Re: Special privileges assigned to new logon??

Check Local Security Policy/local policies/user rights to see if that user
does indeed have the user right for impersonate user after logon. By default
the administrators group has that user right. I would also check his account
for group membership to see if it was you expect. If you have enabled
auditing of account management and policy change you could see if his user
account has had it's group membership changed and by who and if user rights
were changed on the computer and by who. If the user is shown to have logged
on at a time when he was not there then that is a reason for concern unless
a Scheduled Task or such ran on a schedule that used his credentials but the
logon type should indicate that. Type 2 logons are direct keyboard logons or
via Remote Desktop/TS on a Windows 2000 computer while for XP/2003 computers
they could only be keyboard logon. --- Steve


"instauratio" <instauratio@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F944DB90-A9E2-4F1E-AE91-373E4022178C@xxxxxxxxxxxxxxxx
>I have a user who works partime during the day. They just started.
>
> Today, I'm looking through the event log for successful logon or logoff
> and
> I see the logon name with the event 576
> Privileges: SELoadDriverPrivilege
> Privileges: SeImpersonatePrivilege
>
> When I follow the link to microsoft for explanation, I'm alarmed by the
> cautionary remarks. In short I think that this is evidence of a hack. The
> user did not login at the specified time, and certainly would not have the
> know how or the rights to assign special privileges. I am the only admin
> here. Can someone please advise me on what I'm seeing?
> Thanks
>


.

Relevant Pages

  • Re: Reboot command no longer works in Task Scheduler
    ... What kind of account do you use for the task, ... Did you grant the user rights assignment "Logon as a batch job" and "Backup files and directories"? ... "Meinolf Weber" wrote: ...
    (microsoft.public.win2000.general)
  • Re: IIS 5 Authentication problem- solved
    ... In Local Security Policies/User Rights Assignment I had ... Can you log in using an administrator account, ... >> case there is no group, it is just the one server, ... >> interactive logon or using basic authentication. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Assiging permissions for a group to logon to a domain controll
    ... Windows Settings>Security Settings>Locla Policies>User Rights ... Allow logon through Terminal Services. ... To grant a user these permissions, start either the Active Directory Users ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Authenticating a user on Windows Server 2003
    ... > missing privileges (by privileges I mean rights on the acct i.e. does the ... > client user acct have interactive logon privileges and other necessary ... > Are you able to execute "runas" successfully as the user account (with the ...
    (microsoft.public.platformsdk.security)
  • Re: running .bat files
    ... Yes on Batch job and service. ... I do not see the rights to start and stop ... Has the account the rights "Logon as a bacth job" and "Logon a s a ... I set the user account that it runs as as Administrator, ...
    (microsoft.public.windows.server.security)