Discussions

SeTakeOwnershipPrivilege issue

Tags:
+
0 Votes
Locked

SeTakeOwnershipPrivilege issue

rsears
The following information pertains to a series of events that I observed in the security event log of one of our domain controllers, there were thousands of them which started at 4:30 PM 1/9/2001 and went to 10:30 AM 1/10/2001. The thing that is puzzling; why would these events be logged when the user isn?t running any processes or even logged onto the network. This description was copied directly from the event log.


Privileged object operation:
Object Server: Security
Object Handle: 436
Process ID: 4023213376
Primary User Name: SYSTEM
Primary Domain: NT AUTHORITY
Primary Logon ID: (0x0,0x3E7)
Client User Name: mrX
Client Domain: DOMAINX
Client Logon ID: (0x0,0x30B2166)
Privileges: SeTakeOwnershipPrivilege

I searched through TechNet but could not find anything that would explain why this is happening while the user isn?t using any network resources. I understand ??? what SeTakeOwnershipPrivilege is and does but can?t come up with an explanation for why and when these events are occurring. Can anyone help me discover why these seemingly unexplainable security events are getting generating? Ask me whatever questions you think would be useful to help solve this mystery.