Object Open: Object Server: %1 Object Type: %2 Object Name: %3 Handle ID: %4 Operation ID: {%5,%6} Process ID: %7 Image File Name: %8 Primary User Name: %9 Primary Domain: %10 Primary Logon ID: %11 Client User Name: %12 Client Domain: %13 Client Logon ID: %14 Accesses: %15 Privileges: %16 Restricted Sid Count: %17 Access Mask: %18

Details
Product: Windows Operating System
Event ID: 560
Source: Security
Version: 5.2
Symbolic Name: SE_AUDITID_OPEN_HANDLE
Message: Object Open: Object Server: %1 Object Type: %2 Object Name: %3 Handle ID: %4 Operation ID: {%5,%6} Process ID: %7 Image File Name: %8 Primary User Name: %9 Primary Domain: %10 Primary Logon ID: %11 Client User Name: %12 Client Domain: %13 Client Logon ID: %14 Accesses: %15 Privileges: %16 Restricted Sid Count: %17 Access Mask: %18
   
Explanation

An object was successfully granted a handle and the listed accesses were granted. This message corresponds to a Security 567 message, which indicates that an object was accessed, and to a Security 562 message, which indicates that the handle of the object was successfully closed. Associated messages have the same Handle ID number.

   
User Action

No user action is required.

Related:

Leave a Reply