Friday, 27 September 2013

What is Thumbs.db:encryptable

I have got more number of Thumbs.db:encryptable files in my network share folder. I have never seen before the file like this. so I though it might be the virus file. after I have googled, got the following useful information and links to know about Thumbs.db:encryptable.

If you insist. Just google thumbs.db:encryptable and you'll see it's a problem that exists between winblows and network folders.

There are solutions here: http://social.technet.microsoft.com/Forums/windows/en-US/fbc49141-96b3-4350-870a-5b74dcf59c20/how-to-disable-thumbsdb-files-generation-on-network-folders

 http://www.velocityreviews.com/forums/t203524-thumbs-db-encryptable-data.html

http://www.experts-exchange.com/Other/Miscellaneous/Q_21360103.html


Related Articles:
What is tmp.edb file
What is .tmp file
What is the Windows desktop.ini file
What is DfsrPrivate folder
What is :Zone.Identifier
What is the thumbs.db file


Thanks,
Morgan
Software Developer

Account Lockout Policy in Active Directory

    The Account Lockout Policy in Active Directory is an important security setting. You must have come across the situation that your Active Directory user account get locked many times if the number of invalid password attempts reaches the maximum count (Account lockout threshold) and if you have tried to login in that time you won't be allowed to login up to certain time period (Account lockout duration) or until your account get unlocked manually by your system administrator. In this article, I am going to explain the three settings which exists in Account Lockout Policy

    - Account lockout duration
    - Account lockout threshold
    - Reset account lockout counter after

Account Lockout Policy Settings

First, for those who are unfamiliar, the Account Lockout Policy can be found in any Group Policy Object in Active Directory. However, it’s usually best set in the Default Domain Policy.

 Open the GPO Default Domain Policy and navigate to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Account Lockout Policy.

You could see following window by Default. Yes, By default  Account Lockout Policy is not configured in Default Domain Policy.

 Account Lockout Policy in Active Directory

Account lockout duration:
   This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator explicitly unlocks it. If an account lockout threshold is defined, the account lockout duration must be greater than or equal to the reset time.

Default: None, because this policy setting only has meaning when an Account lockout threshold is specified.

Once an account is locked out, the “Account lockout duration” is length of time the account will be locked out until resetting. If set to “0″ the lockout status will not automatically reset and an administrator will need to unlock the account manually.


Account lockout threshold:
  This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed logon attempts. If you set the value to 0, the account will never be locked out. Failed password attempts against workstations or member servers that have been locked using either CTRL+ALT+DELETE or password-protected screen savers count as failed logon attempts.

Default: 0.

The “Account lockout threshold” determines how many failed logon attempts will result in a locked account. It works in connection with the “Reset account lockout counter after” setting. If the value specified for “Account lockout threshold” is met before the counter resets, the account is locked out.

Reset account lockout counter after:
  This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes. If an account lockout threshold is defined, this reset time must be less than or equal to the Account lockout duration. Default: None, because this policy setting only has meaning when an Account lockout threshold is specified.

This is the trickiest setting in the account lockout policy. One way to interpret this setting is that there is a window of time and in that window of time you can have (x) amount of failed logons before your account is locked out. However, that’s NOT how this setting works. This setting specifies the amount of time BETWEEN failed logon attempts. If you attempt to logon to an account with the wrong password, the "badPwdCount" attribute for your account is incremented by 1. This starts the clock. If the clock reaches the value specified in the "Reset account lockout counter after" setting, then the process starts from scratch. If another failed logon attempt is recorded before the "Reset account lockout counter after" setting is reached, then the "badPwdCount" attribute is incremented (again) by 1. If the badPwdCount attribute reaches the value specified for the “Account lockout threshold” the account will be locked.

Again, the important takeaway for this counter is that it’s counting BETWEEN failed logon attempts. And because of this, you should seriously consider setting this value to it’s lowest setting of 1 minute. That is assuming you ultimately decide to implement the account lockout policy. More on that in a moment.

Example Account Lockout Policy Scenario

   Account lockout duration: 5 minutes
   Account lockout threshold: 50 invalid logon attempts
   Reset account lockout counter after: 1 minutes

Let’s walk through this. If a brute force attack against your Active Directory domain is underway, it will require 50 failed logon attempts without more than a minute between each failed logon attempt to lock an account. As you can see, that would thwart ANY effective brute force attack. Sure, the attack could be slowed down enough not to trip this example account lockout policy, but who would do that, and to what end? If you have a strong enough password policy in place, there’s no way a massively slowed down brute force attack would bear fruit for a potential hacker. There would be no reason to even try. And that assumes the hacker even knows what your account lockout policy is set to in the first place.

In this example I specified a “lockout duration” of 5 minutes. This is the length of time an account will be locked out once the lockout policy is tripped. The default is 30 minutes, and I think that’s way too high. If your lockout policy does trip for non-malicious reasons, why lockout the user for a half hour? There’s certainly no reason to lockout an account that long to impede a brute force attack. A setting of 5 minutes seems reasonable. Again, we are n’t trying to increase help desk calls with this policy.

So if your company demands you implement an account lockout policy, I would seriously consider the settings in the above example as a good starting point. With 50 invalid logon attempts required to lockout an account, the lockout policy is unlikely to be tripped unless an actual brute force attack is underway.

Thanks,
Morgan
Software Developer

Thursday, 26 September 2013

What is tmp.edb file

This article is explaining about what is tmp.edb file and whether we can delete tmp edb file or not?

Below is all the information we have available on file about the .tmp.edb  file type.

tmp edb file is nothing but the Extensible Storage Engine temporary database file.
Microsoft's Extensible Storage Engine (ESE) uses the file extension .tmp.edb to denote a temporary database. A temporary database is used for storing templates and when creating indices.

The following link provides further information related to the .tmp.edb file extension:

http://msdn.microsoft.com/enus/library/gg294069(v=EXCHG.10).aspx#ExtensibleStorageEngineFiles_TemporaryDatabases - ESE Temporary Databases.

Can I delete tmp edb file

     It is not recommended to delete this file since it will maintains temporary log files, you might lose some useful information on deleting this tmp.edb file. you may noticed some of the Antivirus software products treat this tmp.edb file as virus. don't panic, ignore that suggestions.


Related Articles:
What is Thumbs.db:encryptable
What is .tmp file
What is the Windows desktop.ini file
What is DfsrPrivate folder
What is :Zone.Identifier
What is the thumbs.db file

Thanks
Morgan
Software Developer

Wednesday, 25 September 2013

How to add Start menu in windows 8

     This article lists the some third party utility tools to add or bring back the Start menu and button to Windows 8. Microsoft is committed to having everyone use the Start screen instead of the Start button and start menu found in previous versions of Windows and therefore has no setting to enable or disable the start button. However, there are a few things that can be done to mimic the Windows Start button. Try one or all of the below tools to see what works best for you.

Download Classic Shell

   The Classic Shell is a free and open source software tool to add the start menu and many other previous Windows features to Windows 8. Classic Shell is a collection of usability enhancements for Windows.

The main features are:

    - Highly customizable start menu with multiple styles and skins
    - Start button for Windows 7 and Windows 8
    - Toolbar and status bar for Windows Explorer
    - Caption and status bar for Internet Explorer

Download StartIsBack

    If you want a Windows 8 Start menu replacement that looks exactly like Windows 7, StartIsBack is for you. You get the same Start button orb icon, the same Start menu search box, the same jump lists, and — for better or worse — even the same Aero transparency! As you can see in the screenshot above, StartIsBack even detects if your system needs to restart to apply some patches; it really is just like the Windows 7 Start menu.


   Where StartIsBack diverges from the Windows 7 Start menu, though, is configurability: StartIsBack is fully customizable, and includes a handful of useful Windows 8-specific features, too. You can configure which hot corners are enabled, make your PC jump straight to the Desktop when it first boots up, and configure a key combo to show the Windows 8 Start screen (Win+Ctrl by default). If Start menu and taskbar transparency aren’t your thing, StartIsBack lets you disable it — and you can change the Start button orb icon, too. If you want a Windows 8 Start menu replacement that feels just like Windows 7, StartIsBack is for you.

Download StartMenu8

   Start Menu 8 is specially designed for Windows 8. It offers a perfect solution for users who work with Windows Start Menu all the time and are not accustomed to the new Metro start screen in Windows 8. This smart tool brings back both the Windows 8 start button and Windows 8 Start Menu, and offers the option to skip Metro start page, allowing users who only work on desktop to boot to Windows 8 desktop directly. It's the best Windows 8 start menu replacement.


Download ViStart 8

    Enhance your windows start menu with Vistart 8. With cool custom start menu skins like the windows 8 start menu metro skin, start menu buttons and lot's of extra features. The ultimate start menu for Windows 8 and compatible with Windows 7, Vista and XP you can download for free. So get your start menu back in windows 8 or replace your start menu in windows 7, Vist or XP.

Download Start8

The main features are:
   - Add the best Windows 8 start menu to your desktop
   - Windows 7-styled start menu enhanced for Windows 8
   - Pin Modern applications to the Windows 8 start menu
   - Boot directly to the Windows 8 desktop


Thanks,
Morgan
Software Developer

Thursday, 19 September 2013

How to Delete/Remove a Windows Service

Delete a Windows Service:

This article is explaining about how to Delete or Remove a Windows Service manually. Recently, I was trying to delete a windows service. Normally it should not be necessary to manually delete a service. Uninstalling an application should remove its associated service . However, I installed some beta products and a service created by one of the applications was not removed automatically.

Here, I have listed the possible solutions to delete windows service.

Summary:

  1. Remove/Delete a Windows Service via Registry
  2. Remove/Delete a Windows Service via SC command

Remove/Delete Windows Service via Registry

 Its very easy to remove a service from registry if you know the right path. Here is how I did that:

1. Run Regedit or Regedt32

Delete Windows Service


2. Go to the registry entry "HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services"

3. Look for the service that you want delete and delete it. You can look at the keys to know what files the service was using and delete them as well (if necessary).

Delete Windows Service via Registry


Delete/Remove Windows Service manually via SC Command

Alternatively, you can also use command prompt and delete a service using following command:
sc delete [SERVICE name]
You can also create service by using following command
sc create "MorganTechService" binpath= "C:\Program Files\MorganTechSPace\myservice.exe"
Note: You may have to reboot the system to get the list updated in service manager.

Note : This article is applies to Windows Server 2003, Windows Server 2008,Windows Server 2008 R2, Windows Server 2012, Windows 7 and Windows 8.


Thanks,
Morgan
Software Developer

Wednesday, 18 September 2013

How to get list of all domain controllers in C#

In this article I am going write C# code examples to get list of  Domain Controllers in Active Directory using C#. We can get Domain Controllers list using C# in different ways. Here I have given three different examples.

Get List of Domain Controllers in C# using Directory Searcher class


     private static void GetListOfDomainControllersByDirectorySearcher()
        {
            try
            {
                DirectoryEntry domainEntry = new DirectoryEntry("LDAP://DC=Work2008,DC=local", "Administrator", "password");
                DirectorySearcher searcher = new DirectorySearcher(domainEntry);

                searcher.Filter = "(&(objectCategory=computer)(objectClass=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))";

                searcher.PropertiesToLoad.AddRange(new string[] { "name", "operatingsystem" });

                foreach (SearchResult result in searcher.FindAll())
                {
                    Console.WriteLine("Name: " + result.Properties["name"][0].ToString());
                    Console.WriteLine("Operating Systme: " + result.Properties["operatingsystem"][0].ToString());
                }
            }
            catch (Exception ex)
            {
        
            }
        }


Get List of Domain Controllers in C# using Domain class


     private static void GetListOfDomainControllers()
        {
            try
            {
                Domain domain = Domain.GetCurrentDomain();

                foreach (DomainController dc in domain.DomainControllers)
                {
                    Console.WriteLine("Name: " + dc.Name);
                    Console.WriteLine("Operating Systme: " + dc.OSVersion);
                    Console.WriteLine("IP Address: " + dc.IPAddress);
                    Console.WriteLine("Site Name: " + dc.SiteName);
                }
            }
            catch (Exception ex)
            {
            }
        } 


Get All discoverable Domain Controllers in C# using Domain class


     private static void GetListOfDiscoverableDomainControllers()
        {
            try
            {
                Domain domain = Domain.GetCurrentDomain();

               //Finds all of the discoverable domain controllers in this domain.

                foreach (DomainController dc in domain.FindAllDiscoverableDomainControllers())
                {
                    Console.WriteLine("Name: " + dc.Name);
                    Console.WriteLine("Operating Systme: " + dc.OSVersion);
                    Console.WriteLine("IP Address: " + dc.IPAddress);
                    Console.WriteLine("Site Name: " + dc.SiteName);
                }
            }
            catch (Exception ex)
            {
            }
        }


Note: For better performance use Directory Searcher class method to get list Domain Controllers in C# instead of Domain class.

Related Articles:

Active Directory Attribute mapping with Friendly name - user
Active Directory Search Filter Examples
Create new Active Directory User in C#
Remote Group Policy update using gpupdate in C#
Restore a deleted Active Directory object using C#
Active Directory search filter by ObjectGuid 

Thanks,
Morgan
Software Developer

Thursday, 12 September 2013

How to change user credentials for TFS in Visual Studio 2010


This article is explaining about how to change or clear credentials which are used to connect Team Foundation Server from Visual Studio 2010 and Visual Studio 2012.

TFS credentials

    When you connect TFS from Visual Studio you will be asked to give user credential to connect. If you checked the option Remember my credentials while connecting TFS, you won't be asked credentials again to connect TFS. In that case, if you wanted to change different credentials to connect TFS. you need to follow below solution to force Visual Studio to ask new credentials to connect TFS.

   
Revert TFS credentials in Visual Studio


Force to change TFS credentials in Visual Studio

     You need to remove TFS credentials from Windows Vault to clear and force to ask new TFS credentials in Visual Studio

      1. Go to Control Panel (Start -> Control Panel).

      2. Click User Accounts ( or User Accounts and Family Safety->User Accounts in Windows 7 Machine)

      3. Click Credential Manager (or Manage your credentials)
 
Remove TFS user credentials in Visual Studio
 
     4. In Credential Manager page, you can see the two type of credentials

           i. Windows Credentials
           ii. Generic Credentials

     5. Click on two credential's modify link,  click the link Remove from vault to remove stored TFS credentials.

Now, When you login into Visual Studio you will be asked to give credentials to connect TFS.

Note: Don't forgot to uncheck the option Remember my credentials to force to ask credentials for every TFS connections.


Thanks,
Morgan
Software Developer

Tuesday, 10 September 2013

Show balloon tooltip c#

     
  In this article, I am going to write and explain C# code example to create Balloon Tool tip in Task bar notification region by using C# and Windows Form Application.

 1. Create the New Windows Form Application
 2. Add Button control, generate click event for this button
 3. Replace the following code example.

You can download source files and binaries from following links  Download exe | Download source


using System;
using System.ComponentModel;
using System.Drawing;
using System.IO;
using System.Reflection;
using System.Windows.Forms;

namespace ShowToolTip
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void btBallonToolTip_Click(object sender, EventArgs e)
        {
            ShowBalloonTip();
            this.Hide();
        }

        private void ShowBalloonTip()
        {
            Container bpcomponents = new Container();
            ContextMenu contextMenu1 = new ContextMenu();

            MenuItem runMenu = new MenuItem();
            runMenu.Index = 1;
            runMenu.Text = "Run...";
            runMenu.Click += new EventHandler(runMenu_Click);

            MenuItem breakMenu = new MenuItem();
            breakMenu.Index = 2;
            breakMenu.Text = "-------------";

            MenuItem exitMenu = new MenuItem();
            exitMenu.Index = 3;
            exitMenu.Text = "E&xit";

            exitMenu.Click += new EventHandler(exitMenu_Click);

            // Initialize contextMenu1
            contextMenu1.MenuItems.AddRange(
                        new System.Windows.Forms.MenuItem[] { runMenu, breakMenu, exitMenu });

            // Initialize menuItem1

            this.ClientSize = new System.Drawing.Size(0, 0);
            this.Text = "Ballon Tootip Example";

            // Create the NotifyIcon.
            NotifyIcon notifyIcon = new NotifyIcon(bpcomponents);

            // The Icon property sets the icon that will appear
            // in the systray for this application.
            string iconPath = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location) + @"\setup-icon.ico";
            notifyIcon.Icon = new Icon(iconPath);

            // The ContextMenu property sets the menu that will
            // appear when the systray icon is right clicked.
            notifyIcon.ContextMenu = contextMenu1;

            notifyIcon.Visible = true;

            // The Text property sets the text that will be displayed,
            // in a tooltip, when the mouse hovers over the systray icon.
            notifyIcon.Text = "Morgan Tech Space BallonTip Running...";
            notifyIcon.BalloonTipText = "Morgan Tech Space BallonTip Running...";
            notifyIcon.BalloonTipTitle = "Morgan Tech Space";
            notifyIcon.ShowBalloonTip(1000);
        }

        void exitMenu_Click(object sender, EventArgs e)
        {
            this.Close();
        }

        void runMenu_Click(object sender, EventArgs e)
        {
            MessageBox.Show("Morgan Tech Space BallonTip is Running....");
        }
    }
}



 4. Build the solution, and run the Project.
 5. Now, you will see the following window.


6. Click the button Show Balloon ToolTip.

7. Now, you can see the Tool Tip message alert in Task bar.

 


Related Articles:

Add or Remove programs using C# in Control Panel 
Get current time on a remote system using C# 
Convert DateTime to Ticks and Ticks to DateTime in C#
Convert Object To Byte Array and Byte Array to Object in C#
How to read data from csv file in c# 
Bulk Insert into SQL Server using SqlBulkCopy in C#
Import CSV File Into SQL Server Using SQL Bulk Copy


Thanks,
Morgan
Software Developer

Thursday, 5 September 2013

Add or Remove programs using C# in Control Panel

In this article, I am going to give steps and code examples to show an entry in Control Panel for installed application and code to remove installed application from Control Panel using C#.

Consider the two C# projects

    1. Setup (Console Application).
    2. MorganApp (Windows Form Application).

You can download source files and binaries from following links  Download exe | Download source

1. Setup (Console Application)- Add or Remove Control Panel programs using C#

   Create new C# Project as Console Application with the name Setup and replace the following code to Register application in Add /Remove programs.


using System;
using Microsoft.Win32;

namespace Setup
{
    class Program
    {
        static void Main(string[] args)
        {
            string appName = "MorganApp";
            string installLocation = @"C:\MorganTech";
            string displayIcon = @"C:\MorganTech\setup-icon.ico";
            string uninstallString = @"C:\MorganTech\MorganApp.exe";

            RegisterControlPanelProgram(appName,installLocation,displayIcon,uninstallString);

            Console.WriteLine("Application Installed Successfully....");
            Console.ReadLine();
        }

        public static void RegisterControlPanelProgram(string appName, string installLocation, string displayicon, string uninstallString)
        {
            try
            {
              string Install_Reg_Loc = @"Software\Microsoft\Windows\CurrentVersion\Uninstall";

              RegistryKey hKey = (Registry.LocalMachine).OpenSubKey(Install_Reg_Loc, true);

              RegistryKey appKey = hKey.CreateSubKey(appName);

              appKey.SetValue("DisplayName", (object)appName, RegistryValueKind.String);

              appKey.SetValue("Publisher",(object)"Morgan Tech Space",RegistryValueKind.String);

              appKey.SetValue("InstallLocation",
                       (object)installLocation, RegistryValueKind.ExpandString);

              appKey.SetValue("DisplayIcon", (object)displayicon, RegistryValueKind.String);

              appKey.SetValue("UninstallString",
                     (object)uninstallString, RegistryValueKind.ExpandString);

              appKey.SetValue("DisplayVersion", (object)"v1.0", RegistryValueKind.String);
            }
            catch (Exception e)
            {
                throw e;
            }
        }
    }
}

2. MorganApp (Windows Form Application)- Add or Remove Control Panel program in C#

   Create new C# Project as Windows Form Application with the name MorganApp.  Add a Button control and generate the click event for the same.

add-or-remove-program-in-C#

Now replace the following code to Remove application from Add /Remove programs.


using System;
using System.Windows.Forms;
using Microsoft.Win32;

namespace MorganApp
{
    public partial class MorganApp : Form
    {
        public MorganApp()
        {
            InitializeComponent();
        }

        private void btRemove_Click(object sender, EventArgs e)
        {
            RemoveControlPanelProgram("MorganApp");
            MessageBox.Show("Application Removed Successfully", "Morgan App");
            this.Close();
        }

        public static void RemoveControlPanelProgram(string apllicationName)
        {
            string InstallerRegLoc = @"Software\Microsoft\Windows\CurrentVersion\Uninstall";
            RegistryKey homeKey = (Registry.LocalMachine).OpenSubKey(InstallerRegLoc, true);
            RegistryKey appSubKey = homeKey.OpenSubKey(apllicationName);
            if (null != appSubKey)
            {
                homeKey.DeleteSubKey(apllicationName);
            }
        }
    }
}


Now follow the below steps to test the sample code.

   1. Build the two projects separately.
Add or Remove control panel programs in C#


   2. Create the folder MorganTech in C# drive. (you can create folder in whatever the location you want and change the install location in the above code correspondingly)

   3. Copy the two exe files Setup.exe and MorganApp.exe from configuration path ( i-\\...Setup\bin\Release, ii-.\\..MorganApp\bin\Release). to the folder MorganTech

   4. Ensure the icon file which you are going to give for control panel program is exist or not. in this case I have placed the icon file setup-icon.ico.

Add or Remove control panel items in C#

    5. Run the Setup.exe, now you have successfully registered this program in Add/Remove control panel items. see the below image
     
Add or Remove control panel application in C#

 6. Click UnInsall/Change button to remove this program from control panel. You will see the below window. then click Remove button to complete process.

Add or Remove programs using C#

Related Articles:

Show balloon tooltip c#
Get current time on a remote system using C# 
Convert DateTime to Ticks and Ticks to DateTime in C#
Convert Object To Byte Array and Byte Array to Object in C#
How to read data from csv file in c# 
Bulk Insert into SQL Server using SqlBulkCopy in C#
Import CSV File Into SQL Server Using SQL Bulk Copy


Thanks,
Morgan
Software Developer
 

Wednesday, 4 September 2013

Event ID 5156 Filtering Platform Connection - Repeated security log

 I have seen more number of  logs with the Event ID 5156 while working with File System Auditing where this event is being repeatedly logged on my server 2008 R2 machine.

See the event in this picture

Event 5156 Repeated log

After I have analyzed for the reason of Event ID 5156 is being repeatedly logged,  found the below solutions to stop the Event ID 5156 from being logged continuously 

Event ID 5156 should occur if the Success or Failure audit was enabled for Filtering Platform Connection in Advanced Audit Policy Configuration setting which is available from Windows 2008 R2 and later versions.

Category: Object Access
Subcategory: Filtering Platform Connection

You will get the following Event IDs if  the Filtering Platform Connection is enabled. 

   5031 - The Windows Firewall Service blocked an application from accepting incoming connections on the network.
   5154 - The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.
   5155 - The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.
   5156 - The Windows Filtering Platform has allowed a connection
   5157 - The Windows Filtering Platform has blocked a connection
   5158 - The Windows Filtering Platform has permitted a bind to a local port.
   5159 -The Windows Filtering Platform has blocked a bind to a local port.

We should disable the audit policy setting Filtering Platform Connection in Advanced Audit Policy Configuration to stop this event. We can do it in the following ways.

Possible Solution: 1- using Auditpol exe

    If you would like to get rid of this Filtering Platform Connection event 5156 then you need to run the following commands in an elevated command prompt (Run As Administrator):

    Auditpol /set /subcategory:"Filtering Platform Connection" /Success:disable

Then update gpo by this command

    gpupdate /force

Possible Solution: 2 - using Local Security Policy

    You can also disable Filtering Platform Connection in Advanced Audit Policy Configuration of Local Security Policy.

    1. Press the key Windows + R
    2. Type command secpol.msc, click OK
    3. Then go to the node Advanced Audit Policy Configuration->Object Access.
    4. Check the audit setting Audit Filtering Platform Connection If it is configured as Success, you can   revert it Not Configured and Apply the setting.


Possible Solution: 3 - using Group Policy Object

    If the setting is inherited from any other GPO to Local Security Policy,You need to edit the specific GPO which is configured with the setting Audit Filtering Platform Connection. You can find the GPO by running Resultant Set of Policy. 
   
   1. Press the key Windows + R 
   
   2. Type command rsop.msc, click OK.
   
   3. Now you can the below result window. Then go to the node Computer Configuration ->Windows Settings ->Local Polices-> Audit Policy.


   4. Now, you can see the Source GPO of the setting Audit Object Access which is the root Setting for Audit Filtering Platform Connection.

    5. Then you can edit the Audit Filtering Platform Connection of corresponding GPO by running GPMC.msc command through Run window or command window.

    Note:You need run the command GPUpdate /force after every changes to apply group policy to system immediately.

Morgan
Software Developer