Re: Problems with kernel device driver service

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Basically, you're seeing a whole bunch of audit entries that you should care
less about.

Event ID: 560
Source: Security

Explanation
An object was successfully granted a handle and the listed accesses were
granted. This message corresponds to a Security 567 message, which indicates
that an object was accessed, and to a Security 562 message, which indicates
that the handle of the object was successfully closed. Associated messages
have the same Handle ID number.

User Action
No user action is required.

These events are of interest only to a system developer. You or I could
care less.

Although I get this slew of failure events, the program works as normal.

If the program works, I would ignore all of the failures.

Event IDs 560 and 562 appear many times in the security event log
http://support.microsoft.com/kb/841001

I may be all wet here, but I do not believe that these failures are any big
deal.

Read more about Audit object access and Audit: Audit the access of global
system objects...

Audit object access
Default: No auditing.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/519.mspx?mfr=true

Audit: Audit the access of global system objects
Default: Disabled.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/561.mspx?mfr=true

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:OksGv0jfGHA.2208@xxxxxxxxxxxxxxxxxxxx,
Barry <qwerty@xxxxxxxx> hunted and pecked:
Wesley Vogel wrote:
Ask whoever you got NPF from.

This is where my ignorance becomes a problem. Reading the event in my OP,
is NPF the subject of the failed access or it cause? What was trying to
do what?

I would greatly appreciate if you could interpret the event - I couldn't
find an explanation (which I could understand) on the net.

.

Relevant Pages

  • Re: Ability to track who has made changes to file or folder in a folder share?
    ... Editing GPO, go to Computer Configurations, Windows Settings, Security Settings, Local Policies, Audit Policy, "Audit Object Access, define as "Success and Failures" ... Then go to share folder and right click, properties, security tab, Advanced, select auditing, add if you need to edit all, then choose authenticated users, then specify the kind of events you need to audit. ... We would like to be able to track a particular folder and see who had access the folder and what changes that was done to the files in the folder. ...
    (microsoft.public.windows.server.general)
  • Re: Group Policy Audit Object
    ... First you need to enable "Audit object access", for success, ... I am running Win2K3 as a PDC and I want to enable auditing on a folder. ... I enable this in the local computer policy or the default domain policy? ... domain policy setting (Audit Object Access) and do a gpupdate /force, ...
    (microsoft.public.windows.group_policy)
  • Re: permissions
    ... Enabling file auditing is a 2-step process. ... Configure "audit object access" in AD Group Policy or on the server's local GPO. ...
    (microsoft.public.windows.file_system)
  • Re: Policy to Monitor who deletes files
    ... Enabling file auditing is a 2-step process. ... Configure "audit object access" in AD Group Policy or on the server's local GPO. ...
    (microsoft.public.windows.server.general)
  • Re: Server 2003 - track deleted files
    ... Enabling file auditing is a 2-step process. ... Configure "audit object access" in AD Group Policy or on the server's local GPO. ...
    (microsoft.public.windows.server.general)