Event ID 4673
A privileged service was calledA privileged service was called.
Subject:
Security ID: %1
Account Name: %2
Account Domain: %3
Logon ID: %4
Service:
Server: %5
Service Name: %6
Process:
Process ID: %8
Process Name: %9
Service Request Information:
Privileges: %7| Name | Field | Insertion String | OS | Example | ||
|---|---|---|---|---|---|---|
| Security ID | SubjectUserSid | %1 | Any | ORG\UserA | ||
| Account Name | SubjectUserName | %2 | Any | UserA | ||
| Account Domain | SubjectDomainName | %3 | Any | ORG | ||
| Logon ID | SubjectLogonId | %4 | Any | 0x432344 | ||
| Server | ObjectServer | %5 | Any | NT Local Security Authority / Authentication Service | ||
| Service Name | Service | %6 | Any | LsaRegisterLogonProcess() | ||
| Privileges | PrivilegeList | %7 | Any | View Codes | ||
| Process ID | ProcessId | %8 | Any | 0x1f0 | ||
| Process Name | ProcessName | %9 | Any | C:\Windows\System32\lsass.exe | ||
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /category:"Privilege Use"
Operating Systems:
Windows Vista Windows 2008 Windows 2008 R2 Windows 7 Windows 2012 Windows 2012 R2 Windows 8 Windows 8.1 Windows 10 Windows 2016 Windows 2019 Windows 2022Tags:
Audit SuccessAudit Category:
Privilege UseAudit Subcategory:
Sensitive Privilege Use Non Sensitive Privilege UseLEFT/RIGHT arrow keys for navigation
Back to List