Windows event 673

With this privilege, the user can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. Required to undock a laptop. With this privilege, the user can undock a portable computer from its docking station without logging on.

Required to assign the primary token of a process. With this privilege, the user can initiate a process to replace the default token associated with a started subprocess.

Allows a process to create a token which it can then use to get access to any local resources when the process uses NtCreateToken or other token-creation APIs. When a process requires this privilege, we recommend using the LocalSystem account which already includes the privilege , rather than creating a separate user account and assigning this privilege to it. Required to debug and adjust the memory of a process owned by another account. With this privilege, the user can attach a debugger to any process or to the kernel.

Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. This user right provides complete access to sensitive and critical operating system components. Required to load or unload a device driver. With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers.

Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information. This privilege identifies its holder as part of the trusted computer base. This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user.

SeEnableDelegationPrivilege: Enable computer and user accounts to be trusted for delegation. Required to mark user and computer accounts as trusted for delegation. With this privilege, the user can set the Trusted for Deleg ation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object.

Note: "User rights" and "privileges" are synonymous terms used interchangeably in Windows. Some user rights are logged by this event - others by Still other, ""high-volume"" rights are not logged when they are exercised unless you enable the security option "Audit: Audit the use of Backup and Restore privilege". Unfortunately, Microsoft has overloaded these privileges so that each privilege may govern your authority to perform many different operations and which privilege is required for which operations is not well documented.

Therefore seeing that a privilege was exercised doesn't really tell you much. In Win this has been improved with better information in the Server: and Service Name: fields. In general though, I still classify these events as noise. Microsoft admits: "These are high volume events, which typically do not contain sufficient information to act upon since they do not describe what operation occurred.

Do not confuse events and with events and which document rights assignment changes as opposed to the exercise of rights which is the purpose of events and Subject: The ID and logon session of the user that excercised the right. Service: These fields help you narrow down what the user exercised the the right for. Start a discussion below if you have information on these fields! Ask a question. Quick access. Search related threads. Remove From My Forums. Answered by:. Archived Forums.

Windows Server General Forum. Sign in to vote. Thanks in advance! Wednesday, December 26, PM. Hi, The Event with 0X20 error code indicates that the ticket presenting is expired.

What is the 'User Name' that logged in the event? Is it a specific user or a couple of users that log this event?