locked
Keyboard causing errors in eventlog 577 SeTcbPrivilege RRS feed

  • Question

  • Hello,

    For PCI auditing in the GPO, we enabled auditing for "Audit Privileged use” success and failure. In the event log we get an error repeating 10 times a second.

    Event Type:         Failure Audit
    Event Source:      Security
    Event Category:    Privilege Use
    Event ID:            577
    Date:                 4/11/2011
    Time:                 11:29:42 AM
    User:                 Computer\User
    Computer:           Computer

    Description:
    Privileged Service Called:
                Server:               Security
                Service:              -
                Primary User Name:          User
                Primary Domain:  Computer
                Primary Logon ID: (0x0,0x726095)
                Client User Name: -
                Client Domain:     -
                Client Logon ID:   -
                Privileges:           SeTcbPrivilege

    I used Sysinternals Process Explorer and found the application that uses the extended keyboard driver and then found the process the application has under it. I eventually found the a process that was calling a driver called keyhook.dll provided by the keyboard manufacture. When I pause this process, the error stops in the event log. I have the latest driver, but the error continues. So far the vender hasn’t come up with a solution as of yet. Is there any way to either fix the SeTcbPrivilege or suppress it in any way?

    We are using a Preh keyboard (Model:133AU) on a system that uses a driver to access extended customized keys.

    Thank you

    Thursday, April 14, 2011 2:32 PM