Resolution
goal
What does the occurrence of the event 'Special Priviledges assigned to new logon' mean in the 'Significant Security Events' report?
fact
VigilEnt Security Manager 4.x
fix
This message is related to Event ID 576. This event record indicates that a privilege that is not auditable on an individual-use basis has been assigned to a user's security context at logon. Certain privileges have security implications. Assigning such privileges to a user, who is not trusted, can be a security risk. Some privileges are used so frequently that auditing their every use would flood the audit log with useless information. For example, SeChangeNotifyPrivilege is also used to bypass traverse access checking. This privilege is granted to all users in a normal system configuration and is used multiple times for each file opened. This audit event record is intended to warn an administrator that such a privilege has been assigned.
What does the occurrence of the event 'Special Priviledges assigned to new logon' mean in the 'Significant Security Events' report?
fact
VigilEnt Security Manager 4.x
fix
This message is related to Event ID 576. This event record indicates that a privilege that is not auditable on an individual-use basis has been assigned to a user's security context at logon. Certain privileges have security implications. Assigning such privileges to a user, who is not trusted, can be a security risk. Some privileges are used so frequently that auditing their every use would flood the audit log with useless information. For example, SeChangeNotifyPrivilege is also used to bypass traverse access checking. This privilege is granted to all users in a normal system configuration and is used multiple times for each file opened. This audit event record is intended to warn an administrator that such a privilege has been assigned.
Additional Information
Formerly known as NETIQKB33756