Event ID: 4673

A privileged service was called

A privileged service was called.

Subject:
    Security ID:        %1
    Account Name:       %2
    Account Domain:     %3
    Logon ID:           %4

Service:
    Server:             %5
    Service Name:       %6

Process:
    Process ID:         %8
    Process Name:       %9

Service Request Information:
    Privileges:         %7
Microsoft Documentation

Event ID - 4673





Name Field Insertion String OS Example
Security ID SubjectUserSid %1 Any ORG\UserA
Account Name SubjectUserName %2 Any UserA
Account Domain SubjectDomainName %3 Any ORG
Logon ID SubjectLogonId %4 Any 0x432344
Server ObjectServer %5 Any NT Local Security Authority / Authentication Service
Service Name Service %6 Any LsaRegisterLogonProcess()
Privileges PrivilegeList %7 Any View Codes
Process ID ProcessId %8 Any 0x1f0
Process Name ProcessName %9 Any C:\Windows\System32\lsass.exe


Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /category:"Privilege Use"
How to enable Windows Auditing



LEFT/RIGHT arrow keys for navigation

Back to List