Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Type: Success Audit|
Handle Closed: Object Server: %1 Handle ID: %2 Process ID: %3
|English: Request a translation of the event description in plain English.|
As per Microsoft: "The handle to the accessed object was successfully closed". See MSW2KDB for additional information about this event.
This problem may occur if you turn on auditing for the Object Access category and the Directory Service Access category and the default System Access Control List (ACL) is configured on the affected objects. See ME836419 for details.
This event will occur when you try to audit the success or failure access of the Enumerate Subkeys on the "HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName" registry key. See ME810088 for a hotfix applicable to Microsoft Windows 2000.
This event also occurs each time ISA Server writes to the access control policy. See ME827818 for details.
When a user closes the policy storage container after changing a policy this event is logged. See ME837454 for additional information.
As per Microsoft: "These events appear if you have not configured the security access control list (SACL) on the object that you are auditing. The events also appear if you have configured the SACL, but not for all the listed accesses. For example, these events are logged when a user or a program reads a registry subkey, and you have not selected the Read Control or the Query Value check box in the auditing entry for that registry subkey". See ME841001 for more details.
Event generated when auditing is turned on for object access: "Handle Closed". See ME120600 and ME174074 for more details.
|Private comment: Subscribers only. See example of private comment|
|Links: ME120600, ME174074, ME810088, ME827818, ME836419, ME837454, ME841001, Online Analysis of Security Event Log, MSW2KDB|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (1) - More links...|
Send comments or solutions
- Notify me when updated