Event ID 601

Attempt to install service

Attempt to install service:
    Service Name:        %1
    Service File Name:   %2
    Service Type:        %3
    Service Start Type:  %4
    Service Account:     %5
 By:
    User Name:           %6
    Domain:              %7
    Logon ID:            %8

Fields	Definitions	Insertion String
Service Name	System name for the new service	%1
Service File Name	Full path of the executable	%2
Service Type	Indicate system use of service	%3
Service Start Type	Automatic - starts with the OS, Manual - starts via user, Disabled - Off	%4
Service Account	Account used by the service	%5
User Name	Account name attempting to install the service	%6
Domain	Domain of user	%7
Logon ID	Logon session	%8

Service Type	Key	Value
KernelDriver	1	Kernel device driver
FileSystemDriver	2	A file system driver
Adapter	4	A service for a hardware device
RecognizerDriver	8	A driver used to resolve the file system available on the system
Win32OwnProcess	16	A Win32 service runs in a process itself
Win32ShareProcess	32	A Win32 service that can share a process with other services
InteractiveProcess	256	A service that talks to the desktop

Lookup Audit Policy Configuration Settings


  C:\> AuditPol.exe /get /category:"Detailed Tracking"

How to enable Windows Auditing

Recommended Audit Policy

Operating Systems:

Windows 2003 Windows XP

Audit Category:

Detailed Tracking

Corresponding Events:

4697

LEFT/RIGHT arrow keys for navigation

Back to List