Event ID 577 Every few seconds

[dean]

This event is getting logged every few seconds in the
security log. Any ideas? This feels like a security
breech. Any help would be appreciated.

Privileged object operation:
Object Server: EventLog
Object Handle: 12649776
Process ID: 568
Primary User Name: ComputerName$
Primary Domain: DOMAINNAME
Primary Logon ID: (0x0,0x3E7)
Client User Name: username
Client Domain: DOMAINNAME
Client Logon ID: (0x0,0x114A6)
Privileges: SeSecurityPrivilege

 

[Roger Abell]

The importance of this all depends on what you
can tell us of the account "username"

 

[Dean McCreary]

Thanks for the response. The username is mine. I have admin access.

Dean

 

[Roger Abell]

You see this because you are auditing privilege use.
This privilege, which is normal for an admin account,
grants managing of auditing and the security log.

With auditing of privilege use success enabled, you
see this event for each instance of this event.
Now, what is not normal is that your accounts apparently
doing this so constantly.
The event is written because your account is defining a
hard link to an audited resource. You would need to chase
down what is running within your login session to cause
this, or track it down by the handle to find what is being
accessed. Tracking by handle is not clear-cut for a non-
coding person.

 

[Roger Abell]

Sorry the confusion on my part, it to 568 as the event id
instead of 577 from the subject.
So, skip the info about making a hard-link.
577 is less specific, only indicating use of the
system service for privileged operation.