Event ID 576 Source Security
| Event ID | 576 |
| Source | Security |
| Type | Success Audit |
| Description | Special privileges assigned to new logon: User Name: <user name> Domain: <domain name> Logon ID: <logon id> Assigned: SeChangeNotifyPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege |
| English, please! | This information is only available to subscribers. An example of English, please! |
| Comments |
Mihai Andrei
As per Microsoft: "This event record indicates that a privilege that is not auditable on an individual-use basis has been assigned to a user's security context at logon". See MSW2KDB for additional information about this event. Ionut Marin If your system performance decreases after you configure an audit policy in Windows Server 2003, see M822774 to fix this problem. As per Microsoft: "This behavior can occur when the audit policy includes auditing for the successful use of user rights". See M264769 for more details. Louis Strous Some posts in the microsoft.public.win2000.security newsgroup state that the user and domain (1st and 2nd) entries in a 576 audit event may be left blank if the associated logon session has gone away before the audit event is generated (because audit event generation is asynchronous), but that you can always use the logon-id field (3rd entry) to find the user and domain from an earlier logon audit. Adrian Grigorof Special privileges assigned to new logon. |
| Links | M174074, M264769, M822774, Online Analysis of Security Event Log, MSW2KDB |
| Search | Google Web - Microsoft Support - Bing - EventID.Net Queue - More links... |
| Custom search | The custom search information is available to subscribers only. |
| Feedback | Send comments - Notify me when updated |
| Print version |