Event Details
User Activity->Object Access->Registry Object Access->Windows 2000-2003->EventID 560 - Object Open [Win 2003] - Failed
EventID 560 - Object Open [Win 2003] - Failed
 Sample: 
Event Type:     SuccessAudit
Event Source:   Security
Event Category: Object Access
Event ID:       560
Date:           10/26/2009 12:00:00 AM
Time:           07:41:23
User:           NT AUTHORITY\SYSTEM
Computer:       DC1
Description:    
Object Open:

	Object Server:	Security

	Object Type:	File

	Object Name:	C:\WINDOWS\Tasks\At1.job

	Handle ID:	2428

	Operation ID:	{0,6451050}

	Process ID:	880

	Image File Name:	C:\WINDOWS\system32\svchost.exe

	Primary User Name:	DC1$

	Primary Domain:	RESEARCH

	Primary Logon ID:	(0x0,0x3E7)

	Client User Name:	-

	Client Domain:	-

	Client Logon ID:	-

	Accesses:	READ_CONTROL
			SYNCHRONIZE
			WriteData (or AddFile)
			AppendData (or AddSubdirectory or CreatePipeInstance)
			WriteEA
			ReadAttributes
			WriteAttributes
			

	Privileges:	-

	Restricted Sid Count:	0

	Access Mask:	0x120196
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Security
Filtering Field Equals to Value
OSVersion Windows 2003
Category Object Access
Source Security
EventId 560
Type Failure Audit
InsertionString2 Key
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime 12/14/2009 6:59:09 AM
Who Account or user name under which the activity occured. Client User Name -
What The type of activity occurred (e.g. Logon, Password Changed, etc.) "Registry Object Access" Registry Object Access
Where The name of the workstation/server where the activity was logged. Computer DC1
Where From The name of the workstation/server where the activity was initiated from. - 10.10.10.10
Severity Specify the seriousness of the event. "High" High
WhoDomain Client Domain -
WhereDomain -
Result Successful or Failed "Failed" Failed
Object Name Object Name C:\WINDOWS\Tasks\At1.job
Object Type Object Type File
Whom -
Comments
You must be logged in to comment