Re: Event ID: 560

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 09/20/04 

Date: Mon, 20 Sep 2004 15:22:15 -0500

It is an object access error - not a logon error. Object access failures are not
unusual and I would not be too concerned if everything is working fine and virus
scans report the computer as clean. It refers to the temporary internet files folder
for user lucy.mullen. You might have that user try and delete their temporary
internet files which seems to be the object where the system can not access
apparently with your CA antivirus scanner. --- Steve

"GraXi" <GraXi@discussions.microsoft.com> wrote in message
news:D53D8277-B7DA-478E-A938-EECCAF2A1089@microsoft.com...
> Hello Everyone;
>
> I need some help with this issue and if someone is familiar with it please
> let me know how to fix it...PLEASEEEE!
>
> Ok...this is the Domain Contoller / File server...APPFPSVR a Windows 2003
> Server box.
>
> Everytime ANYONE under the Domain Admins GG group logs into the server the
> security event returns an error:
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Object Access
> Event ID: 560
> Date: 9/20/2004
> Time: 1:34:02 PM
> User: NT AUTHORITY\SYSTEM
> Computer: APPFPSVR
> Description:
> Object Open:
> Object Server: Security
> Object Type: File
> Object Name: H:\Shares\Users\lucy.mullen\Profile\Temporary Internet
> Files\Content.IE5\83C5MFUP\snf2_utilities[1].js
> Handle ID: -
> Operation ID: {0,7217003}
> Process ID: 1404
> Image File Name: C:\Program Files\CA\eTrust Antivirus\InoRT.exe
> Primary User Name: APPFPSVR$
> Primary Domain: PEFCU
> Primary Logon ID: (0x0,0x3E7)
> Client User Name: -
> Client Domain: -
> Client Logon ID: -
> Accesses: READ_CONTROL
> SYNCHRONIZE
> ReadData (or ListDirectory)
> ReadEA
> ReadAttributes
>
> =======================
>
> I cant figure out the problem. If anyone logs into this server ts will
> actually log this into the Security Event Viewer, like the person who just
> logged into the server is trying to access that directory. Has anyone seen
> this error around or knows how to resolve it?
>
> Thanks.
>

Relevant Pages

  • Re: Moved & Deleted Files
    ... share will not go to the recycle bin on the server. ... For Windows 2000 you can enable auditing of object access in the Local ... Security Policy or Domain Controller Security Policy for domain controllers ... and then audit folders for user access. ...
    (microsoft.public.security)
  • Re: Auditing Folders and Files - Audit Policy - Audit Object Access
    ... Make sure on that server that auditing of object access is indeed enabled. ... Open Local Security Policy and look at the "effective" settings if the ...
    (microsoft.public.win2000.group_policy)
  • Re: anonymous logon
    ... I do not normally audit object access, but my understanding is that yes ... unless you see a lot of logon failures, ... > Object Server: Security Account Manager ...
    (microsoft.public.win2000.security)
  • Re: SAM events
    ... When you enable auditing of object access, a lot of system access events are ... > Object Server: Security Account Manager ... > Primary Logon ID: ... > Client User Name: SERVER$ ...
    (microsoft.public.win2000.security)
Quantcast