I have a log event, Event ID 4717, Access list = SeServiceLogonRight, Caller Security ID = NT AUTHORITY\SYSTEM, Event Task Category = Authentication Policy Change, Target User = IIS APPPOOL\Shared, User Name = File Server, Windows Event Src = Microsoft-Windows-Security-Auditing.
This is a system-generated event. Why did it happen?
If I want to learn the answers to questions like this, where is the best place to research and learn? Microsoft has a ton of material available online, including 4717(S) System security access was granted to an account. (Windows 10) - Windows security | Microsoft Docs.
I understand what each piece of the event means, but I do not know the best way to learn why it happened; or the best way to see the sequence of log events in Alert Logic to see if other events can give me more insight into why this event would occur.
Please sign in to leave a comment.