deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 05:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/keep-secure/audit-non-sensitive-privilege-use.md
Brian Lich eb9290389d fixing spacing issues
2016-05-19 14:52:11 -07:00

69 lines
2.5 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Audit Non-Sensitive Privilege Use (Windows 10)
description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used.
ms.assetid: 8fd74783-1059-443e-aa86-566d78606627
ms.prod: W10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: brianlic-msft
---
# Audit Non-Sensitive Privilege Use
**Applies to**
- Windows 10
This topic for the IT professional describes the Advanced Security Audit policy setting, **Audit Non-Sensitive Privilege Use**, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used.
The following privileges are non-sensitive:
- **Access Credential Manager as a trusted caller**
- **Access this computer from the network**
- **Add workstations to domain**
- **Adjust memory quotas for a process**
- **Allow log on locally**
- **Allow log on through Terminal Services**
- **Bypass traverse checking**
- **Change the system time**
- **Create a page file**
- **Create global objects**
- **Create permanent shared objects**
- **Create symbolic links**
- **Deny access to this computer from the network**
- **Deny log on as a batch job**
- **Deny log on as a service**
- **Deny log on locally**
- **Deny log on through Terminal Services**
- **Force shutdown from a remote system**
- **Increase a process working set**
- **Increase scheduling priority**
- **Lock pages in memory**
- **Log on as a batch job**
- **Log on as a service**
- **Modify an object label**
- **Perform volume maintenance tasks**
- **Profile single process**
- **Profile system performance**
- **Remove computer from docking station**
- **Shut down the system**
- **Synchronize directory service data**
If you configure this policy setting, an audit event is generated when a non-sensitive privilege is called. Success audits record successful attempts, and failure audits record unsuccessful attempts.
Event volume: Very high
Default: Not configured
| Event ID | Event message |
| - | - |
| 4672 | Special privileges assigned to new logon. |
| 4673 | A privileged service was called. |
| 4674 | An operation was attempted on a privileged object. |
 
## Related topics
- [Advanced security audit policy settings](advanced-security-audit-policy-settings.md)
 
 
Reference in New Issue View Git Blame Copy Permalink