deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-13 17:43:21 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/keep-secure/audit-non-sensitive-privilege-use.md
Brian Lich e9d723e3c5 adding ms.pagetype back
2016-05-10 12:12:23 -07:00

2.8 KiB
Raw Blame History

title, description, ms.assetid, ms.pagetype, ms.prod, ms.mktglfcycl, ms.sitesec, author
title description ms.assetid ms.pagetype ms.prod ms.mktglfcycl ms.sitesec author
Audit Non-Sensitive Privilege Use (Windows 10) This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used. 8fd74783-1059-443e-aa86-566d78606627 security W10 deploy library brianlic-msft

Audit Non-Sensitive Privilege Use

Applies to

  • Windows 10 This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used. The following privileges are non-sensitive:
  • Access Credential Manager as a trusted caller
  • Access this computer from the network
  • Add workstations to domain
  • Adjust memory quotas for a process
  • Allow log on locally
  • Allow log on through Terminal Services
  • Bypass traverse checking
  • Change the system time
  • Create a page file
  • Create global objects
  • Create permanent shared objects
  • Create symbolic links
  • Deny access to this computer from the network
  • Deny log on as a batch job
  • Deny log on as a service
  • Deny log on locally
  • Deny log on through Terminal Services
  • Force shutdown from a remote system
  • Increase a process working set
  • Increase scheduling priority
  • Lock pages in memory
  • Log on as a batch job
  • Log on as a service
  • Modify an object label
  • Perform volume maintenance tasks
  • Profile single process
  • Profile system performance
  • Remove computer from docking station
  • Shut down the system
  • Synchronize directory service data If you configure this policy setting, an audit event is generated when a non-sensitive privilege is called. Success audits record successful attempts, and failure audits record unsuccessful attempts. Event volume: Very high Default: Not configured
Event ID Event message

4672

Special privileges assigned to new logon.

4673

A privileged service was called.

4674

An operation was attempted on a privileged object.
  ## Related topics [Advanced security audit policy settings](advanced-security-audit-policy-settings.md)