Event ID 4703
A token right was adjustedA token right was adjusted.
Subject:
Security ID: %1
Account Name: %2
Account Domain: %3
Logon ID: %4
Target Account:
Security ID: %5
Account Name: %6
Account Domain: %7
Logon ID: %8
Process Information:
Process ID: %10
Process Name: %9
Enabled Privileges:
%11
Disabled Privileges:
%12To view the current privileges held by a user's token run whoami /priv.
Microsoft Documentation
| Name | Field | Insertion String | OS | Example | ||
|---|---|---|---|---|---|---|
| Security ID | SubjectUserSid | %1 | Any | DOMAINA\UserA | ||
| Account Name | SubjectUserName | %2 | Any | UserA | ||
| Account Domain | SubjectDomainName | %3 | Any | DOMAINA | ||
| Logon ID | SubjectLogonId | %4 | Any | 0x3e7 | ||
| Security ID | TargetUserSid | %5 | Any | DOMAINA\UserC | ||
| Account Name | TargetUserName | %6 | Any | UserC | ||
| Account Domain | TargetDomainName | %7 | Any | DOMAINA | ||
| Logon ID | TargetLogonId | %8 | Any | 0x3e7 | ||
| Process Name | ProcessName | %9 | Any | C:\Windows\System32\svchost.exe | ||
| Process ID | ProcessId | %10 | Any | 0x278 | ||
| Enabled Privileges | EnabledPrivilegeList | %11 | Any | View Codes | ||
| Disabled Privileges | DisabledPrivilegeList | %12 | Any | View Codes | ||
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"Authorization Policy Change"
LEFT/RIGHT arrow keys for navigation
Back to List