Home
Resources
Training
About Us
eStore
<a href="http://www.isdecisions.com/en/software/userlock/?xtor=SEC-230"><img src="http://www.isdecisions.com/images/pubs/Randy/userlock.gif" alt="UserLock" border="0" /></a>

>

resources > security log central > ebook > excerpts

 

 

 

 

 

 

 

Latest Blog: WinReporter 4.0 Makes It Easy to Assess Attack Surface

  

Excerpt from: The Windows Server 2003 Security Log Revealed

Audit Privilege Use

You can use the Privilege Use category to track the exercise of user rights. Microsoft uses the terms privilege, right, and permission inconsistently. In this case, privileges refer to the user rights you find in Local Security Policy under Security Settings\Local Policies\User Right Assignment, as Figure 10‑1 shows.
dasf
Figure 10‑1 User rights configuration

Event
ID

Type

Description

576

Success

Special privileges assigned to new logon

577

Success
Failure

Privileged service called

578

Success
Failure

Privileged object operation

Figure 10‑2 lists the three events in the Privilege Use category.

Event
ID

Type

Description

576

Success

Special privileges assigned to new logon

577

Success
Failure

Privileged service called

578

Success
Failure

Privileged object operation

Figure 10‑2 Privilege Use events

More information on this audit category is available in WinSecWiki

This is just a fraction of the wealth of information available only in Randy Franklin Smith's eBook, The Windows Server Security Log Revealed.

asdf

Additional Links

A
D
V

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.

Get Randy's Security Log Resource Kit

Sick of LimitLogin? Get UserLock for real logon control


Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2007 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

Site Map