Special privileges assigned to new logon: User Name: %1 Domain: %2 Logon ID: %3 Assigned: %4

Details
Product: Windows Operating System
Event ID: 576
Source: Security
Version: 5.0
Component: Security Event Log
Symbolic Name: SE_AUDITID_ASSIGN_SPECIAL_PRIV
Message: Special privileges assigned to new logon: User Name: %1 Domain: %2 Logon ID: %3 Assigned: %4
   
Explanation

This event record indicates that a privilege that is not auditable on an individual-use basis has been assigned to a user’s security context at logon.

Certain privileges have security implications. Assigning such privileges to a user who is not trusted can be a security risk.

Some privileges are used so frequently that auditing their every use would flood the audit log with useless noise. For example, SeChangeNotifyPrivilege is also used to bypass traverse access checking. This privilege is granted to all users in a normal system configuration and is used multiple times for each file opened. This audit event record is intended to warn an administrator that such a privilege has been assigned.

   
User Action

The person with administrative rights for the computer should make sure the user should have the special privileges assigned.

Related:

Leave a Reply