Re: Event log Error codes

From: Steven L Umbach (
Date: 05/26/04

Date: Tue, 25 May 2004 23:41:05 GMT

Try posting them here. 560 is for object access to file/folder for some
reason and 577 means they or a service used a user right for a procedure.
Auditing of object access and privilige use will generate tons of events in
the security log and many will be very hard to make any sense of and many
are generated by the operating system instead of directly by a user. Often
event ID 560 is paired with another envent ID with the same timestamp that
may be helpful in determining what type of access was being done. The
following link may help.--- Steve

"" <> wrote in
message news:1220701c4427f$0ff3c410$a401280a@phx.gbl...
> Lately we've turned on security and in out event log we
> are getting unexplained evnets, error codes 577 and 560.
> Can anyone tell me what these codes mean in English? What
> was the user trying to do ?
> Thanks,
> Anita

Relevant Pages

  • Re: Event ID 560 Problem
    ... >Error 560s usually refer to object access. ... >whenever a user makes a connection to something out on ... >> this repeated event in my security log that I can't ... Whenever someone log off their workstation, ...
  • Re: Help!Am I being hacked?
    ... That is entirely normal to be seen in the security log for access to the local sam by ... NT AUTHORITY\SYSTEM when object access is enabled. ... for the administrator account. ... account can not be locked out to console logon. ...
  • Re: Data access and security permissions
    ... protection" to "low" and see if this continues. ... >Category: Object Access ... Access databases ... security log to fill up ...
  • auditing question - single file object access creates duplicate security log messages
    ... The multiple entries are a pain. ... >I would like to audit file access on my server. ... >get a multitude of messages in the security log every ... >I have enabled auditing of object access in the Local ...
  • Re: Event Viewer Getting Full
    ... auditing of object access must be enabled. ... -- PsLogList to dump lof ... You can increase the size of the security log and by default it ... >> audit for only specific files and avoid using the users and everyone group to ...