For obviouse security reasons, we have a number of auditing events turned
on. The only result of this seems to be that the event log rapidly fills up
with highly cryptic events, and no one has any idea what the hell they mean!

For example:

#####

Date: 12/01/04
Time: 04:22:21 PM
User: abc
Computer: XYZ
EventID: 576
Source: Security
Type: Success Audit
Category: Privilege Use

Special privileges assigned to new logon:
User Name: abc
Domain: LEMON
LogonID: (0x0,0x701005A)
Assigned: SeChangeNotifyPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege

#####

What exactly is this telling me? (That user "abc" has just logged on? Is
that what it means?)

Here's another one:

#####

Date: 12/01/04
Time: 04:21:53 PM
User: abc
Computer: XYZ
EventID: 578
Source: Security
Type: Success Audit
Category: Privilege Use

Privileged object operation:
Object Server: Spooler
Object Handle: 39715960
ProcessID: 2160636576
Primary User Name: SYSTEM
Primary Domain: NT AUTHORITY
Primary Logon ID: (0x0,0x3E7)
Client User Name: abc
Client Logon ID: (0x0,0x6FCBE0E)
Privileges: SeTakeOwnershipPrivilege

#####

Erm... OK, so I privileged operation was performed... but WHAT operation???

Any help with figuring out what there are would be greatly helpful! (We have
literally thousands of each, and no idea what it's all about.) If we don't
know what the hell this stuff is, we might as well turn off auditing!