Is there a way to fix the Windows 2008 Object Access Event ID?

August 23, 2020 by Luca Yagan

 

If you see Windows 2008 Object Access Event ID, this user guide should help. Event ID 4660 is logged when the object is deleted. Auditing must be enabled for removal by this specific user or group in the object's audit policy. Event 4660 can be correlated with Event 4656 because they share the same descriptor ID. Deleting an object raises both this event and event 4663.

 

 

4656 Examples

Win2008 Examples



A handle to an object was requested.

Topic:
SID: WIN-R9H529RIO4Y \ Administrator
Account Name: Administrator
Account domain: WIN-R9H529RIO4Y
Record ID: 0x1fd23
Theme:
Object Server: Security
Object type: File
Object Name: C: \ Users \ Administrator \ Testfolder \ New Text Document.txt
Descriptor ID: 0xb8
Process Information:
Process ID: 0xed0
Process name: C: \ Windows \ System32 \ notepad.exe
Access request information:
Transaction ID: {00000000-0000-0000-0000-000000000000}
Visits: READ_CONTROL
SYNCHRONIZATION
ReadData (or ListDirectory)
ReadEA
Access Mask ReadAttributes: 0x120089
Permissions used to control access: -
Limited SID: 0

A handle to an object was requested.

Theme:
Security ID: ACME \ Administrator
Account Name: Administrator
Account domain: ACME
Record ID: 0x176293
Theme:
Object Server: Security
Object type: key
Object Name: \ REGISTRY \ MACHINE \ SOFTWARE \ MTG
Descriptor ID: 0x124
Process Information:
Process ID: 0x8d4
Process name: C: \ Windows \ regedit.exe
Access request information:
Transaction ID: {00000000-0000-0000-0000-000000000000}
Clicks: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
Get key value
Set the key value
Create subsections
List of subsections
Let me know about key changes
Create link
Access Mask: 0xf003f
Permissions used to control access: -
Limited SID number: 0

Win2012 Example


object access event id windows 2008

A handle to an object was requested.

Topic:
Security ID: LB \ Administrator
Account Name: Administrator
Account domain: LB
Entry ID: 0x3DE02

Topic:
Object Server: Security
Object type: File
Ref: C: \ asdf \ New Text Document.txt
Descriptor ID: 0x178
Resource attributes: S: AI (RA; ID ;;;; WD; ("Project_MS", TS, 0x10020, "Transmogrifier"))

Process ID: 0x113c
Process name: C: \ Windows \ System32 \ notepad.exe



Access Request Information:
Transaction ID: {00000000-0000-0000-0000-000000000000}
Visits: READ_CONTROL
SYNCHRONIZATION
ReadData (or ListDirectory)
WriteData (or AddFile)
AppendData (or AddSubdirectory or CreatePipeInstance)
ReadEA
EmailEA
ReadAttributes
WriteAttributes
Reasons for access:
READ_CONTROL: Provided by the owner
SYNCHRONIZATION: Provided by D: (A; ID; FA ;;; BA)
ReadData (or ListDirectory): provided by D: (A; ID; FA ;;; BA)
WriteData (or AddFile): Provided D: (A; ID; FA ;;; BA)
AppendData (or AddSubdirectory or CreatePipeInstance): provided by D: (A; ID; FA ;;; BA)
ReadEA: D approved: (A; ID; FA ;;; BA)
WriteEA: Approved D: (A; ID; FA ;;; BA)
ReadAttributes: Issued D: (A; ID; FA ;;; BA)
WriteAttributes: Provided by D: (A; ID; FA ;;; BA)
Access Mask: 0x12019F
Permissions used to control access: -
Limited SID: 0


How do I recover deleted files from event viewer?

Open Event Viewer and look in the security log for Event ID 4656 with the Task Category File System or Removable Storage and the string Access: DELETE. Subject: Security ID indicates who deleted the file.


Top 10 Windows security events to watch out for


How do I view the event log in Windows Server 2008?

To access Event Viewer in Windows 7 and Windows Server 2008 R2:
  1. Click Start> Control Panel> System and Security> Administrative Tools.
  2. Double click on Event Viewer.
  3. Select the type of log you want to check (for example, Windows logs).


Free tool for Windows Event Collection



 

 

 

 

 

 

Related posts:

  1. Application Defined Or Object Defined Error Access Vba

    VBA runtime error 1004 can be caused by many factors. In this article, I'll show you a few different situations and how to deal with them. VBA code belongs to non-existent zone This code usually occurs when VBA code refers to a cell or range that does not exist. For example, this is the correct code. The first row returned error 1004 because Excel only contains 16,384 columns and the last column is XFD. In the second case, we don't have the "myRange" range. In this case, the application will also return an error. After creating ...
  2. Windows Event Id Logon

    4624 examples Windows 10 and 2016 The account was successfully registered. Topic: SID: SYSTEM Account Name: DESKTOP-LLHJ389 $ Account domain: WORKGROUP Record ID: 0x3E7 Registration information: Registration type: 7 Limited Admin Mode: - Virtual account: no Increased token: no Identity theft: Identity theft New registration: SID: AzureAD \ RandyFranklinSmith Account name: [email protected] Account domain: AzureAD Record ID: 0xFD5113F Associated Login: 0xFD5112A Network account name: - Network account domain: - Registration GUID: {00000000-0000-0000-0000-000000000000} Process information: Process ID: 0x30c Process name: C: \ Windows \ System32 \ lsass.exe Network Information: Workstation ...
  3. Start Windows Server 2008 In Safe Mode If that doesn't work, try rebuilding the HKLM \ System \ CurrentControlSet \ Control \ safeboot security registry key (located in System-HIV). Please check the timestamp of the system file in% systemroot% \ system32 \ config. See also time stamp these files in% systemroot% \ system32 \ config \ regback. If you use the following method to restore this backup. Changes after the return time stamp may be lost. Note. The following method is not safe and is not recommended. Use at your own risk. Please make a full backup of your computer first. Insert the Windows 7 installation DVD. Reboot ...
  4. Troubleshooting Sql Server 2008 Cluster

    All RDBMS products are good, but my favorite is SQL Server because it's fun to fix. Meaningful error messages can make our lives easier and help us resolve a problem faster. Another reason I love SQL Server is because it makes me money and allows me to have a family life with SQL Server. In this blog, I will share my experience in solving the problem when my client could not switch from SQL Server to another node. If you search the Internet, you will find many probable causes of failover problems. As mentioned, the exact cause can ...
  5. User Error Message Event Class

    Member Function Documentation QMessageBox :: QMessageBox (QMessageBox :: Symbol-Symbol, const QString & Title, const QString & Text, QMessageBox :: StandardButtons-Buttons = NoButton, QWidget * parent = nullptr , Qt :: WindowFlags f = Qt :: Dialog | Qt :: MSWindowsFixedSizeDialogHint) Creates a message box with the specified icons, titles, text, and standard buttons. Standard or custom buttons can be added at any time using addButton (). The parent and f arguments are passed to the QDialog constructor. If the macOS parent is not nullptr and you want your message box to appear as ...
  6. Solve 403 Forbidden Access Denied

    The 403 Forbidden error occurs when the web server denies you access to the page you want to open in your browser. In most cases, there isn't much you can do. But sometimes the problem might be yours. Here are some things you can try. What is Forbidden Error 403? The 403 Forbidden error occurs when the web page (or other resource) that you are trying to open in your web browser is a resource that you do not have permission to access. This is called a 403 error because it is the HTTP status code that ...
  7. Remote Host Said 554 5.7.1 Relay Access Denied

    Server Error: Relay Access Denied 554 5.7.1 in Outlook occurs for two main reasons. The first reason is that your outgoing mail server (SMTP) does not allow you to send emails without user authentication, and the other is that your email address is flagged as a spam source in the spam lists. This guide provides instructions for resolving the following error after sending an email: “Your message did not reach some or all of the intended recipients. The following recipients could not be reached. Error number: 554 5.7.1 Relay access denied " How to fix "Mail denied access ...
  8. 0x80070005 Access Code Denied Error

    These types of error messages should not be ignored and action should be taken immediately to resolve this Windows 10 error code 0x80070005. It is clear from the above that this Windows error can cause a severe Windows crisis for the user. So let's quickly find out in this article how to fix this "Access Denied 0x80070005" error code. How do users encounter Microsoft error code 0x80070005 on Windows? How to fix Windows update error code 0x80070005? To fix this fatal error code 0x80070005 on Windows, follow these steps and fix the problem easily: First ...
  9. Access Task Manager Via Control Panel

    Task Manager is a useful application created by Microsoft to help users of the operating system. It contains and tracks information about the processes, applications and services running on your computer, as well as information about I / O devices, registered users, etc. Microsoft understands the importance of Task Manager, so Windows 10 users can open this app in several ways. You may be familiar with the keyboard shortcuts used to open it, but sometimes it can be helpful to learn another method or two. When your keyboard stops working, you won't be able to use keyboard shortcuts, ...
  10. Autocad Error Aborting Fatal Error Unhandled Access Violation

    As the name suggests, a fatal flaw in AutoCAD means that you cannot access the full list of features offered by this software. This error can be caused by various problems. Some of the most common triggers are incorrect LAN settings, missing Windows and AutoCAD updates, corrupted AutoCAD files, third-party software conflicts, etc. In today's article, we're going to explore the best troubleshooting techniques to fix this problem once and for all. Read on to find out how to do this. How do I fix a fatal error in AutoCAD? 1. Make sure your graphics ...