M
Minepocket
Guest
Hello, I've noticed multiple different "special logon" events (event id: 4672) wherein some of the events have different privileges than others. Is this normal? (some of) the privileges were:SeSecurityPrivilege, SeTakeOwnershipPrivilege, SeLoadDriverPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeDebugPrivilege, SeSystemEnvironmentPrivilege, SeImpersonatePrivilege, SeDelegateSessionUserImpersonatePrivilege, SeAssignPrimaryTokenPrivilege, SeTcbPrivilege, SeAuditPrivilegeThe event often looks like this:Special privileges assigned to new logon.Subject:Security ID: SYSTEM Account Name: SY
Continue reading...
Continue reading...