WinSecWiki > Security Settings > Local Policies > Audit Policy > Object Access > SAM

SAM

This category allows you to track access to objects in the SAM (Security Account Manager) where local users and groups are stored on non-domain controller systems. To configure this on Server 2008 and Vista you must use auditpol. Windows 7 and Server 2008 R2 and later can use Group Policy.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event ID	Title
4658	The handle to an object was closed
4660	An object was deleted
4661	A handle to an object was requested
4663	An attempt was made to access an object

Upcoming Webinars

Assessing the Security of Your Active Directory: User Accounts
Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

Object Access

•	Detailed File Share
•	Removable Storage Devices
•	File System
•	Registry
•	Kernal Object
•	SAM
•	Certification Services
•	Application Generated
•	Handle Manipulation
•	File Share
•	Filtering Platform Packet Drop
•	Filtering Platform Connection
•	Other Object Access

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.