[logs] Re: [Windows] Privileges field in 560 events

• Previous message: Bakir, Adam: "[logs] Re: Looking to graphically map ip conversations"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Disable the setting "Audit the access to global system objects" (aka
"AuditBaseObjects").
 
Also see my blog (shameless plug):
http://blogs.msdn.com/ericfitz/archive/2005/01/11/350848.aspx
 
Eric Fitzgerald
Program Manager, Windows Core Security
Microsoft Corporation
425-705-9601

________________________________

From: loganalysis-bounces+ericf=windows.microsoft.com@private
[mailto:loganalysis-bounces+ericf=windows.microsoft.com@private]
On Behalf Of Schneider, Robert
Sent: Wednesday, August 03, 2005 12:29 PM
To: 'loganalysis@private'
Subject: [logs] Re: [Windows] Privileges field in 560 events


All,
A Windows 2000 Pro stand-alone (not connected to network) system has the
Security Event logs filling up with Event ID 560s!  100s are written
with the same time stamp. The user involved has restricted privileges.
What can cause so many 560 events to occur so quickly? 
Thanks in advance,
Bob
 
Bob Schneider 
L3 Communications/ILEX Systems 
IAVA Support 
732-530-8444 x3503 
mailto:robert.schneider@private
 



_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Previous message: Bakir, Adam: "[logs] Re: Looking to graphically map ip conversations"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Aug 08 2005 - 15:30:52 PDT