Event ID 578 - Privileged object operation
|Description||Privileged object operation|
Windows logs event ID 578 to register that a user has a set of special privileges when the user logs in.
This log data gives the following information:
- Object Server:
- Object Handle:
- Process ID:
- Primary User Name:
- Primary Domain:
- Primary Logon ID:
- Client User Name:
- Client Domain:
- Client Logon ID:
Why event ID 578 needs to be monitored?
- Prevention of privilege abuse
- Detection of potential malicious activity
- Operational purposes like getting information on user activity like user attendance, peak logon times, etc.
- Compliance mandates
With pre-defined reports from ADAudit Plus, you can easily track and audit permissions granted on a network for users or computers to complete defined tasks.
Event 578 applies to the following operating systems:
- Windows Server 2000
- Windows 2003 and XP
- Corresponding event ID for 578 in Windows Server 2008 and Vista is 4674