Event Details
User Activity->System Events->Windows 2008->EventID 4674 - An operation was attempted on a privileged object - Failure.
EventID 4674 - An operation was attempted on a privileged object - Failure.
 Sample: 
Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          10/27/2009 9:52:10 PM
Event ID:      4674
Task Category: Sensitive Privilege Use
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      dcc1.Logistics.corp
Description:   
An operation was attempted on a privileged object.
Subject:
	Security ID:		S-1-5-19
	Account Name:		LOCAL SERVICE
	Account Domain:		NT AUTHORITY
	Logon ID:		0x3e5
Object:
	Object Server:	Security
	Object Type:	-
	Object Name:	-
	Object Handle:	0x0
Process Information:
	Process ID:	0x23c
	Process Name:	C:\Windows\System32\lsass.exe
Requested Operation:
	Desired Access:	16777216
	Privileges:		SeSecurityPrivilege
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Security
Filtering Field Equals to Value
OSVersion Windows Vista (2008)
Windows 7 (2008 R2)
Windows 8 (2012)
Windows 8.1 (2012 R2)
Windows 10 (2016)
Category Privilege Use
Source Microsoft-Windows-Security-Auditing
TaskCategory Sensitive Privilege Use
EventId 4674
Type Failure Audit
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime
Who Account or user name under which the activity occured. Subject: Account Name DCC1$
What The type of activity occurred (e.g. Logon, Password Changed, etc.) TaskCategory Sensitive Privilege Use
Where The name of the workstation/server where the activity was logged. Computer
Where From The name of the workstation/server where the activity was initiated from. - 10.10.10.10
Severity Specify the seriousness of the event. "High" High
WhoDomain Subject: Account Domain LOGISTICS
WhereDomain -
Comments
You must be logged in to comment