审核非敏感特权使用
面向 IT 专业人员的本主题介绍高级安全审核策略设置“审核非敏感权限使用”,此策略设置确定操作系统是否在使用非敏感权限(用户权限)时生成审核事件。
以下特权属于非敏感特权:
Access Credential Manager as a trusted caller
Access this computer from the network
Add workstations to domain
Adjust memory quotas for a process
Allow log on locally
Allow log on through Terminal Services
Bypass traverse checking
Change the system time
Create a page file
Create global objects
Create permanent shared objects
Create symbolic links
Deny access to this computer from the network
Deny log on as a batch job
Deny log on as a service
Deny log on locally
Deny log on through Terminal Services
Force shutdown from a remote system
Increase a process working set
Increase scheduling priority
Lock pages in memory
Log on as a batch job
Log on as a service
Modify an object label
Perform volume maintenance tasks
Profile single process
Profile system performance
Remove computer from docking station
Shut down the system
Synchronize directory service data
如果配置此策略设置,调用非敏感特权时就会生成审核事件。成功审核用来记录成功的尝试,而失败审核用来记录不成功的尝试。
事件量:非常高
默认值:未配置
事件 ID | 事件消息 |
---|---|
4672 |
已向新登录分配特殊特权。 |
4673 |
已调用特权服务。 |
4674 |
已试图对特权对象执行操作。 |