Windows Security Log Event ID 601
Operating Systems |
Windows 2003 and XP
|
Category | Process Tracking |
Type
|
Success
Failure
|
Corresponding events
in Windows
2008 and Vista |
4697
|
601: Attempt to install service
On this page
A new service was installed by the indicated user and domain.
Service Name: the internal system name of the new service.Use "sc query" to get a cross reference of service names and their more familiar display names.
Service Type:
Service Start Type:
Service Account: this is the account that the service runs under.
User Name and Domain identify the user who installed the service.
While this event only monitors new services, you can audit existing service related events such as starts, stops and modifications with the Object Access category. To enable auditing on a service you can use a Security Template or the subinacl (resource kit) command.
Free Security Log Resources by Randy
- Service Name:
- Service File Name:
- Service Type:
- Service Start Type:
- Service Account:
- User Name:
- Domain:
- Logon ID:
Setup PowerShell Audit Log Forwarding in 4 Minutes