Windows Security Log Event ID 577
Operating Systems |
Windows Server 2000
Windows 2003 and XP
|
Category | Privilege Use |
Type
|
Success
Failure
|
Corresponding events
in Windows
2008 and Vista |
4673
|
577: Privileged Service Called
On this page
Event 577 indicates that the specified user exercised the user right specified in the Privileges field. To understand Primary and User fields see event 560.
Some user rights are logged by this event - others by 578. Still other, ""high-volume"" rights are not logged when they are exercised but simply noted as being held by a user at the time th user logs by event 576.
Click here for a cross reference of Se[privilege names] translated to user right names:
Note: 576, 577 and 578 do not log any activity associated with Logon Rights such as the SeNetworkLogonRight.
Do not confuse events 576, 577 or 578 with events 608, 609, 620,or 621which document rights assignment changes as opposed to the exercise of rights which is the purpose of events 576, 577 or 578.
Microsoft's Comments:
These are high volume events, which typically do not contain sufficient information to act upon since they do not describe what operation occurred.
User Rights
User Right
|
Description
|
SeTcbPrivilege
|
Act as part of the operating system
|
SeMachineAccountPrivilege
|
Add workstations to domain
|
SeIncreaseQuotaPrivilege
|
Adjust memory quotas for a process
|
SeBackupPrivilege
|
Back up files and directories
|
SeChangeNotifyPrivilege
|
Bypass traverse checking
|
SeSystemtimePrivilege
|
Change the system time
|
SeCreatePagefilePrivilege
|
Create a pagefile
|
SeCreateTokenPrivilege
|
Create a token object
|
SeCreatePermanentPrivilege
|
Create permanent shared objects
|
SeDebugPrivilege
|
Debug programs
|
SeEnableDelegationPrivilege
|
Enable computer and user accounts to be trusted for delegation
|
SeRemoteShutdownPrivilege
|
Force shutdown from a remote system
|
SeAuditPrivilege
|
Generate security audits
|
SeIncreaseBasePriorityPrivilege
|
Increase scheduling priority
|
SeLoadDriverPrivilege
|
Load and unload device drivers
|
SeLockMemoryPrivilege
|
Lock pages in memory
|
SeSecurityPrivilege
|
Manage auditing and security log
|
SeSystemEnvironmentPrivilege
|
Modify firmware environment values
|
SeManageVolumePrivilege
|
Perform volume maintenance tasks
|
SeProfileSingleProcessPrivilege
|
Profile single process
|
SeSystemProfilePrivilege
|
Profile system performance
|
SeUndockPrivilege
|
Remove computer from docking station
|
SeAssignPrimaryTokenPrivilege
|
Replace a process level token
|
SeRestorePrivilege
|
Restore files and directories
|
SeShutdownPrivilege
|
Shut down the system
|
SeSyncAgentPrivilege
|
Synchronize directory service data
|
SeTakeOwnershipPrivilege
|
Take ownership of files or other objects
|
Free Security Log Resources by Randy
- Server:
- Service:
- Primary User Name:
- Primary Domain:
- Primary Logon ID:
- Client User Name:
- Client Domain:
- Client Logon ID:
- Privileges:
Supercharger Free Edition
Your entire Windows Event Collection environment on a single pane of glass.
Free.