Event ID: 4696A primary token was assigned to process
A primary token was assigned to process. Subject: Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 Process Information: Process ID: %11 Process Name: %12 Target Process: Target Process ID: %9 Target Process Name: %10 New Token Information: Security ID: %5 Account Name: %6 Account Domain: %7 Logon ID: %8
This event generates every time a process runs using the non-current access token, for example, UAC elevated token, RUN AS different user actions, scheduled task with defined user, services, and so on.
IMPORTANT: this event is deprecated starting from Windows 7 and Windows 2008 R2.
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"Process Creation"
LEFT/RIGHT arrow keys for navigationBack to List