Windows Security Log Event ID 566
Operating Systems |
Windows 2003 and XP
|
Category | Directory Service |
Type
|
Success
Failure
|
Corresponding events
in Windows
2008 and Vista |
4662
,
5136
,
5137
|
566: Object Operation (W3 Active Directory)
On this page
Whereas event 565 logs the permissions requested by user/program, event 566 logs the permissions actually exercised by the user/program after opening it. While an object may accessed several times during the same open, Windows only logs event 566 the first time a given permission is actually exercised. This event is similar to 567 but is limited to Active Directory object accesses.
This event is part of operation based auditing which is new to W3.
You will only see event 566 on domain controllers.
Free Security Log Resources by Randy
- Object Server:
- Object Type:
- Object Name:
- Handle ID:
- Primary User Name:
- Primary Domain:
- Primary Logon ID:
- Client User Name:
- Client Domain:
- Client Logon ID:
- Accesses
- Additional Info:
- Additional Info2:
- Access Mask:
Setup PowerShell Audit Log Forwarding in 4 Minutes
Object Operation:
Object Server:DS
Operation Type:Object Access
Object Type:user
Object Name:CN=test,DC=elm,DC=local
Handle ID:-
Primary User Name:W3DC$
Primary Domain:ELM
Primary Logon ID:(0x0,0x3E7)
Client User Name:administrator
Client Domain:ELM
Client Logon ID:(0x0,0x158EB7)
Accesses:Write Property
Properties:
Write Property
Public Information
sn
user
Additional Info:
Additional Info2:
Access Mask:0x20
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection