Event 560, 562 When No Objects Have Been Selected for Auditing (149401)
The information in this article applies to:
- Microsoft Windows NT Workstation 3.5
- Microsoft Windows NT Workstation 3.51
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Server 3.5
- Microsoft Windows NT Server 3.51
- Microsoft Windows NT Server 4.0
This article was previously published under Q149401 SYMPTOMS
If you choose Audit on the Policies menu and enable the Auditing File and
Objects Access option in User Manager for Domains without specifying any
objects to be audited, event 560 and event 562 will be logged in the
security log file. Any action performed by the Administrator account in
User Manager for Domains (or Server Manager) will be logged as an event
560 for the Administrator account and as an event 562 for the System
account.
CAUSE
By default, the Auditing File and Objects Access option audits all action
performed in User Manager for Domains (and in Server Manager).
RESOLUTION
This is by design. Security Account Manager (SAM), by default, assigns
security access control lists (SACLs) to all objects it creates, and
managing them with User Manager causes an object access audit to occur.
| Modification Type: | Major | Last Reviewed: | 5/7/2003 |
|---|
| Keywords: | kbnetwork KB149401 |
|---|
|