560 errors

From: Mike W (wunderlinmw@state.gov)
Date: 01/29/03 

From: "Mike W" <wunderlinmw@state.gov>
Date: Wed, 29 Jan 2003 05:11:39 -0800

Our systems are locked down by security settings, and
auditing. I recently deployed a Win2K computer in a NT
4.0 domain as part of a planned rollout. The system
crashed within 2 hours (crashonauditfail is enabled) Most
of the errors are similar to these:

Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 01/23/03
Time: 9:04:01 AM
User: <domain name>\<user name>
Computer: <computer name>
Description:
Object Open:
         Object Server: Security
         Object Type: Event
         Object Name:
        \BaseNamedObjects\crypt32LogoffEvent
         New Handle ID: -
         Operation ID: {0,253463}
         Process ID: 248
         Primary User Name: <removed for posting>
         Primary Domain: <domain name>
         Primary Logon ID: (0x0,0x253EE)
         Client User Name: -
         Client Domain: -
         Client Logon ID: -
         Accesses DELETE
                        READ_CONTROL
                        WRITE_DAC
                        WRITE_OWNER
                        SYNCHRONIZE
                        Query event state
                        Modify event state
                        
         Privileges -
 

Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 01/23/03
Time: 9:03:57 AM
User: <domain name>\<user name>
Computer: <computer name>
Description:
Object Open:
         Object Server: Security
         Object Type: Section
         Object Name:
        \BaseNamedObjects\_MsiFeatureCacheCount
         New Handle ID: -
         Operation ID: {0,249010}
         Process ID: 976
         Primary User Name: <removed for posting>
         Primary Domain: <domain name>
         Primary Logon ID: (0x0,0x253EE)
         Client User Name: -
         Client Domain: -
         Client Logon ID: -
         Accesses DELETE
                        READ_CONTROL
                        WRITE_DAC
                        WRITE_OWNER
                        Query section state
                        Map section for write
                        Map section for read
                        
         Privileges -
 
I tried searching through TechNet for information on this
event, but can't find anything specific. Not even a
description of what it's looking for and/or why this is
happening. Is there a technet article, or some other
article, that can explain this type of error to me?
What is it looking for? What did it see? Why am I seeing
these errors?

Other errors include:
Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 01/23/03
Time: 9:03:57 AM
User: <domain name>\<user name>
Computer: <computer name>
Description:
Object Open:
         Object Server: Security
         Object Type: File
         Object Name: C:\WINNT\welcome.exe
         New Handle ID: -
         Operation ID: {0,1189599}
         Process ID: 1172
         Primary User Name: <user name>
         Primary Domain: <domain name>
         Primary Logon ID: (0x0,0x10FBA3)
         Client User Name: -
         Client Domain: -
         Client Logon ID: -
         Accesses SYNCHRONIZE
                        Execute/Traverse
                        
         Privileges -

In this case, the user has READ rights to the file in
question. It looks like the problem identified in article
Q172509 also affects Windows 2000.

Help?!?
Thanks!