SUN_TZU
September 14th, 2000, 11:24 AM
What do I audit to do this? Which user right is this? I have auditing turn on for "USE OF USERR RIGHTS", but when a service gets stopped, all I get is this message:
Privileged object operation:
Object Server: EventLog
Object Handle: 0
Process ID: 2155077952
Primary User Name: SYSTEM
Primary Domain: NT AUTHORITY
Primary Logon ID: (0x0,0x3E7)
Client User Name: xiongd
Client Domain: GTFC
Client Logon ID: (0x0,0x14DEB8)
Privileges: SeSecurityPrivilege
How do I interpret this? Are there better logging tools available?
THANKS.
Privileged object operation:
Object Server: EventLog
Object Handle: 0
Process ID: 2155077952
Primary User Name: SYSTEM
Primary Domain: NT AUTHORITY
Primary Logon ID: (0x0,0x3E7)
Client User Name: xiongd
Client Domain: GTFC
Client Logon ID: (0x0,0x14DEB8)
Privileges: SeSecurityPrivilege
How do I interpret this? Are there better logging tools available?
THANKS.