[logs] Re: [Windows] Privileges field in 560 events

From: Eric Fitzgerald (ericf@private)
Date: Fri Aug 05 2005 - 13:05:35 PDT

Disable the setting "Audit the access to global system objects" (aka
Also see my blog (shameless plug):
Eric Fitzgerald
Program Manager, Windows Core Security
Microsoft Corporation


From: loganalysis-bounces+ericf=windows.microsoft.com@private
On Behalf Of Schneider, Robert
Sent: Wednesday, August 03, 2005 12:29 PM
To: 'loganalysis@private'
Subject: [logs] Re: [Windows] Privileges field in 560 events

A Windows 2000 Pro stand-alone (not connected to network) system has the
Security Event logs filling up with Event ID 560s!  100s are written
with the same time stamp. The user involved has restricted privileges.
What can cause so many 560 events to occur so quickly? 
Thanks in advance,
Bob Schneider 
L3 Communications/ILEX Systems 
IAVA Support 
732-530-8444 x3503 

LogAnalysis mailing list

This archive was generated by hypermail 2.1.3 : Mon Aug 08 2005 - 15:30:52 PDT