Audit Non-Sensitive Privilege Use
Applies To: Windows 7, Windows Server 2008 R2
This security policy setting allows you to audit events generated by the use of non-sensitive privileges (user rights).
The following privileges are non-sensitive:
Access Credential Manager as a trusted caller
Access this computer from the network
Add workstations to domain
Adjust memory quotas for a process
Allow log on locally
Allow log on through Terminal Services
Bypass traverse checking
Change the system time
Create a page file
Create global objects
Create permanent shared objects
Create symbolic links
Deny access to this computer from the network
Deny log on as a batch job
Deny log on as a service
Deny log on locally
Deny log on through Terminal Services
Force shutdown from a remote system
Increase a process working set
Increase scheduling priority
Lock pages in memory
Log on as a batch job
Log on as a service
Modify an object label
Perform volume maintenance tasks
Profile single process
Profile system performance
Remove computer from docking station
Shut down the system
Synchronize directory service data
If you configure this policy setting, an audit event is generated when a non-sensitive privilege is called. Success audits record successful attempts, and failure audits record unsuccessful attempts.
Event volume: Very high
Default: Not configured
If this policy setting is configured, the following events are generated. The events appear on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.
| Event ID | Event message |
|---|---|
4672 |
Special privileges assigned to new logon. |
4673 |
A privileged service was called. |
4674 |
An operation was attempted on a privileged object. |