Windows Security Log Event ID 564
Operating Systems |
Windows Server 2000
Windows 2003 and XP
|
Category | Object Access |
Type
|
Success
|
Corresponding events
in Windows
2008 and Vista |
4660
|
564: Object Deleted
On this page
When an object for which successful delete access has been enabled for auditing, Event 564 is logged upon actual deletion. To determine the name of the object deleted look for a prior event 560 with the same handle ID. Normally event 560 and event 564 will be in close proximity but it is theoretically possible for a process to open an object (560) for delete access and then actually delete it much later. See event 560 for further information.
Free Security Log Resources by Randy
- Object Server:
- Handle ID:
- Process ID:
The following field also apears in Windows Server 2003:
- Image File Name: (the path and file name of the program that deleted the object)
Supercharger Free Edition