deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 05:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/keep-secure/audit-non-sensitive-privilege-use.md
Brian Lich edb7f5a067 new build
2016-03-31 09:25:25 -07:00

2.8 KiB
Raw Blame History

title, description, ms.assetid, ms.prod, ms.mktglfcycl, ms.sitesec, author
title description ms.assetid ms.prod ms.mktglfcycl ms.sitesec author
Audit Non-Sensitive Privilege Use (Windows 10) This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used. 8fd74783-1059-443e-aa86-566d78606627 W10 deploy library brianlic-msft

Audit Non-Sensitive Privilege Use

Applies to

  • Windows 10

This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used.

The following privileges are non-sensitive:

  • Access Credential Manager as a trusted caller

  • Access this computer from the network

  • Add workstations to domain

  • Adjust memory quotas for a process

  • Allow log on locally

  • Allow log on through Terminal Services

  • Bypass traverse checking

  • Change the system time

  • Create a page file

  • Create global objects

  • Create permanent shared objects

  • Create symbolic links

  • Deny access to this computer from the network

  • Deny log on as a batch job

  • Deny log on as a service

  • Deny log on locally

  • Deny log on through Terminal Services

  • Force shutdown from a remote system

  • Increase a process working set

  • Increase scheduling priority

  • Lock pages in memory

  • Log on as a batch job

  • Log on as a service

  • Modify an object label

  • Perform volume maintenance tasks

  • Profile single process

  • Profile system performance

  • Remove computer from docking station

  • Shut down the system

  • Synchronize directory service data

If you configure this policy setting, an audit event is generated when a non-sensitive privilege is called. Success audits record successful attempts, and failure audits record unsuccessful attempts.

Event volume: Very high

Default: Not configured

Event ID Event message

4672

Special privileges assigned to new logon.

4673

A privileged service was called.

4674

An operation was attempted on a privileged object.

 

Related topics

Advanced security audit policy settings