WinSecWiki > Security Settings > Advanced Audit Policies > Object Access > Other Object Access Events

Audit Other Object Access Events

This is a hodgepodge of miscellaneous Object Access events. The most valuable event in this category are the ones allowing you to monitor changes to Scheduled Tasks and file deletion. To configure this on Server 2008 and Vista you must use auditpol. Windows 7 and Server 2008 R2 and later can use Group Policy.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event ID	Title
4656	A handle to an object was requested
4658	The handle to an object was closed
4659	A handle to an object was requested with intent to delete
4660	An object was deleted
4663	An attempt was made to access an object
4664	An attempt was made to create a hard link.
4691	Indirect access to an object was requested
4698	A scheduled task was created
4699	A scheduled task was deleted.
4700	A scheduled task was enabled.
4701	A scheduled task was disabled
4702	A scheduled task was updated.

Upcoming Webinars

Identity Fabric: Stitching Together IAM or Selling the Emperor’s New Clothes?

Additional Resources

Object Access

•	Application Generated
•	Central Access Policy Staging
•	Certification Services
•	Detailed File Share
•	File Share
•	File System
•	Filtering Platform Connection
•	Filtering Platform Packet Drop
•	Handle Manipulation
•	Kernal Object
•	Other Object Access Events
•	Registry
•	Removable Storage
•	SAM

User name:
Password:
	/ Forgot?
	Register

September 2025 Patch Tuesday	"Patch Tuesday - Two Zero Days This Month " - sponsored by Supercharger for Windows Event Collection

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.