Jump to content

Auditing Reboot

Guest JamesRussel

By Guest JamesRussel
in Windows 2003 Server

 Share

Recommended Posts

Guest JamesRussel

Guest JamesRussel

Posted
Posted

can anyone tell what the log mean? ill trying to check who rebooted the server.

 

Event Type: Success Audit

Event Source: Security

Event Category: Privilege Use

Event ID: 577

Date: 24/01/2008

Time: 17:09:11

User: INTRANET\user01

Computer: server01

Description:

Privileged Service Called:

Server: Security

Service: -

Primary User Name: server01$

Primary Domain: INTRANET

Primary Logon ID: (0x0,0x3E7)

Client User Name: user01

Client Domain: INTRANET

Client Logon ID: (0x0,0x22B8EDB)

Privileges: SeShutdownPrivilege

 

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

 

--

JamesRussel

Cebu

  • Replies 2
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: Auditing Reboot

 

Hello JamesRussel,

 

Have a look here:

http://www.ultimatewindowssecurity.com/securitylog/event.aspx?eventID=577

 

Your user01 has the right "SeShutdownPrivilege", which can be set with GPO

under Computer configuration,windows settings,security settings,user rights

assignment,"Shut down the system", if i am not totally wrong.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> can anyone tell what the log mean? ill trying to check who rebooted

> the server.

>

> Event Type: Success Audit

> Event Source: Security

> Event Category: Privilege Use

> Event ID: 577

> Date: 24/01/2008

> Time: 17:09:11

> User: INTRANET\user01

> Computer: server01

> Description:

> Privileged Service Called:

> Server: Security

> Service: -

> Primary User Name: server01$

> Primary Domain: INTRANET

> Primary Logon ID: (0x0,0x3E7)

> Client User Name: user01

> Client Domain: INTRANET

> Client Logon ID: (0x0,0x22B8EDB)

> Privileges: SeShutdownPrivilege

> For more information, see Help and Support Center at

> http://go.microsoft.com/fwlink/events.asp.

>

Guest JamesRussel

Guest JamesRussel

Posted
Posted

Re: Auditing Reboot

 

thanks for the information. this is a good one cheers.

--

JamesRussel

Cebu

 

 

"Meinolf Weber" wrote:

> Hello JamesRussel,

>

> Have a look here:

> http://www.ultimatewindowssecurity.com/securitylog/event.aspx?eventID=577

>

> Your user01 has the right "SeShutdownPrivilege", which can be set with GPO

> under Computer configuration,windows settings,security settings,user rights

> assignment,"Shut down the system", if i am not totally wrong.

>

> Best regards

>

> Meinolf Weber

> Disclaimer: This posting is provided "AS IS" with no warranties, and confers

> no rights.

> ** Please do NOT email, only reply to Newsgroups

> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>

> > can anyone tell what the log mean? ill trying to check who rebooted

> > the server.

> >

> > Event Type: Success Audit

> > Event Source: Security

> > Event Category: Privilege Use

> > Event ID: 577

> > Date: 24/01/2008

> > Time: 17:09:11

> > User: INTRANET\user01

> > Computer: server01

> > Description:

> > Privileged Service Called:

> > Server: Security

> > Service: -

> > Primary User Name: server01$

> > Primary Domain: INTRANET

> > Primary Logon ID: (0x0,0x3E7)

> > Client User Name: user01

> > Client Domain: INTRANET

> > Client Logon ID: (0x0,0x22B8EDB)

> > Privileges: SeShutdownPrivilege

> > For more information, see Help and Support Center at

> > http://go.microsoft.com/fwlink/events.asp.

> >

>

>

>

 Share
Go to topic listing
×
×
  • Create New...