I found no public description of what it means and what I am supposed to do. It seemed to me that something cannot execute because'LOCAL SERVICE' needs 'SeSecurityPrivilege' (aka 'Manage auditing and security log') right. Okay, I granted this right (double checked with RSoP and Local Policy Editor) but nothing changed. I even tried to grant this rigth to 'System' account also (by default only 'Administrators' have it). But this didn't help either.Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 12/14/2008 7:10:02 PM
Event ID: 4674
Task Category: Sensitive Privilege Use
Level: Information
Keywords: Audit Failure
User: N/A
Computer: <Computer FQDN Here>
Description:
An operation was attempted on a privileged object.Subject:
Security ID:LOCAL SERVICE
Account Name:LOCAL SERVICE
Account Domain:NT AUTHORITY
Logon ID:0x3e5Object:
Object Server:Security
Object Type:-
Object Name:-
Object Handle:0x0Process Information:
Process ID:0x294
Process Name:C:\Windows\System32\lsass.exeRequested Operation:
Desired Access:16777216
Privileges:SeSecurityPrivilege
So my question is: what should I do to get rid of these events (other then disabling auditing)? Thanks in advance.
P.S. A few links Itried but that didn'tadd to my understanding.
- Events and Errors Message Center Search nothing at all.
- EventID Search nothnig at all.
- Randy Franklin Smith's UltimateWindowsSecurity.comWiki article on SeSecurityPrivilege interesting, but nothing particularly helpful for this special case.
- Randy Franklin Smith's UltimateWindowsSecurity.comWiki article onEvent 4674 nearly meaningless.
And that's all at least slightly relevant information I could find.