01:46.427060, 6, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x3c >[2016/04/14 10:01:46.427076, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 12 of length 64 (0 toread) >[2016/04/14 10:01:46.427097, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:171(show_msg) >[2016/04/14 10:01:46.427106, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/util.c:181(show_msg) > size=60 > smb_com=0xc0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=6392 > smb_pid=5808 > smb_uid=59137 > smb_mid=49280 > smt_wct=2 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1 (0x1) > smb_bcc=21 >[2016/04/14 10:01:46.427142, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/util/util.c:559(dump_data) > [0000] 04 53 00 53 00 48 00 49 00 56 00 41 00 50 00 50 .S.S.H.I .V.A.P.P > [0010] 00 41 00 00 00 .A... >[2016/04/14 10:01:46.427179, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBsplopen (pid 12849) conn 0x81d5a330 >[2016/04/14 10:01:46.427192, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2016/04/14 10:01:46.427208, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.427220, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/04/14 10:01:46.427233, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 7C0D97F9 >[2016/04/14 10:01:46.427248, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x81d59038 >[2016/04/14 10:01:46.427259, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) > smbXsrv_open_global_verify_record: empty value >[2016/04/14 10:01:46.427292, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) > smbXsrv_open_global_store: key '7C0D97F9' stored >[2016/04/14 10:01:46.427306, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_open_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000001 (1) > info : union smbXsrv_open_globalU(case 0) > info0 : * > info0: struct smbXsrv_open_global0 > db_rec : * > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > open_global_id : 0x7c0d97f9 (2081265657) > open_persistent_id : 0x000000007c0d97f9 (2081265657) > open_volatile_id : 0x000000000000065b (1627) > open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 > open_time : Thu Apr 14 10:01:46 AM 2016 IST > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 >[2016/04/14 10:01:46.427426, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 7C0D97F9 >[2016/04/14 10:01:46.427440, 5, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /usr/local/samba/var/lock/smbXsrv_open_global.tdb >[2016/04/14 10:01:46.427450, 10, pid=12849, effective(99, 99), real(99, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/14 10:01:46.427462, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) > smbXsrv_open_create: global_id (0x7c0d97f9) stored >[2016/04/14 10:01:46.427472, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &open_blob: struct smbXsrv_openB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_openU(case 0) > info0 : * > info0: struct smbXsrv_open > table : * > db_rec : NULL > local_id : 0x0000065b (1627) > global : * > global: struct smbXsrv_open_global0 > db_rec : NULL > server_id: struct server_id > pid : 0x0000000000003231 (12849) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x67994761415eb6ee (7465076340377433838) > open_global_id : 0x7c0d97f9 (2081265657) > open_persistent_id : 0x000000007c0d97f9 (2081265657) > open_volatile_id : 0x000000000000065b (1627) > open_owner : S-1-5-21-4169439650-4212734061-2710409060-501 > open_time : Thu Apr 14 10:01:46 AM 2016 IST > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 > status : NT_STATUS_OK > idle_time : Thu Apr 14 10:01:46 AM 2016 IST > compat : NULL > flags : 0x00 (0) > 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE > 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE > create_action : 0x00000000 (0) >[2016/04/14 10:01:46.427648, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/files.c:128(file_new) > allocated file structure fnum 1627 (1 used) >[2016/04/14 10:01:46.427702, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection spoolss >[2016/04/14 10:01:46.427725, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:1072(rpc_pipe_open_interface) > Connecting to spoolss pipe. >[2016/04/14 10:01:46.427744, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested spoolss >[2016/04/14 10:01:46.427758, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe spoolss >[2016/04/14 10:01:46.427770, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss >[2016/04/14 10:01:46.427803, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe spoolss >[2016/04/14 10:01:46.427831, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_OpenPrinter: struct spoolss_OpenPrinter > in: struct spoolss_OpenPrinter > printername : * > printername : 'Print' > datatype : * > datatype : 'RAW' > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000008 (8) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 1: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ >[2016/04/14 10:01:46.427896, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 >[2016/04/14 10:01:46.427910, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(59137) : conn_ctx_stack_ndx = 0 >[2016/04/14 10:01:46.427921, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/04/14 10:01:46.427931, 5, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/14 10:01:46.427945, 5, pid=12849, effective(99, 99), real(99, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/14 10:01:46.427973, 5, pid=12849, effective(0, 0), real(0, 0)] ../source3/smbd/server_reload.c:75(delete_and_reload_printers) > skipping printer reload, already up to date. >[2016/04/14 10:01:46.427989, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 > checking name: Print >[2016/04/14 10:01:46.428002, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:735(open_printer_hnd) > open_printer_hnd: name [Print] >[2016/04/14 10:01:46.428014, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 0F 57 32 1D ....9... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.428045, 3, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:507(set_printer_hnd_printertype) > Setting printer type=Print > Printer is a printer >[2016/04/14 10:01:46.428058, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:567(set_printer_hnd_name) > Setting printer name=Print (len=5) > searching for [Print] >[2016/04/14 10:01:46.428080, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) > Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Thu Jan 1 05:30:00 AM 1970 IST] (-1460608306 seconds in the past) >[2016/04/14 10:01:46.428147, 10, pid=12849, effective(99, 99), real(99, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) > Adding cache entry with key=[PRINTERNAME/Print] and timeout=[Fri Jan 16 10:49:41 PM 1970 IST] (-1459249925 seconds in the past) > set_printer_hnd_name: Printer found: Print -> Print >[2016/04/14 10:01:46.428213, 5, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:771(open_printer_hnd) > 1 printer handles active >[2016/04/14 10:01:46.428226, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 0F 57 32 1D ....9... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.428257, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 0F 57 32 1D ....9... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.428287, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) > short name:Print >[2016/04/14 10:01:46.428306, 3, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/access.c:338(allow_access) > Allowed connection from 10.188.101.162 (10.188.101.162) >[2016/04/14 10:01:46.428345, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/smbd/share_access.c:237(user_ok_token) > user_ok_token: share Print is ok for unix user nobody >[2016/04/14 10:01:46.428371, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.428385, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.428396, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.428433, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.428456, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.428509, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.428521, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.428533, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.428544, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.428555, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.428564, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.428594, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.428618, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.428632, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 0F 57 32 1D ....:... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.428665, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003a-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.428724, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003a-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.428832, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 0F 57 32 1D ....:... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.428867, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.428879, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.428891, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.428901, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.428912, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.428922, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.428954, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.428978, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.428991, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.429003, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.429013, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.429025, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.429034, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.429061, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.429084, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.429096, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.429108, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.429123, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.429135, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.429145, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.429175, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.429200, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.429212, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.429224, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.429234, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.429247, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.429256, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.429294, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.429308, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.429320, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.429330, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.429344, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.429353, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.429380, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.429393, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.429405, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.429419, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.429433, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.429443, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.429468, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.429492, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.429504, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.429516, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.429526, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.429540, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.429550, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.429571, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.429594, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.429607, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.429619, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.429632, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.429643, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.429654, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.429665, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.429677, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 0F 57 32 1D ....;... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.429711, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003b-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.429770, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003b-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.429852, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 0F 57 32 1D ....;... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.429884, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.429895, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.429906, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.429918, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.429941, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.429955, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/04/14 10:01:46.430020, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003b-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.430110, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 0F 57 32 1D ....;... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.430142, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.430153, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.430173, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x000000b0 (176) > result : WERR_OK >[2016/04/14 10:01:46.430964, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003b-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.431000, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 0F 57 32 1D ....;... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.431034, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 0F 57 32 1D ....;... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.431066, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.431077, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.431088, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.431135, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003a-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.431175, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 0F 57 32 1D ....:... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.431207, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 0F 57 32 1D ....:... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.431237, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.431248, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.431258, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.431306, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.431322, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x20020008 to 0x00020008 >[2016/04/14 10:01:46.431333, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.431343, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.431352, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.431362, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x100f000c to 0x000f000c >[2016/04/14 10:01:46.431372, 4, pid=12849, effective(99, 99), real(99, 0)] ../source3/printing/nt_printing.c:1870(print_access_check) > access check was SUCCESS >[2016/04/14 10:01:46.431383, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1922(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2016/04/14 10:01:46.431402, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.431416, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.431427, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.431460, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.431480, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.431532, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.431544, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.431556, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.431566, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.431577, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.431591, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.431621, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.431644, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.431658, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 0F 57 32 1D ....<... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.431691, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003c-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.431746, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003c-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.431848, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 0F 57 32 1D ....<... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.431882, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.431893, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.431905, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.431915, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.431926, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.431940, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.431971, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.431995, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.432008, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.432020, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.432030, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.432042, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.432051, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.432077, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.432100, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.432113, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.432124, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.432135, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.432147, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.432156, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.432189, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.432212, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.432225, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.432236, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.432246, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.432262, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.432272, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.432311, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.432324, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.432336, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.432347, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.432360, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.432370, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.432396, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.432409, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.432420, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.432431, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.432444, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.432454, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.432478, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.432502, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.432514, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.432525, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.432536, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.432550, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.432563, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.432585, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.432608, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.432622, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.432633, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.432646, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.432657, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.432668, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.432680, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.432691, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 0F 57 32 1D ....=... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.432723, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.432769, 2, pid=12849, effective(99, 99), real(99, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print already exists >[2016/04/14 10:01:46.432789, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.432822, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 0F 57 32 1D ....=... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.432855, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 0F 57 32 1D ....=... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.432891, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.432902, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/14 10:01:46.432913, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.432961, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003c-0000-0000-0f57-321d31320000 >[2016/04/14 10:01:46.432994, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 0F 57 32 1D ....<... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.433026, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 0F 57 32 1D ....<... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.433057, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd) > Closed policy >[2016/04/14 10:01:46.433068, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/14 10:01:46.433078, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/14 10:01:46.433121, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/14 10:01:46.433136, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_OpenPrinter: struct spoolss_OpenPrinter > out: struct spoolss_OpenPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000039-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.433201, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_StartDocPrinter: struct spoolss_StartDocPrinter > in: struct spoolss_StartDocPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000039-0000-0000-0f57-321d31320000 > info_ctr : * > info_ctr: struct spoolss_DocumentInfoCtr > level : 0x00000001 (1) > info : union spoolss_DocumentInfo(case 1) > info1 : * > info1: struct spoolss_DocumentInfo1 > document_name : * > document_name : 'Remote Downlevel Document' > output_file : * > output_file : '/var/spool/samba//smbprn.Smztfk' > datatype : * > datatype : 'RAW' >[2016/04/14 10:01:46.433294, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 0F 57 32 1D ....9... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.433327, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 0F 57 32 1D ....9... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.433358, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) > short name:Print >[2016/04/14 10:01:46.433388, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/04/14 10:01:46.433403, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/14 10:01:46.433414, 10, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/14 10:01:46.433447, 4, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/04/14 10:01:46.433468, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.433525, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/14 10:01:46.433537, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/14 10:01:46.433549, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/14 10:01:46.433559, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/14 10:01:46.433570, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.433579, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM] >[2016/04/14 10:01:46.433612, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/14 10:01:46.433635, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.433649, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 0F 57 32 1D ....>... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.433682, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003e-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.433739, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003e-0000-0000-0f57-321d31320000 > keyname: struct winreg_String > name_len : 0x0084 (132) > name_size : 0x0084 (132) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/14 10:01:46.433842, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 0F 57 32 1D ....>... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.433875, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/04/14 10:01:46.433886, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/14 10:01:46.433898, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.433908, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.433920, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.433933, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE] >[2016/04/14 10:01:46.433965, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2016/04/14 10:01:46.433988, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/04/14 10:01:46.434001, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/14 10:01:46.434012, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.434023, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.434035, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.434044, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.434070, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2016/04/14 10:01:46.434093, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/04/14 10:01:46.434105, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/04/14 10:01:46.434117, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.434127, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.434139, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.434149, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.434178, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/04/14 10:01:46.434202, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/04/14 10:01:46.434214, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/04/14 10:01:46.434226, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.434236, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.434248, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.434261, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/04/14 10:01:46.434300, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.434313, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/04/14 10:01:46.434325, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.434336, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.434349, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.434359, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb76e2e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/04/14 10:01:46.434386, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/04/14 10:01:46.434399, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/04/14 10:01:46.434410, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.434421, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.434434, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.434444, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.434468, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/04/14 10:01:46.434491, 7, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/04/14 10:01:46.434503, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/04/14 10:01:46.434515, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.434525, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.434539, 10, pid=12849, effective(99, 99), real(99, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/14 10:01:46.434552, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xb733e0e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.434573, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.434596, 10, pid=12849, effective(99, 99), real(99, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/14 10:01:46.434610, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/04/14 10:01:46.434621, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/04/14 10:01:46.434633, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/04/14 10:01:46.434644, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/04/14 10:01:46.434656, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/04/14 10:01:46.434667, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/14 10:01:46.434678, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 0F 57 32 1D ....?... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.434710, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003f-0000-0000-0f57-321d31320000 > result : WERR_OK >[2016/04/14 10:01:46.434767, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003f-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.434849, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 0F 57 32 1D ....?... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.434885, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.434896, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.434907, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print' (ops 0xb733e0e0) >[2016/04/14 10:01:46.434918, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.434941, 10, pid=12849, effective(99, 99), real(99, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[176] >[2016/04/14 10:01:46.434955, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/04/14 10:01:46.435021, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003f-0000-0000-0f57-321d31320000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) >[2016/04/14 10:01:46.435107, 6, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 0F 57 32 1D ....?... .....W2. > [0010] 31 32 00 00 12.. >[2016/04/14 10:01:46.435139, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Print] >[2016/04/14 10:01:46.435149, 7, pid=12849, effective(99, 99), real(99, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/14 10:01:46.435168, 1, pid=12849, effective(99, 99), real(99, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) >