deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 21:27:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/keep-secure/audit-non-sensitive-privilege-use.md
Brian Lich eb9290389d fixing spacing issues
2016-05-19 14:52:11 -07:00

2.5 KiB
Raw Blame History

title, description, ms.assetid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, author
title description ms.assetid ms.prod ms.mktglfcycl ms.sitesec ms.pagetype author
Audit Non-Sensitive Privilege Use (Windows 10) This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used. 8fd74783-1059-443e-aa86-566d78606627 W10 deploy library security brianlic-msft

Audit Non-Sensitive Privilege Use

Applies to

  • Windows 10

This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used.

The following privileges are non-sensitive:

  • Access Credential Manager as a trusted caller
  • Access this computer from the network
  • Add workstations to domain
  • Adjust memory quotas for a process
  • Allow log on locally
  • Allow log on through Terminal Services
  • Bypass traverse checking
  • Change the system time
  • Create a page file
  • Create global objects
  • Create permanent shared objects
  • Create symbolic links
  • Deny access to this computer from the network
  • Deny log on as a batch job
  • Deny log on as a service
  • Deny log on locally
  • Deny log on through Terminal Services
  • Force shutdown from a remote system
  • Increase a process working set
  • Increase scheduling priority
  • Lock pages in memory
  • Log on as a batch job
  • Log on as a service
  • Modify an object label
  • Perform volume maintenance tasks
  • Profile single process
  • Profile system performance
  • Remove computer from docking station
  • Shut down the system
  • Synchronize directory service data

If you configure this policy setting, an audit event is generated when a non-sensitive privilege is called. Success audits record successful attempts, and failure audits record unsuccessful attempts.

Event volume: Very high

Default: Not configured

Event ID Event message
4672 Special privileges assigned to new logon.
4673 A privileged service was called.
4674 An operation was attempted on a privileged object.
 

Related topics