Check or Attack Name: Generate Security Audit Privilege

A user has been detected with the Generate Security Audits privilege. This right is not normally granted to any users.

Verify Advanced user rights in User Manager.

To audit and revoke this privilege, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. From the Policies menu, select User Rights to display the User Rights Policy dialog box.
3. Select the Show Advanced User Rights check box.
4. From the Right list, select Generate security audits.
5. Verify this right is set in accordance with your security policy.
6. To remove a user, select the user and click Remove.

Microsoft Knowledge Base Article Q101366, Definition and List of Windows NT Advanced User Rights, http://support.microsoft.com/support/kb/articles/q101/3/66.asp