Windows Security Log Events by ID: Event ID 601

Windows Security Log Events by ID

look up more events by Event ID or Category

Event ID

601

Title

Attempt to install service

Type:

Example:

Randy's Comments:

Success
Failure

OS:

Windows 2003

Category:

Detailed Tracking

Attempt to install service:
Service Name:SNMPTRAP
Service File Name:%SystemRoot%\system32\snmptrap.exe
Service Type:16
Service Start Type:3
Service Account:NT AUTHORITY\LocalService
By:
User Name:administrator
Domain:ELM
Logon ID:(0x0,0x158EB7)

A new service was installed by the indicated user and domain.

Service Name: the internal system name of the new service.Use "sc query" to get a cross reference of service names and their more familiar display names.

Service Type:

Service Start Type:

Service Account: this is the account that the service runs under.

User Name and Domain identify the user who installed the service.

While this event only monitors new services, you can audit existing service related events such as starts, stops and modifications with the Object Access category. To enable auditing on a service you can use a Security Template or the subinacl (resource kit) command.

Windows Security Log Events by ID

601

Attempt to install service

Upcoming Webinars by Randy Franklin Smith

Additional Links