WinSecWiki > Security Settings > Advanced Audit Policies > Object Access > Kernal Object

Audit Kernel Object

This sub-category is probably only of interest to developers. An example of a kernel object is a security token. To configure this on Server 2008 and Vista you must use auditpol. Windows 7 and Server 2008 R2 and later can use Group Policy.

Event ID	Title
4656	A handle to an object was requested
4658	The handle to an object was closed

Upcoming Webinars

Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

Object Access

•	Application Generated
•	Central Access Policy Staging
•	Certification Services
•	Detailed File Share
•	File Share
•	File System
•	Filtering Platform Connection
•	Filtering Platform Packet Drop
•	Handle Manipulation
•	Kernal Object
•	Other Object Access Events
•	Registry
•	Removable Storage
•	SAM

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.