Event ID 4673 - A privileged service was called
|Description||Privileged Service Called|
Windows logs event ID 4673 to register that a user has a set of special privileges when the user logs in.
This log data gives the following information:
|Service Request Information||
Why event ID 4673 needs to be monitored?
- Prevention of privilege abuse
- Detection of potential malicious activity
- Operational purposes like getting information on user activity like user attendance, peak logon times, etc.
- Compliance mandates
With pre-defined reports from ADAudit Plus, you can easily track and audit permissions granted on a network for users or computers to complete defined tasks.
Event 4673 applies to the following operating systems:
- Windows Server 2008 R2 and Windows 7
- Windows Server 2012 R2 and Windows 8.1
- Windows Server 2016 and Windows 10
- Corresponding event ID for 4673 in Windows Server 2003 and older is 577