Hello,
I too, used the event viewer after my desktop went black (Taskbar still in view), I rebooted and went to Event Properties in my Vista PC. Is the advice still current as stated in the post above?
Below are the event details I received.
Thanks for any help you can give me.
--Colleen
GENERAL:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 7/12/2010 8:30:00 AM
Event ID: 4672
Task Category: Special Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: Office-PC
Description:
Special privileges assigned to new logon.
Subject:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>4672</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12548</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2010-07-12T13:30:00.899Z" />
<EventRecordID>4739</EventRecordID>
<Correlation />
<Execution ProcessID="688" ThreadID="5544" />
<Channel>Security</Channel>
<Computer>Office-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">SYSTEM</Data>
<Data Name="SubjectDomainName">NT AUTHORITY</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="PrivilegeList">SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege</Data>
</EventData>
</Event>
DETAILS:
<script> function Toggle(node) { if (!window.fullyLoaded) return; // Expand the branch? if (node.nextSibling.style.display == 'none') { // Change the sign from "+" to "-". var tBodyNode = node.childNodes[0]; var trNode = tBodyNode.childNodes[0];
var tdNode = trNode.childNodes[0]; var bNode = tdNode.childNodes[0]; var textNode = bNode.childNodes[0]; if (textNode.nodeType == 3 /* Node.TEXT_NODE */) { var s = textNode.data; if (s.length > 0 && s.charAt(0) == '+') { textNode.data = '-' + s.substring(1,
s.length); } } // show the branch node.nextSibling.style.display = ''; } else // Collapse the branch { // Change the sign from "-" to "+". var tBodyNode = node.childNodes[0]; var trNode = tBodyNode.childNodes[0]; var tdNode = trNode.childNodes[0];
var bNode = tdNode.childNodes[0]; var textNode = bNode.childNodes[0]; if (textNode.nodeType == 3 /* Node.TEXT_NODE */) { var s = textNode.data; if (s.length > 0 && s.charAt(0) == '-') { textNode.data = '+' + s.substring(1, s.length); } } // hide
the branch node.nextSibling.style.display = 'none'; } } // Toggle "System" element by default so that it's default status is to hide its children function ToggleSystemElement() { var body = document.getElementById("body"); var anchor =
body.getElementsByTagName("table")[0]; Toggle(anchor); } // If binary data is present in event XML, show it in friendly form. function ProcessBinaryData(binaryString, binaryDataCaption, wordsFormatString, bytesFormatString, normalFont, fixedWidthFont)
{ var bodyNode = document.getElementById("body"); // Add a <hr> at the end of the HTML body. bodyNode.appendChild(document.createElement("hr")); // This paragraph (p element) is the "Binary data:" literal string. var p =
document.createElement("p"); p.style.fontFamily = normalFont; var b = document.createElement("b"); b.appendChild(document.createTextNode(binaryDataCaption)); p.appendChild(b); p.appendChild(document.createElement("br")); bodyNode.appendChild(p);
// // Show binary data in Words format. // p = document.createElement("p"); p.style.fontFamily = normalFont; p.appendChild(document.createTextNode(wordsFormatString)); bodyNode.appendChild(p); // Must use fixed-width font for binary data. p = document.createElement("p");
p.style.fontFamily = fixedWidthFont; var i = 0; var j = 0; var s, tempS; var translatedString; var charCode; var byte1, byte2; // Each character in binaryString is a hex (16-based) representation of // 4 binary bits. So it takes 2 characters in binaryString
to form a // complete byte; 4 characters for a word. while (i < binaryString.length) { s = (i / 4).toString(16); // To hex representation. while (s.length < 4) { s = "0" + s; } s += ": "; // DWords representation is simply a rearrangement
of the original binaryString // For example, from: // // 0000000002005600000000000f000540 // // (which is 00 00 00 00 02 00 56 00 00 00 00 00 0f 00 05 40). // // to: // // 0000: 00000000 00560002 00000000 4005000f // 8 words per line, 4 DWords per line. for
(j = 0; j < 4; j++) { s += binaryString.substring(i + 6, i + 8); s += binaryString.substring(i + 4, i + 6); s += binaryString.substring(i + 2, i + 4); s += binaryString.substring(i, i + 2) + " "; i += 8; } p.appendChild(document.createTextNode(s));
p.appendChild(document.createElement("br")); } bodyNode.appendChild(p); // // Show binary data in bytes format. // p = document.createElement("p"); p.style.fontFamily = normalFont; p.appendChild(document.createTextNode(bytesFormatString));
bodyNode.appendChild(p); // Must use fixed-width font for binary data. p = document.createElement("p"); p.style.fontFamily = fixedWidthFont; i = 0; j = 0; // Each character in binaryString is a hex (16-based) representation of // 4 binary bits. So
it takes 2 characters in binaryString to form a // complete byte. while (i < binaryString.length) { translatedString = ""; // 2 characters in binaryString to form a byte s = (i / 2).toString(16); // to hex representation. // Prefix with '0' until
its length is 4. while (s.length < 4) { s = "0" + s; } s += ": "; // Show 8 bytes per line for (j = 0; j < 8; j++) { tempS = binaryString.substring(i, i + 2); // 2 for 1 byte i += 2; s += tempS + " "; // Treat tempS as hex
integer charCode = parseInt(tempS, 16); if (charCode < 32) { translatedString += "."; } else { translatedString += String.fromCharCode(charCode); } } while (s.length < 32) { s += " "; } s += translatedString; p.appendChild(document.createTextNode(s));
p.appendChild(document.createElement("br")); } bodyNode.appendChild(p); } </script>
| |
|
| |
|
|
[ Name ] |
Microsoft-Windows-Security-Auditing |
| |
|
|
[ Guid ] |
{54849625-5478-4994-a5ba-3e3b0328c30d} |
|
| |
|
|
|
Keywords |
0x8020000000000000 |
|
| |
|
| |
|
|
[ SystemTime ] |
2010-07-12T13:30:00.899Z |
|
|
|
SubjectDomainName |
NT AUTHORITY |
|
|
PrivilegeList |
SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege
SeImpersonatePrivilege |
