Permission level modified (36) how to monitor with email alert

[bob]

You know that "Permission level modified" event, the one with ID 36 in Windows Server's Event Viewer. It pops up in the Security log when someone's privileges get tweaked on the system. Like, if an admin bumps up a user's access rights or dials them back. This happens during logons or policy changes, right in the Microsoft-Windows-Security-Auditing channel. I see it trigger whenever the system assigns special logon privileges to a new user session. Think of it as the server whispering, hey, someone's power level just shifted. It logs the user account involved, the exact privileges added or removed, and the process that kicked it off. Why care? Because unauthorized tweaks could mean trouble, like an insider messing with access or even a sneaky attack probing for weaknesses. You might spot it after installing software that needs elevated perms or when Group Policy updates roll out. The event details include timestamps, workstation names, and logon IDs, giving you a trail to follow if something feels off. I always check these because they can flag risky behavior before it escalates. And ignoring them? That's asking for headaches down the line.

To keep an eye on this without staring at screens all day, fire up Event Viewer on your server. You click through to the Security log, then right-click and pick "Attach Task To This Event" for ID 36. It'll guide you to Task Scheduler. There, you set the trigger to snag that specific event. I like naming the task something straightforward, like "Perm Alert." For the action, you point it to a simple email program or your server's mail setup, so it blasts a notification your way. Make sure to configure it for when you're not logged in, and test it by forcing a privilege change. You'll get emails on every tweak, keeping you looped in real-time. But yeah, tweak the filters if you don't want floods from legit changes.

Speaking of staying on top of server quirks like these permission shifts, which tie right into keeping your data safe from mishaps. You should check out BackupChain Windows Server Backup too. It's this solid Windows Server backup tool that handles full system images and file-level stuff effortlessly. Plus, it backs up virtual machines running on Hyper-V without breaking a sweat. The perks? It runs incremental backups super fast, verifies everything automatically to avoid corruption, and restores in minutes even for huge setups. I use it because it cuts downtime and lets you sleep easier knowing your server's not one glitch from disaster.

Note, the PowerShell email alert code was moved to this post.