Check or Attack Name: Manage Security Log Privilege

A user has been detected with the Manage Auditing and Security Log privilege. This right is normally only granted to Administrators.

Verify user rights in User Manager.

To audit and revoke this privilege, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. From the Policies menu, select User Rights to display User Rights Policy dialog box.
3. From the Right list, select Manage auditing and security log.
4. Verify this right is set in accordance with your security policy.
5. To remove a user, select the user and click Remove.

Microsoft Knowledge Base Article Q181735, Adding a Link Service to a Remote SNA Server, http://support.microsoft.com/support/kb/articles/q181/7/35.asp