WinSecWiki > Security Settings > Advanced Audit Policies > Object Access > Kernal Object

Audit Kernel Object

This sub-category is probably only of interest to developers. An example of a kernel object is a security token. To configure this on Server 2008 and Vista you must use auditpol. Windows 7 and Server 2008 R2 and later can use Group Policy.

Event ID Title
4656 A handle to an object was requested
4658 The handle to an object was closed

Back to top

 

Upcoming Webinars
  • Securing Every Identity in the Hybrid Era: Building a Unified Strategy Across Cloud, On-Prem, and AI
  • “3 Persistent Privileged Access Methods in Active Directory: How Attackers Stick the Landing with AdminSdHolder, SIDHistory, DCShadow”
Additional Resources
    Object Access
    •Application Generated
    •Central Access Policy Staging
    •Certification Services
    •Detailed File Share
    •File Share
    •File System
    •Filtering Platform Connection
    •Filtering Platform Packet Drop
    •Handle Manipulation
    •Kernal Object
    •Other Object Access Events
    •Registry
    •Removable Storage
    •SAM

     
     
    User name:
    Password:
      / Forgot?
      Register
    October 2025
    Patch Tuesday    		 "Patch Tuesday - 172 Updates Today and 6 Zero-Days! " - sponsored by LOGbinder
    .
    Tweet
    Follow @randyfsmith
    About | Newsletter | Contact Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
    Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.     		Terms of Use | Privacy |
    Cookies help us deliver the best experience on our website. By using our website, you agree to the use of cookies.