Audit Policy: Privilege Use: Non Sensitive Privilege Use
|ID: oval:org.secpod.oval:def:22796||Date: (C)2015-01-07 (M)2017-10-31|
|Class: COMPLIANCE||Family: windows|
This subcategory reports when a user account or service uses a non-sensitive privilege. A non-sensitive privilege includes the following user rights: Access Credential Manager as a trusted caller, Access this computer from the network, Add workstations to domain, Adjust memory quotas for a process, Allow log on locally, Allow log on through Terminal Services, Bypass traverse checking, Change the system time, Create a pagefile, Create global objects, Create permanent shared objects, Create symbolic links, Deny access this computer from the network, Deny log on as a batch job, Deny log on as a service, Deny log on locally, Deny log on through Terminal Services, Force shutdown from a remote system, Increase a process working set, Increase scheduling priority, Lock pages in memory, Log on as a batch job, Log on as a service, Modify an object label, Perform volume maintenance tasks, Profile single process, Profile system performance, Remove computer from docking station, Shut down the system, and Synchronize directory service data. Auditing this subcategory will create a very high volume of events. Events for this subcategory include:
? 4672: Special privileges assigned to new logon.
? 4673: A privileged service was called.
? 4674: An operation was attempted on a privileged object.
Refer to the Microsoft Knowledgebase article ?Description of security events in Windows Vista and in Windows Server 2008? for the most recent information about this setting: http://support.microsoft.com/default.aspx/kb/947226.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Privilege Use!Audit Policy: Privilege Use: Non Sensitive Privilege Use
(2) REG: NO REGISTRY INFO
|Microsoft Windows Server 2012 R2|