Home
Resources
Training
About Us
eStore

>

resources > security log resource center > encyclopedia > event 563

 

 

 

 

 

 

 

Latest Blog: Log monitoring and the Terry Childs/City of San Francisco debacle

  

Windows Security Log Events by ID

look up more events by Event ID or Category

Event ID

563

Title

Object Open for Delete
Type: Example: Randy's Comments:
Success

OS:

All versions

Category:

Object Access

Object Open for Delete
Object Server: %1 Object Type: %2
Object Name: %3 New Handle ID: %4
Operation ID:{%5,%6} Process ID: %7
Primary User Name: %8 Primary Domain: %9
Primary Logon ID: %10 Client User Name: %11
Client Domain: %12 Client Logon ID: %13
Accesses %14 Privileges %15

Event 563 does not get logged on normal file deletes. MS documentation says "An attempt was made to open an object with the intent to delete it. Note: This is used by file systems when the FILE_DELETE_ON_CLOSE flag is specified in Createfile().". For files opened exclusively by another program this flag is the only way to delete them.

Next:

Get all the tools you need in one newsletter!
Free log parser scripts, clear explanations of Microsoft's latest security bulletins, and more. View a sample issue.
Email Address:
Your email address will not be shared. You may unsubscribe at any time.


Upcoming Webinars by Randy Franklin Smith

IT Audit: Understanding Active Directory Structure and How It Makes Auditing AD Different

Security Log Secrets: Auditing Unauthorized, Unrecognized Software

Filling the Gap in Windows Configuration Baselining


Additional Links

A
D
V

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.

Get Randy's Security Log Resource Kit


Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2007 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

Site Map