Windows Security Log Event ID 566

Operating Systems Windows 2003 and XP
CategoryDirectory Service
Type Success
Failure
Corresponding events
in Windows 2008
and Vista
4662 , 5136 , 5137  
Discussions on Event ID 566
Events 836 and 837
Event ID 566 why?
Object Type: SecretObject
Disable 566 Event auditing
Tracking Organizational Unit Moves in a Windows 2003 Domain

566: Object Operation (W3 Active Directory)

On this page

Whereas event 565 logs the permissions requested by user/program, event 566 logs the permissions actually exercised by the user/program after opening it. While an object may accessed several times during the same open, Windows only logs event 566 the first time a given permission is actually exercised. This event is similar to 567 but is limited to Active Directory object accesses.

This event is part of operation based auditing which is new to W3.

You will only see event 566 on domain controllers.

Free Security Log Resources by Randy

Description Fields in 566

  • Object Server:
  • Object Type:
  • Object Name:
  • Handle ID:
  • Primary User Name:
  • Primary Domain:
  • Primary Logon ID:
  • Client User Name:
  • Client Domain:
  • Client Logon ID:
  • Accesses
  • Additional Info:
  • Additional Info2:
  • Access Mask:

Setup PowerShell Audit Log Forwarding in 4 Minutes

 

Examples of 566

Object Operation:
Object Server:DS
Operation Type:Object Access
Object Type:user
Object Name:CN=test,DC=elm,DC=local
Handle ID:-
Primary User Name:W3DC$
Primary Domain:ELM
Primary Logon ID:(0x0,0x3E7)
Client User Name:administrator
Client Domain:ELM
Client Logon ID:(0x0,0x158EB7)
Accesses:Write Property 
Properties:
   Write Property
   Public Information
   sn 
   user
Additional Info:
Additional Info2:
Access Mask:0x20

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Additional Resources