I found no public description of what it means and what I am supposed to do. It seemed to me that something cannot execute because 'LOCAL SERVICE' needs 'SeSecurityPrivilege' (aka 'Manage auditing and security log') right. Okay, I granted this right (double checked with RSoP and Local Policy Editor) but nothing changed. I even tried to grant this rigth to 'System' account also (by default only 'Administrators' have it). But this didn't help either.Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 12/14/2008 7:10:02 PM
Event ID: 4674
Task Category: Sensitive Privilege Use
Level: Information
Keywords: Audit Failure
User: N/A
Computer: <Computer FQDN Here>
Description:
An operation was attempted on a privileged object.Subject:
Security ID: LOCAL SERVICE
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5Object:
Object Server: Security
Object Type: -
Object Name: -
Object Handle: 0x0Process Information:
Process ID: 0x294
Process Name: C:\Windows\System32\lsass.exeRequested Operation:
Desired Access: 16777216
Privileges: SeSecurityPrivilege
So my question is: what should I do to get rid of these events (other then disabling auditing)? Thanks in advance.
P.S. A few links I tried but that didn't add to my understanding.
- Events and Errors Message Center Search — nothing at all.
- EventID Search — nothnig at all.
- Randy Franklin Smith's UltimateWindowsSecurity.com Wiki article on SeSecurityPrivilege— interesting, but nothing particularly helpful for this special case.
- Randy Franklin Smith's UltimateWindowsSecurity.com Wiki article on Event 4674 — nearly meaningless.
And that's all at least slightly relevant information I could find.