Home
Resources
Training
About Us
eStore
<a href="http://www.isdecisions.com/en/software/userlock/?xtor=SEC-230"><img src="http://www.isdecisions.com/images/pubs/Randy/userlock.gif" alt="UserLock" border="0" /></a>

>

resources > security log resource center > encyclopedia > event 560

 

 

 

 

 

 

 

Latest Blog: WinReporter 4.0 Makes It Easy to Assess Attack Surface

  

Windows Security Log Events by ID

look up more events by Event ID or Category

Event ID

560

Title

Object Open
Type: Example: Randy's Comments:
Success
Failure

OS:

All versions

Category:

Object Access

Object Open:
Object Server:Security
Object Type:File
Object Name:C:\ConfidentialFiles\ ProjectPlan.doc.txt
New Handle ID:1468
Operation ID:{0,1023441}
Process ID:1688

Windows Server 2003 adds this field:

Image File Name:C:\WINDOWS\ system32\ notepad.exe

All versions of Windows log these fields:

Primary User Name:administrator
Primary Domain:ELMW2
Primary Logon ID:(0x0,0x804C2)
Client User Name:-
Client Domain:-
Client Logon ID:-
AccessesDELETE
READ_CONTROL
ReadAttributes

Privileges-

Windows Server 2003 adds these fields:

Restricted Sid Count:0
Access Mask:0x10080

Events of this category allow you to track failed and successful attempts to access files and other Windows objects.

Event 560 is logged whenever a program opens an object where:
- the type of access requested has been enabled for auditing in the audit policy for this object
- the result (success/failure) has been enabled for auditing for this object
- the account the program is running under is included in the users and/or groups specified for auditing in the audit policy for this object

In Windows, a program first opens... read more

Next:

Get all the tools you need in one newsletter!
Free log parser scripts, clear explanations of Microsoft's latest security bulletins, and more. View a sample issue.
Email Address:
Your email address will not be shared. You may unsubscribe at any time.


Upcoming Webinars by Randy Franklin Smith

How to Secure Web Based Applications with 2-Factor Authentication

Eliminating Admin Rights on Workstations and Laptops: Avoiding the Pitfalls and Making it Work in the Real World

Beyond Single Event Analysis: Analyzing Multiple Events to Reduce False Positives and Gain Deeper Insight into the Security Log

Auditing File Access with the Windows Server 2008 Security Log: The Good, Bad and Ugly


Additional Links

A
D
V

Sick of LimitLogin? Get UserLock for real logon control

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.

Get Randy's Security Log Resource Kit


Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2007 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

Site Map