Event submitted by Event Log Doctor
Event ID:
4688
Source:
Security

Message:
A new process has been created.

Subject:
Security ID: CORPDOMAIN\jack.doe
Account Name: jack.doe
Account Domain: CORPDOMAIN
Logon ID: 0xc2b4c

Process Information:
New Process ID: 0xcec0
New Process Name: C:\Windows\System32\PING.EXE
Token Elevation Type: TokenElevationTypeLimited (2)
Creator Process ID: 0x116c


System32 Reference

Windows Security Event ID 4688

Solution by Event Log Doctor

2013-02-11 16:08:06 UTC

This event is logged when a new process is being created. The event includes the PID ("New Process ID"), the user who launched the process ("Security ID"), the parent process ID ("Creator Process ID") and the token elevation type.

TokenElevationTypeDefault: Full token, default when UAC is disabled or processes started by built-in Admin or services
TokenElevationTypeFull: UAC enabled, process is running elevated
TokenElevationTypeLimited: UAC enabled, process is running non-elevated


User Information
 
Only an Email address is required for returning users.

Hide Name
Solution
Additional Links