Event Details
Operating System->Microsoft Windows->Built-in logs->Windows 2000-2003->Security Log->Object Access->EventID 560 - Object Open [Win 2000]
EventID 560 - Object Open [Win 2000]
Indicates that an attempt was made to access a Windows object (file, folder, registry key, printer or service). Success or failure is indicated in the message. If access was successful, the listed accesses were requested and granted. If access failed, the listed accesses were requested but not granted.

This message corresponds to a Security 567 message, which indicates that an object was accessed, and to a Security 562 message , which indicates that the handle of the object was successfully closed. Associated messages have the same Handle ID number.
EventID 560 tracks access only to Windows objects such as files, folders, registry keys, printers and services. If you need to track access to Active Directory objects such as users, groups, organizational units, group policy objects, domains, sites, etc, look for EventID 565 and 566 in the Directory Service Access category.

Find more information about this event on ultimatewindowssecurity.com.

Corresponding events on other OS versions:

Windows XP Windows 2003 Windows 2008

Related events:

Look for the following events with the same Handle ID:
        Event Type:	Success Audit
        Event Source:	Security
        Event Category:	Object Access
        Event ID:	560
        Date:		4/17/2009
        Time:		9:21:27 AM
        Computer:	DCCC1
        Object Open:
        Object Server:	Security Account Manager
        Object Type:	SAM_SERVER
        Object Name:	SAM
        New Handle ID:	856224
        Operation ID:	{0,532713543}
        Process ID:	280
        Primary User Name:	DCCC1$
        Primary Domain:	LOGISTICS
        Primary Logon ID:	(0x0,0x3E7)
        Client User Name:	DCCC1$
        Client Domain:	LOGISTICS
        Client Logon ID:	(0x0,0x3E7)
        Accesses:	DELETE 
        Privileges:	-
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Security
Filtering Field Equals to Value
OSVersion Windows 2000
Category Object Access
Source Security
EventId 560
Field Matching
FieldDescriptionStored inSample Value
DateTime Date/Time of event origination in GMT format. DateTime 10.10.2000 19:00:00
Source Name of an Application or System Service originating the event. Source Security
Type Warning, Information, Error, Success, Failure, etc. Type Success
User Domain\Account name of user/service/computer initiating event. User RESEARCH\Alebovsky
Computer Name of server workstation where event was logged. Computer DC1
EventID Numerical ID of event. Unique within one Event Source. EventId 576
Description The entire unparsed event message. Description Special privileges assigned to new logon.
Log Name The name of the event log (e.g. Application, Security, System, etc.) LogName Security
Category A name for a subclass of events within the same Event Source. Category Logon/Logoff
Process ID ID of the process (program) making the access request InsertionString7 380
Object Server The name of the service handling the access request InsertionString1 Security Account Manager
Object Type The type of object accessed (file, folder, registry key, printer, service) InsertionString2 SAM_SERVER
Object Name Name of the object (e.g. for the file accessed - full system path) InsertionString3 SAM
New Handle ID ID of the object handle granted to the process accessing it InsertionString4 856224
Operation ID ID of the operation performed on the object Expression {0,532713543}
Primary User Name For local access identifies the user accessing the object, for remote access identifies the server program used to open the object InsertionString8 DCCC1$
Primary Domain Domain of the Primary User Name InsertionString9 LOGISTICS
Primary Logon ID ID of the logon session of the Primary User Name account InsertionString10 (0x0,0x3E7)
Client User Name For local access this field is empty, for remote access identifies the user accessing the object. InsertionString11 DCCC1$
Client Domain Domain of the Client User Name InsertionString12 LOGISTICS
Client Logon ID ID of the logon session of the Client User Name account InsertionString13 (0x0,0x3E7)
Accesses Identifies the permissions requested by user/program to the object. InsertionString14 DELETE
Privileges The list of privileges held by user during object access InsertionString15 -
You must be logged in to comment