Event-o-Pedia EventID 4703 - A token right was adjusted.

	Event Details
	User Activity->Policy Changes->User Rights Assignment->Windows 2008->EventID 4703 - A token right was adjusted.

EventID 4703 - A token right was adjusted.

Linked Event:

EventID 4703 - A token right was adjusted.

Sample:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          10/20/2016 9:22:27 AM
Event ID:      4703
Task Category: Token Right Adjusted Events
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      IIZHU2016.itss.wm.zhu.cn.qsft
Description:
A token right was adjusted.

Subject:
	Security ID:		SYSTEM
	Account Name:		IIZHU2016$
	Account Domain:		ITSS
	Logon ID:		0x3E7

Target Account:
	Security ID:		NULL SID
	Account Name:		IIZHU2016$
	Account Domain:		ITSS
	Logon ID:		0x3E7

Process Information:
	Process ID:		0x4c8
	Process Name:		C:\Windows\System32\svchost.exe

Enabled Privileges:
			SeSecurityPrivilege

Disabled Privileges:
			-

Log Type:

Windows Event Log

Uniquely Identified By:

Log Name:

Security

Filtering Field	Equals to Value
OSVersion	Windows Vista (2008) Windows 7 (2008 R2) Windows 8 (2012) Windows 8.1 (2012 R2) Windows 10 (2016)
Category	Detailed Tracking
Source	Microsoft-Windows-Security-Auditing
TaskCategory	Token Right Adjusted Events
EventId	4703

Field Matching

Field	Description	Stored in	Sample Value
When	At what date and time a user activity originated in the system.	DateTime	10.10.2000 19:00:00
Who	Account or user name under which the activity occured.	Subject: Account Name	IIZHU2016$
What	The type of activity occurred (e.g. Logon, Password Changed, etc.)	"Token right adjusted"	Token right adjusted
Where	The name of the workstation/server where the activity was logged.	Computer	DC1
Where From	The name of the workstation/server where the activity was initiated from.	-	10.10.10.10
Severity	Specify the seriousness of the event.	"Medium"	Medium
WhoDomain		Subject: Account Domain	ITSS
WhereDomain		-
Policy Name	The name of the affected policy.	"Token Rights Adjustment"	Token Rights Adjustment
User Right	The list of assigned or removed user rights	-
Whom	Account name of the user to/from whom the right was assigned/removed	Target Account: Account Name	IIZHU2016$