Event Details
Operating System->Microsoft Windows->Built-in logs->Windows 2000-2003->Security Log->Privilege Use->EventID 578 - Privileged object operation
EventID 578 - Privileged object operation

Perform a privileged system service.

Microsoft's Comments:
These are high volume events, which typically do not contain sufficient information to act upon since they do not describe what operation occurred.

Find more information about this event on ultimatewindowssecurity.com.

Corresponding events on other OS versions:


Windows 2008
 Sample:
        Event Type:     Success Audit
        Event Source:   Security
        Event Category: Privilege Use
        Event ID:       578
        Date:           11/13/2009
        Time:           11:32:55
        User:           LOGISTICS\ALebovsky
        Computer:       DCCC1
        Description:
        Privileged object operation:
        Object Server:	EventLog
        Object Handle:	0
        Process ID:	232
        Primary User Name:	DCCC1$
        Primary Domain:	LOGISTICS
        Primary Logon ID:	(0x0,0x3E7)
        Client User Name:	ALebovsky
        Client Domain:	LOGISTICS
        Client Logon ID:	(0x0,0x1DE180)
        Privileges:	SeSecurityPrivilege
      
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Security
Filtering Field Equals to Value
OSVersion Windows 2000
Windows XP
Windows 2003
Category Privilege Use
Source Security
EventId 578
Field Matching
FieldDescriptionStored inSample Value
DateTime Date/Time of event origination in GMT format. DateTime 10.10.2000 19:00:00
Source Name of an Application or System Service originating the event. Source Security
Type Warning, Information, Error, Success, Failure, etc. Type Success
User Domain\Account name of user/service/computer initiating event. User RESEARCH\Alebovsky
Computer Name of server workstation where event was logged. Computer DC1
EventID Numerical ID of event. Unique within one Event Source. EventId 576
Description The entire unparsed event message. Description Special privileges assigned to new logon.
Log Name The name of the event log (e.g. Application, Security, System, etc.) LogName Security
Category A name for a subclass of events within the same Event Source. Category Logon/Logoff
Privileges The list of assigned privileges InsertionString10 SeSecurityPrivilege
Object Server The name of the service handling the access request InsertionString1 EventLog
Object Handle ID of the handle of the object for operation on which the privilege has been granted InsertionString2 0
Process ID ID of the process operating on the object InsertionString3 232
Primary User Name For local access identifies the user attempting to excercise the privilege, for remote access identifies the server program used to excercise the privilege InsertionString4 DCCC1$
Primary Domain Domain of the Primary User Name InsertionString5 LOGISTICS
Primary Logon ID ID of the logon session of the Primary User Name account InsertionString6 (0x0,0x3E7)
Client User Name For local access this field is empty, for remote access identifies the user attempting to excercise the privilege InsertionString7 ALebovsky
Client Domain Domain of Client User Name InsertionString8 LOGISTICS
Client Logon ID ID of the logon session of the Client User Name account InsertionString9 (0x0,0x1DE180)
Comments
You must be logged in to comment