|
|
|
Forum Newbie
Group: Forum Members
Last Login: 3/18/2010 12:31:13 PM
Posts: 3,
Visits: 2
|
|
| Good evening, i'm trying to correlate more events with ID 560, 567 and 562 using the "Handle ID" but i found that the value assigned to "Handle ID" is not unique because is unique until reboot of the server/machine. So, after a reboot of the server/machine i can see in event viewer an operation with the same "Handle ID" used before the reboot so i can't define into a database that an operation with a particular "Handle ID" is referred to a particular Username (because the same "Handle ID" can be used for operations of another user after the reboot). In witch way the operating system determine the "Handle ID"? I noticed that is a numeric code: after witch value it restart to count from 0? Thanks for help! Alessandro Rimoldi (Milan, Italy)
|
|
|
|
|
Expert
Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 324,
Visits: 0
|
|
| You are correct, it's only unique between reboots.
|
|
|
|
|
Forum Newbie
Group: Forum Members
Last Login: 3/18/2010 12:31:13 PM
Posts: 3,
Visits: 2
|
|
| Thanx for your help! Alessandro Rimoldi (KBE Srl - Milano, Italia)
|
|
|
|
|
Expert
Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 324,
Visits: 0
|
|
|
|
|