Guest JamesRussel Posted January 24, 2008 Posted January 24, 2008 can anyone tell what the log mean? ill trying to check who rebooted the server. Event Type: Success Audit Event Source: Security Event Category: Privilege Use Event ID: 577 Date: 24/01/2008 Time: 17:09:11 User: INTRANET\user01 Computer: server01 Description: Privileged Service Called: Server: Security Service: - Primary User Name: server01$ Primary Domain: INTRANET Primary Logon ID: (0x0,0x3E7) Client User Name: user01 Client Domain: INTRANET Client Logon ID: (0x0,0x22B8EDB) Privileges: SeShutdownPrivilege For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. -- JamesRussel Cebu
Guest Meinolf Weber Posted January 24, 2008 Posted January 24, 2008 Re: Auditing Reboot Hello JamesRussel, Have a look here: http://www.ultimatewindowssecurity.com/securitylog/event.aspx?eventID=577 Your user01 has the right "SeShutdownPrivilege", which can be set with GPO under Computer configuration,windows settings,security settings,user rights assignment,"Shut down the system", if i am not totally wrong. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > can anyone tell what the log mean? ill trying to check who rebooted > the server. > > Event Type: Success Audit > Event Source: Security > Event Category: Privilege Use > Event ID: 577 > Date: 24/01/2008 > Time: 17:09:11 > User: INTRANET\user01 > Computer: server01 > Description: > Privileged Service Called: > Server: Security > Service: - > Primary User Name: server01$ > Primary Domain: INTRANET > Primary Logon ID: (0x0,0x3E7) > Client User Name: user01 > Client Domain: INTRANET > Client Logon ID: (0x0,0x22B8EDB) > Privileges: SeShutdownPrivilege > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. >
Guest JamesRussel Posted January 24, 2008 Posted January 24, 2008 Re: Auditing Reboot thanks for the information. this is a good one cheers. -- JamesRussel Cebu "Meinolf Weber" wrote: > Hello JamesRussel, > > Have a look here: > http://www.ultimatewindowssecurity.com/securitylog/event.aspx?eventID=577 > > Your user01 has the right "SeShutdownPrivilege", which can be set with GPO > under Computer configuration,windows settings,security settings,user rights > assignment,"Shut down the system", if i am not totally wrong. > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > can anyone tell what the log mean? ill trying to check who rebooted > > the server. > > > > Event Type: Success Audit > > Event Source: Security > > Event Category: Privilege Use > > Event ID: 577 > > Date: 24/01/2008 > > Time: 17:09:11 > > User: INTRANET\user01 > > Computer: server01 > > Description: > > Privileged Service Called: > > Server: Security > > Service: - > > Primary User Name: server01$ > > Primary Domain: INTRANET > > Primary Logon ID: (0x0,0x3E7) > > Client User Name: user01 > > Client Domain: INTRANET > > Client Logon ID: (0x0,0x22B8EDB) > > Privileges: SeShutdownPrivilege > > For more information, see Help and Support Center at > > http://go.microsoft.com/fwlink/events.asp. > > > > >
Recommended Posts