deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-13 17:43:21 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/keep-secure/audit-handle-manipulation.md
Brian Lich e9d723e3c5 adding ms.pagetype back
2016-05-10 12:12:23 -07:00

1.9 KiB
Raw Blame History

title, description, ms.assetid, ms.pagetype, ms.prod, ms.mktglfcycl, ms.sitesec, author
title description ms.assetid ms.pagetype ms.prod ms.mktglfcycl ms.sitesec author
Audit Handle Manipulation (Windows 10) This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Handle Manipulation, which determines whether the operating system generates audit events when a handle to an object is opened or closed. 1fbb004a-ccdc-4c80-b3da-a4aa7a9f4091 security W10 deploy library brianlic-msft

Audit Handle Manipulation

Applies to

  • Windows 10 This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Handle Manipulation, which determines whether the operating system generates audit events when a handle to an object is opened or closed. Only objects with configured system access control lists (SACLs) generate these events, and only if the attempted handle operation matches the SACL. Important   Handle Manipulation events are generated only for object types where the corresponding File System or Registry Object Access subcategory is enabled. For more information, see Audit File System or Audit Registry.   Event volume: High, depending on how SACLs are configured Default: Not configured
Event ID Event message

4656

A handle to an object was requested.

4658

The handle to an object was closed.

4690

An attempt was made to duplicate a handle to an object.
  ## Related topics [Advanced security audit policy settings](advanced-security-audit-policy-settings.md)