UltimateWindowsSecurity.com Forum / Ultimate Windows Security Forum / Security Log / 565 - Object Open (Active Directory)

Security Audit displays "Success" when it should be "Failure"

LynneBarton — Thu, 11 Feb 2010 18:11:50 GMT

I created an encrypted file as an Administrator and then as another user later I logged on and tried to open the file. I got an "Access Denied" error but to my surprise the security log for #565 showed the type "Success Audit." I don't know why I had a positive entry.

More specifically, I had the Administrator log onto a Virtual Server (Windows 2003) and left it open. Then I logged on as another test user using remote desktop. I could not see the security log as that user since I did not have permissions. (I looked into that but couldn't seem to find the settings that would give the test user a way to see the security log. How do I do that?)

Anyway, I looked later in the Administrator's Virtual PC and I saw the security log indicate a successful logon. What is going on? Why is it wrong about a failure?

Thanks!

Event 565 repeating in excessoff 100's per second

ejkevin — Wed, 22 Jul 2009 04:42:07 GMT

The following in our Event Log is repeating hundred times a second on our server;

Event Type: Success Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565

This has only happened since using HP 6730s. All our other machines work correctly? and don't authenticate this many times?

any solutions or is this a common problem?

Need for logging Event ID 565?

jwalzer — Tue, 09 Jun 2009 09:45:23 GMT

I am currently using GFI EventsManager as our SIM and I was wondering what the need is to log Event ID 565 - should I log only failures, or is there a need to log success as well? The reason I ask is that this Event ID is the overwhelming leader in number of events logged (within four days already over 1.6 million events logged)

Thanks,
Jeff