Greetings.
I need to know how to find (by all or any method) within the Event Viewer the log of a user clicking a UAC security prompt, and if possible, the information about what process initiated the UAC prompt and what reaction occurred from the user clicking Yes in that prompt.
I know the day and range of minutes the UAC prompt occurred, but there is so much data to sort within that 5 minute range.. It would help to know the Event ID or Task Category of such an action, or how to write the filter to show only UAC prompts being initiated / authenticated by a user.
I believe the system security may have been compromised by this action and I need to pin down what process was responsible for installing, changing or otherwise altering the system by this user click.
Or if Event Viewer is not the best place to get verbose information about this occurrence, what should I be using instead?
Thank you.