| Event Information | According To Microsoft
Cause
This behavior can occur when the audit policy includes auditing for the successful use of user rights.
RESOLUTION:
Change the audit policy to discontinue auditing for the successful use of user rights
MORE INFORMATION
To change the audit policy to stop auditing the successful use of user rights, follow these steps:
For Windows NT 4.0
1. Start User Manager for Domains.
2. On the Policies menu, click Audit.
3. In the Audit Policy dialog box, for the object Use of User Rights, click to clear the Success check box, and then click OK.
4. Quit User Manager for Domains
For Windows 2000 Server
If you set the audit policy on a domain basis
1. Under Administrative Tools, launch the Domain Security Policy.
2. Under Security Settings click Local Policies, and then click audit Policy.
3. Click Audit Privlege Use and click to clear the Success check box.
4. At the command line type secedit /refreshpolicy machine_policy
If you set the audit policy at the local computer
1. Under Administrative Tools, launch the Local Security Policy.
2. Under Security Settings click Local Policies, and then click Audit Policy.
3. Click Audit Privledge Use and click to clear the Success check box.
4. At the command line, type secedit /refreshpolicy machine_policy.
Cause:
This event record indicates that a privilege that is not auditable on an individual-use basis has been assigned to a users security context at logon. Certain privileges have security implications. Assigning such privileges to a user who is not trusted can be a security risk. Some privileges are used so frequently that auditing their every use would flood the audit log with useless noise. For example, SeChangeNotifyPrivilege is also used to bypass traverse access checking. This privilege is granted to all users in a normal system configuration and is used multiple ti |
