| Event Id | 560 |
| Source | Security |
| Description | Object Open: Object Server: <Object Server> Object Type: <Object Type> Object Name: <Object Name> Handle ID: <Handle ID> Operation ID: <Operation ID> Process ID: <Process ID> Image File Name: <Image File Name> Primary User Name: <Primary User Name> Primary Domain: <Primary Domain> Primary Logon ID: <Primary Logon ID> Client User Name: <Client User Name> Client Domain: <Client Domain> Client Logon ID: <Client Logon ID> Accesses: <Accesses> ReadData (or ListDirectory) Privileges: <Privileges> Restricted Sid Count: <Restricted Sid Count> Access Mask: <Access Mask> |
| Event Information | Cause: An object was successfully granted a handle and the listed accesses were granted. This message corresponds to a Security 567 message, which indicates that an object was accessed, and to a Security 562 message, which indicates that the handle of the object was successfully closed. Associated messages have the same Handle ID number. Resolution: No user action is required. Related Events: Event ID: 567, Event Source: Security Event ID: 562, Event Source: Security |
| Reference Links | Event ID 560 from Source Security Alternate Event ID in Vista and Windows Server 2008 is 4656. OnEBill Security Log Errors Event ID 560 Message Is Recorded in the Security Log Take Ownership Remotely Does Not Log Security Event Event 560 Failures Appears When File and Object Auditing Is Enabled How to Identify the User Who Changed the Administrator Password Your auditing logs may contain incorrect auditing event details for event 565 and event 560 File reads are logged with event IDs 560 and 562 when you turn on file write auditing in Windows NT Event IDs 560 and 562 appear many times in the security event log Event ID 560 is logged every time that you refresh the security log in Windows Server 2003 |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.