|Product:||Windows Operating System|
|Component:||Security Event Log|
|Message:||Special privileges assigned to new logon: User Name: %1 Domain: %2 Logon ID: %3 Assigned: %4|
This event record indicates that a privilege that is not auditable on an individual-use basis has been assigned to a user’s security context at logon.
Certain privileges have security implications. Assigning such privileges to a user who is not trusted can be a security risk.
Some privileges are used so frequently that auditing their every use would flood the audit log with useless noise. For example, SeChangeNotifyPrivilege is also used to bypass traverse access checking. This privilege is granted to all users in a normal system configuration and is used multiple times for each file opened. This audit event record is intended to warn an administrator that such a privilege has been assigned.
The person with administrative rights for the computer should make sure the user should have the special privileges assigned.