Applies to. Windows Server 2003 SP1, Windows Server 2003 R2, Windows XP SP2, Windows Server 2008, Windows Vista. Credential roaming does not apply to Windows RT devices. A complete list of the over 280 Command Prompt commands across Windows 8, 7, Vista, and XP, including full descriptions of each CMD command. Describes security event 4674S, F An operation was attempted on a privileged object. On a Windows host, you can find this file in the VirtualBox installation directory usually under CProgram files. Compare Contents Of Directories Windows Vista' title='Compare Contents Of Directories Windows Vista' />S, F An operation was attempted on a privileged object. Windows 1. 0Applies to. Windows 1. 0Windows Server 2. Subcategories Audit Sensitive Privilege Use and Audit Non Sensitive Privilege Use. Event Description This event generates when an attempt is made to perform privileged operations on a protected subsystem object after the object is already opened. This event generates, for example, when Se. Shutdown. Privilege, Se. Remote. Shutdown. Privilege, or Se. Security. Privilege is used. Failure event generates when operation attempt fails. Note  For recommendations, see Security Monitoring Recommendations for this event. Event XML lt Event xmlnshttp schemas. Compare Contents Of Directories Windows Vista' title='Compare Contents Of Directories Windows Vista' />System. Provider NameMicrosoft Windows Security Auditing Guid5. A5. BA 3. E3. B0. C3. 0D. lt Event. ID 4. 67. 4lt Event. ID. lt Version 0lt Version. Level 0lt Level. Task 1. Task. Opcode 0lt Opcode. Keywords 0x. 80. Keywords. Time. Created System. Time2. Lets assume you made a backup task using RoboCopy, XCopy, SyncToy or any other tool to mirror copy a certain directory to a different location. Especially if you. A complete list of Command Prompt commands in Windows 8. Around 230 CMD commands exist in Windows 8, often incorrectly referred to as DOS commands. Starting with Windows Vista, the Open and Save As common dialog boxes have been superseded by the Common Item Dialog. We recommended that you use the Common Item. T0. 0 2. 2 3. 6. Z. Event. Record. ID 1. Event. Record. ID. Correlation. Execution Process. ID4. 96 Thread. ID5. Channel Securitylt Channel. Computer DC0. Computer. Security. System. Event. Data. lt Data NameSubject. User. Sid S 1 5 1. Data. lt Data NameSubject. User. Name LOCAL SERVICElt Data. Data NameSubject. Domain. Name NT AUTHORITYlt Data. Data NameSubject. Logon. Id 0x. Data. Data NameObject. Server LSAlt Data. Data NameObject. Type lt Data. Data NameObject. Name lt Data. Data NameHandle. Id 0x. Data. Data NameAccess. Mask 1. 67. 77. Data. Data NamePrivilege. List Se. Security. Privilegelt Data. Data NameProcess. Id 0x. 1f. 0lt Data. Data NameProcess. Name C WindowsSystem. Data. lt Event. Data. Event. Required Server Roles None. Minimum OS Version Windows Server 2. Windows Vista. Event Versions 0. Field Descriptions Subject Security ID Type SID SID of account that requested privileged operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. Note  A security identifier SID is a unique value of variable length used to identify a trustee security principal. Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see Security identifiers. Account Name Type Unicode. String the name of the account that requested privileged operation. Account Domain Type Unicode. String subjects domain or computer name. Formats vary, and include the following Domain NETBIOS name example CONTOSOLowercase full domain name contoso. Uppercase full domain name CONTOSO. LOCALFor some well known security principals, such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is NT AUTHORITY. For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example Win. Logon ID Type Hex. Int. 64 hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, 4. An account was successfully logged on. Object Object Server Type Unicode. String Optional Contains the name of the Windows subsystem calling the routine. Subsystems examples are Security. Security Account Manager. NT Local Security Authority Authentication Service. SC Manager. Win. 32 System. Shutdown module. LSAObject Type Type Unicode. String Optional The type of an object that was accessed during the operation. The following table contains the list of the most common Object Types Directory. Event. Timer. Device. Mutant. Type. File. Token. Thread. Section. Window. Station. Debug. Object. Filter. Communication. Port. Event. Pair. Driver. Io. Completion. Controller. Symbolic. Link. Wmi. Guid. Process. Profile. Desktop. Keyed. Event. SCMANAGER OBJECTKey. Waitable. Port. Callback. Job. Port. Filter. Connection. Port. ALPC Port. Semaphore. Adapter. Object Name Type Unicode. String Optional the name of the object that was accessed during the operation. Object Handle Type Pointer hexadecimal value of a handle to Object Name. This field can help you correlate this event with other events that might contain the same Handle ID, for example, 4. A handle to an object was requested event in appropriateother subcategory. This parameter might not be captured in the event, and in that case appears as 0x. Process Information Process ID Type Pointer hexadecimal Process ID of the process that attempted the operation on the privileged object. Process ID PID is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager Details tab, PID column If you convert the hexadecimal value to decimal, you can compare it to the values in Task Manager. You can also correlate this process ID with a process ID in other events, for example, 4. A new process has been created Process InformationNew Process ID. Process Name Type Unicode. String full path and the name of the executable for the process. Requested Operation Desired Access Type Unicode. String The desired access mask. This mask depends on Object Server and Object Type parameters values. The value of this parameter is in decimal format. There is no detailed information about this parameter in this document. If Desired Access is not presented, then this parameter will have 0 value. Privileges Type Unicode. String the list of user privileges which were requested. The possible privileges depend on the subcategory, either Audit Non Sensitive Privilege Use or Audit Sensitive Privilege Use, as shown in the following two tables Subcategory of event. Privilege Name User Right Group Policy Name. Description. Audit Non Sensitive Privilege Use. Se. Change. Notify. Privilege Bypass traverse checking. Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks. With this privilege, the user can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. Audit Non Sensitive Privilege Use. Se. Create. Global. Privilege Create global objects. Required to create named file mapping objects in the global namespace during Terminal Services sessions. Audit Non Sensitive Privilege Use. Se. Create. Pagefile. Privilege Create a pagefile. With this privilege, the user can create and change the size of a pagefile. Audit Non Sensitive Privilege Use. Driver Synaptics Ps 2 Port Touchpad Toshiba Touchpad there. Se. Create. Permanent. Privilege Create permanent shared objects. Required to create a permanent object. This privilege is useful to kernel mode components that extend the object namespace. List of Windows 8 Command Prompt Commands. The Command Prompt available in Windows 8 contains access to around 2. The commands available in Windows 8 are used for a variety of purposes, including diagnosing and correcting certain Windows problems, automating tasks, and much more. Note A number of Windows 8 Command Prompt commands are very similar to MS DOS commands. However, the Command Prompt in Windows 8 is not MS DOS so the commands are not correctly referred to as MS DOS commands. I do have a list of DOS commands if you really are using MS DOS and are interested. Not Using Windows 8 Here are lists detailing all available Windows 7 commands, Windows Vista commands, and Windows XP commands. You can also see every command ever available, from MS DOS through Windows 8, in my list of Command Prompt commands or check out a one page table without the details here. If youre mainly interested in changes in command availability from Windows 7, see New and Removed Commands in Windows 8. Below is a complete list of commands, sometimes called CMD commands, available from the Command Prompt in Windows 8 append ksetup ktmutil time timeout xwizard. The append command can be used by programs to open files in another directory as if they were located in the current directory. The append command is not available in 6. Windows 8. The arp command is used to display or change entries in the ARP cache. The assoc command is used to display or change the file type associated with a particular file extension. The attrib command is used to change the attributes of a single file or a directory. More The auditpol command is used to display or change audit policies. The bcdboot command is used to copy boot files to the system partition and to create a new system BCD store. The bcdedit command is used to view or make changes to Boot Configuration Data. The bdehdcfg command is used to prepare a hard drive for Bit. Locker Drive Encryption. The bitsadmin command is used to create, manage, and monitor download and upload jobs. While the bitsadmin command is available in Windows 8, you should know that it is being phased out. The BITS Power. Shell cmdlets should be used instead. The bootcfg command is used to build, modify, or view the contents of the boot. Windows is located. The bootcfg command was replaced by the bcdedit command beginning in Windows Vista. Bootcfg is still available in Windows 8 but it serves no real value since boot. The bootsect command is used to configure the master boot code to one compatible with Windows 8 BOOTMGR. The bootsect command is only available from the Command Prompt in Advanced Startup Options. The break command sets or clears extended CTRLC checking on DOS systems. The break command is available in Windows 8 to provide compatibility with MS DOS files but it has no effect in Windows 8 itself. The cacls command is used to display or change access control lists of files. Even though the cacls command is available in Windows 8, its being phased out. Microsoft recommends that you use the icacls command instead. The call command is used to run a script or batch program from within another script or batch program. The call command has no effect outside of a script or batch file. In other words, running the call command at the Command Prompt will do nothing. The Cd command is the shorthand version of the chdir command. The certreq command is used to perform various certification authority CA certificate functions. The certutil command is used to dump and display certification authority CA configuration information in addition to other CA functions. The change command changes various terminal server settings like install modes, COM port mappings, and logons. The chcp command displays or configures the active code page number. The chdir command is used to display the drive letter and folder that you are currently in. Chdir can also be used to change the drive andor directory that you want to work in. The checknetisolation command is used to test apps that require network capabilities. The chglogon command enables, disables, or drains terminal server session logins. Executing the chglogon command is the same as executing change logon. The chgport command can be used to display or change COM port mappings for DOS compatibility. Executing the chgport command is the same as executing change port. The chgusr command is used to change the install mode for the terminal server. Executing the chgusr command is the same as executing change user. The chkdsk command, often referred to as check disk, is used to identify and correct certain hard drive errors. More. The chkntfs command is used to configure or display the checking of the disk drive during the Windows boot process. The choice command is used within a script or batch program to provide a list of choices and return of the value of that choice to the program. The cipher command shows or changes the encryption status of files and folders on NTFS partitions. The clip command is used to redirect the output from any command to the clipboard in Windows. The cls command clears the screen of all previously entered commands and other text. The cmd command starts a new instance of the command interpreter. The cmdkey command is used to show, create, and remove stored user names and passwords. The cmstp command installs or uninstalls a Connection Manager service profile. The color command is used to change the colors of the text and background within the Command Prompt window. The command command starts a new instance of the command. The command command is not available in 6. Windows 8. The comp command is used to compare the contents of two files or sets of files. The compact command is used to show or change the compression state of files and directories on NTFS partitions. The convert command is used to convert FAT or FAT3. NTFS format. The copy command does simply that it copies one or more files from one location to another. The cscript command is used to execute scripts via Microsoft Script Host. The cscript command is most commonly used to manage printing from the command line with scripts like prncnfg. The date command is used to show or change the current date. The debug command starts Debug, a command line application used to test and edit programs. The debug command is not available in 6. Windows 8. The defrag command is used to defragment a drive you specify. The defrag command is the command line version of Microsofts Disk Defragmenter. The del command is used to delete one or more files. The del command is the same as the erase command. The dir command is used to display a list of files and folders contained inside the folder that you are currently working in. The dir command also displays other important information like the hard drives serial number, the total number of files listed, their combined size, the total amount of free space left on the drive, and more. More. The diskcomp command is used to compare the contents of two floppy disks. The diskcopy command is used to copy the entire contents of one floppy disk to another. The diskpart command is used to create, manage, and delete hard drive partitions. The diskperf command is used to manage disk performance counters remotely. The diskperf command was useful for disk performance counter administration in Windows NT and 2. Windows 8. The diskraid command starts the Disk. RAID tool which is used to manage and configure RAID arrays.