I have an audit entry by a normal user with a Successful Audit, Object Access that I’m not sure what is being accessed.
Object Open:
Object Server: Security Account Manager
Object Type: SAM_USER
Object Name: DOMAINS\Account\Users\000003F2 New Handle ID: 1474024
Operation ID: {0,767851}
Process ID: 2158420000
Primary User Name: SYSTEM
Primary Domain: NT AUTHORITY
Primary Logon ID: (0x0,____)
Client User Name: “username”
Client Domain: RYA_PDC
Client Logon ID:(0x0,____)
Accesses READ_CONTROL
ReadGeneralInformation
ReadPreferences
ReadLogon
ReadAccount
ListGroups
Privileges –
Can anyone tell me what is being accessed and how?
