Microsoft KB Archive/268169

= SMS: Audit of Successful Use of User Rights May Create Multiple Entries in NT Security Log =

Article ID: 268169

Article Last Modified on 10/27/2006

-

APPLIES TO


 * Microsoft Systems Management Server 2.0 Standard Edition
 * Microsoft Systems Management Server 2.0 Service Pack 1
 * Microsoft Systems Management Server 2.0 Service Pack 2

-



This article was previously published under Q268169



SUMMARY
When you enable success auditing for &quot;Use of User Rights&quot; on Microsoft Windows NT computers or you enable &quot;Audit privilege use&quot; on Microsoft Windows 2000 computers, numerous entries for the SMSCliSvcAcct& account or the SMS&_DomainController account may be displayed in the security log. These entries appear whenever the local client service account is used on the computer and coincides with the 23 hour configuration interval for the Systems Management Server (SMS) Client or the stop and subsequent restart of the SMS client service.

For additional information about the latest service pack for Microsoft Systems Management Server 2.0, click the following article number to view the article in the Microsoft Knowledge Base:

288239 How to Obtain the Latest Systems Management Server 2.0 Service Pack



MORE INFORMATION
The client service uses the SMS Client Service Account (SMSCliSvcAcct& or SMS&_DomainController) to gain access to Windows NT and Windows 2000 computers. This account exists the entire time that the SMS Client software is installed on the client. This account is automatically created during the SMS client installation. This account must be a local Administrator and have the following rights:


 * LogonAsService
 * ActAsPartOfOperatingSystem
 * ReplaceProcessLevelToken

NOTE: SMS automatically configures the above-referenced account with all of the necessary rights. Not having these rights does not have an impact on security, just functionality.

