Microsoft KB Archive/166478

= Logon Rights Are Not Audited =

Article ID: 166478

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows NT Workstation 3.51
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Server 3.51
 * Microsoft Windows NT Server 4.0 Standard Edition

-



This article was previously published under Q166478





SYMPTOMS
Windows NT can audit when a user or group is added to or removed from a User Right. To audit these types of actions, in User Manager, on the Policies menu, click Audit. In Audit Policy, click Audit These Events and select Security Policy Changes. This is the only audit category needed to audit these specific actions. However, the following rights do not show up in the Security log when Security Policy Changes are being audited. Changes to other rights were successfully audited.

The following rights are not audited:
 * Access this computer from network
 * Log on as a service
 * Log on as a batch job
 * Log on locally



CAUSE
There was no associated code to log these events.



STATUS
Microsoft has confirmed this to be a problem in Windows NT version 3.51 and 4.0. This problem was corrected in the latest Microsoft Windows NT 4.0 U.S. Service Pack. For information on obtaining the service pack, query on the following word in the Microsoft Knowledge Base (without the spaces):

S E R V P A C K

Additional query words: prodnt

Keywords: kbbug kbenv KB166478

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.