Hi,
Have an installation in an environment and have 20 or so service accounts all given trusted user status. They are still generating a handful of events, mainly cmd.exe file access events trying to write to %TEMP%.
Are there still some things that Trusted Users aren't allowed to do? I thought a Trusted User had essentially free reign of everything. All trusted users have been given SAFE privilages.