To Log or Not To Log (4674) Expand / Collapse
Author
Message
Posted 9/26/2014 3:54:39 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 9/30/2014 8:21:03 AM
Posts: 2, Visits: 2
It seems that a significant percentage of the logs on a DC I am reviewing is 4674 failures. I initially logged both success and failure after reading security blogs about security best practices. However, the volume of noise and the inability to find any real info on troubleshooting this error makes me wonder if I shouldn't simply turn this off. I would appreciate any insight you may have.

An operation was attempted on a privileged object.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Object:
Object Server: LSA
Object Type: -
Object Name: -
Object Handle: 0x0

Process Information:
Process ID: 0x218
Process Name: C:\Windows\System32\lsass.exe

Requested Operation:
Desired Access: 16777216
Privileges: SeSecurityPrivilege
Post #1579
Posted 10/6/2014 9:35:22 PM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 237, Visits: 0
These events can probably be turned off. icrosoft admits: "These are high volume events, which typically do not contain sufficient information to act upon since they do not describe what operation occurred."

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4674
Post #1583
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 4:37am