WinSecWiki > Security Settings > Local Policies > User Rights > Tracking Rights

Tracking User Rights with the Security Log

You can detect when an account with any admin rights logs on by looking for event ID 576/4674 in the security log.

You can detect changes in assignments of most rights using event IDs 608/4704 and 609/4705 in the security log. These 2 events do not track assignments or revocations of logon rights. To track changes in assignment of logon rights look for event IDs 621/4717 and 622/4718.

Upcoming Webinars

Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

User Rights

•	Logon Rights
•	Admin Equivalent Rights
•	Tracking Rights
•	User Rights In-Depth

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.