Object Open: Object Server: %1 Object Type: %2 Object Name: %3 Handle ID: %4 Operation ID: {%5,%6} Process ID: %7 Process Name: %8 Primary User Name: %9 Primary Domain: %10 Primary Logon ID: %11 Client User Name: %12 Client Domain: %13 Client Logon ID: %14 Accesses: %15 Privileges: %16 Properties:%17 Access Mask: %18

Details
Product: Windows Operating System
Event ID: 565
Source: Security
Version: 5.2
Symbolic Name: SE_AUDITID_OPEN_HANDLE_OBJECT_TYPE
Message: Object Open: Object Server: %1 Object Type: %2 Object Name: %3 Handle ID: %4 Operation ID: {%5,%6} Process ID: %7 Process Name: %8 Primary User Name: %9 Primary Domain: %10 Primary Logon ID: %11 Client User Name: %12 Client Domain: %13 Client Logon ID: %14 Accesses: %15 Privileges: %16 Properties:%17 Access Mask: %18
   
Explanation

An attempt was made to access a directory service object. Success or failure is indicated in the message. If access was successful, the listed accesses were requested and granted. If access failed, the listed accesses were requested but not granted.

  • The Process ID and Process Name fields specify the process that was used to make the request.
  • The Primary User fields specify the context (primary token) that the user used to access the process.
  • The Client User fields, if present, specify the user on whose behalf the request was made (the impersonated user).
   
User Action

No user action is required.

Related:

Leave a Reply