Centrify Privilege Elevation Service Windows audit event log sample

The following is a sample of an audit event log for Centrify Audit Event ID 6029. This log sample documents a user with local and network role privileges launching a .msc file.

Log Name: Application
Source: Centrify AuditTrail V2
Date: 9/19/2019 2:05:17 PM
Event ID: 6029
Task Category: None
Level: Information
Keywords: Classic
User: bob@acme.vms
Computer: member.acme.vms
Description:
Product: Centrify Suite
Category: DirectAuthorize - Windows
Event name: Run with privilege success
Message: User launched 'C:\Program Files\Centrify\Access
Manager\CentrifyDC.msc' on
desktop 'Default' using local role 'ROLE_SYSTEM_Archt/Global' 
and network roles 'ROLE_SYSTEM_Archt/Global'.
Sep 19 14:05:17 member.acme.vms dzagent[1348]: 
INFO AUDIT_TRAIL|Centrify Suite|DirectAuthorize - Windows|1.0|29|Run with privilege
success|5|bob@acme.vms
userSid=S-1-5-21-569763308-1211465464-1224152175-3219
sessionId=3 centrifyEventID=6029
DAInst=AuditingInstallation DASessID=c72252aa-e616-44ff-a5f6-d3f53f09bb67 
role=ROLE_SYSTEM_Archt/Global 
effectivesid=S-1-5-21-569763308-1211465464-1224152175-3219
effectivegroupsids=S-1-5-32-544 
logonguid=ad7b6538-e2a4-4304-ab6e-86c5b0dabfaf
desktopguid=1e09a3dd-276f-4629-bb27-e215dfe0a0c8
command=C:\\Program Files\\Centrify\\AccessManager\\CentrifyDC.msc
passwordprompted=False desktopname=Default
networkroles=ROLE_SYSTEM_Archt/Global
entityname=acme.vms mfarequired=False