Hello,
we use the windows checkmk agent 2.0.0.50021 and we just stumpled upon the following behavior.
The server logs hundrets of 4703 Events in the security logs “a user right was adjusted”
Like MS discribed in this article
They also state the following:
If you are using an application or system service that makes changes to system privileges through the AdjustPrivilegesToken API, you might need to disable Success auditing for this subcategory (Audit Authorization Policy Change), or work with a very high volume of event 4703.
My question: Does anybode know if Checkmk uses the AdjustPrivilegesToken API and if so would it be the right way ti disable the success auditing?
Thank you
Timo