Centrify Privilege Elevation Service Windows audit event log sample
The following is a sample of an audit event log for Centrify Audit Event ID 6029. This log sample documents a user with local and network role privileges launching a .msc file.
Log Name: Application Source: Centrify AuditTrail V2 Date: 9/19/2019 2:05:17 PM Event ID: 6029 Task Category: None Level: Information Keywords: Classic User: bob@acme.vms Computer: member.acme.vms Description: Product: Centrify Suite Category: DirectAuthorize - Windows Event name: Run with privilege success Message: User launched 'C:\Program Files\Centrify\Access Manager\CentrifyDC.msc' on desktop 'Default' using local role 'ROLE_SYSTEM_Archt/Global' and network roles 'ROLE_SYSTEM_Archt/Global'. Sep 19 14:05:17 member.acme.vms dzagent[1348]: INFO AUDIT_TRAIL|Centrify Suite|DirectAuthorize - Windows|1.0|29|Run with privilege success|5|bob@acme.vms userSid=S-1-5-21-569763308-1211465464-1224152175-3219 sessionId=3 centrifyEventID=6029 DAInst=AuditingInstallation DASessID=c72252aa-e616-44ff-a5f6-d3f53f09bb67 role=ROLE_SYSTEM_Archt/Global effectivesid=S-1-5-21-569763308-1211465464-1224152175-3219 effectivegroupsids=S-1-5-32-544 logonguid=ad7b6538-e2a4-4304-ab6e-86c5b0dabfaf desktopguid=1e09a3dd-276f-4629-bb27-e215dfe0a0c8 command=C:\\Program Files\\Centrify\\AccessManager\\CentrifyDC.msc passwordprompted=False desktopname=Default networkroles=ROLE_SYSTEM_Archt/Global entityname=acme.vms mfarequired=False