Event ID 601

Attempt to install service 

Attempt to install service:
    Service Name:        %1
    Service File Name:   %2
    Service Type:        %3
    Service Start Type:  %4
    Service Account:     %5
 By:
    User Name:           %6
    Domain:              %7
    Logon ID:            %8


Fields Definitions Insertion String
Service Name System name for the new service %1
Service File Name Full path of the executable %2
Service Type Indicate system use of service %3
Service Start Type Automatic - starts with the OS, Manual - starts via user, Disabled - Off %4
Service Account Account used by the service %5
User Name Account name attempting to install the service %6
Domain Domain of user %7
Logon ID Logon session %8

 

Service Type Key Value
KernelDriver 1 Kernel device driver
FileSystemDriver 2 A file system driver
Adapter 4 A service for a hardware device
RecognizerDriver 8 A driver used to resolve the file system available on the system
Win32OwnProcess 16 A Win32 service runs in a process itself
Win32ShareProcess 32 A Win32 service that can share a process with other services
InteractiveProcess 256 A service that talks to the desktop

Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /category:"Detailed Tracking"
How to enable Windows Auditing
Recommended Audit Policy

Operating Systems:
Windows 2003 Windows XP

Audit Category:
Detailed Tracking
Corresponding Events:
4697

LEFT/RIGHT arrow keys for navigation

Back to List