Description of the Special Groups feature in Windows Vista and in Windows Server 2008
No formal product support is available from Microsoft for this beta product. For information about how to obtain support for a beta release, see the documentation that is included with the beta product files, or check the Web location where you downloaded the release.
- Any of the group SIDs is added to an access token when a group member logs on.
Note An access token contains the security information for a logon session. Also, the token identifies the user, the user's groups, and the user's rights.
- In the audit policy settings, the Special Logon feature is enabled.
- Click Start, type regedit in the Start Search box, and then press ENTER.
Note If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.
- Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Audit
- On the Edit menu, point to New, and then click String Value.
- Type SpecialGroups, and then press ENTER.
- Right-click SpecialGroups, and then click Modify.
- In the Value date box, type the group SIDs, and then click OK.
- A semicolon character (;) can be used to delimit the SID list. For example, you can use the following string that contains a semicolon to delimit two SIDs: S-1-5-32-544;S-1-5-32-123-54-65
- There is no restriction on the number of SIDs that you can enter in the Value date box.
- A semicolon character (;) can be used to delimit the SID list. For example, you can use the following string that contains a semicolon to delimit two SIDs:
- Exit Registry Editor.
Event ID: 4964
Special groups have been assigned to a new logon.
Security ID: Computer SID
Account Name: Computer Name
Account Domain: Computer Account Domain
Logon ID: Computer Logon ID
Logon GUID: Computer Logon GUID
Security ID: User SID
Account Name: User Account Name
Account Domain: User Account Domain
Logon ID: User Logon ID
Logon GUID: User Logon GUID
Special Groups Assigned: Group SID
Article ID: 947223 - Last Review: 01/22/2008 21:42:13 - Revision: 1.4
- kbexpertiseadvanced kbinfo KB947223