Meaning of This Failure Audit EventID 560
- From: "Will" <westes-usc@xxxxxxxxxxxxxx>
- Date: Fri, 16 Mar 2007 23:23:12 -0700
Can someone explain to me the meaning of a security audit failure on EventID
560 for the object cited below? The SID (modified) below is for a domain
account that is in the Administrators group of the computer on which the
security audit appears. The console login is for that domain account.
The domain account has Full Control access on the registry key cited below.
It's not clear to me if the failure is for the computer object in the
domain, or if it is for the domain user.
Object Open:
Object Server: Security
Object Type: Key
Object Name: \REGISTRY\USER\S-1-5-21-782619286-9999999999-999999999-9918
Handle ID: -
Operation ID: {0,367218}
Process ID: 1284
Image File Name: C:\WINDOWS\system32\svchost.exe
Primary User Name: MYCOMPUTER$
Primary Domain: MY-DOMAIN
Primary Logon ID: (0x0,0x3E7)
Client User Name: my-admin-userid
Client Domain: MY-DOMAIN
Client Logon ID: (0x0,0x19E68)
Accesses: MAX_ALLOWED
Privileges: -
Restricted Sid Count: 0
Access Mask: 0x2000000
--
Will
.
- Prev by Date: Re: Slow Certificate Access
- Next by Date: Re: Silencing Security Audits of Memory Mapped Files?
- Previous by thread: Slow Certificate Access
- Next by thread: Security Options
- Index(es):
Relevant Pages
|
