Event ID 4661 – A Handle To An Object Was Requested
Event ID | 4661 |
Category | Object Access: Directory Service Access, SAM |
Type | Success Audit; Failure Audit |
Description | A handle to an object was requested. |
If a handle has been requested for either a Security Account Manager (SAM) object or an Active Directory object, then event 4661 is logged. A failure event is generated if the access is denied. On the other hand, this event is generated for Success status only if auditing is enabled to do so in the Audit Handle Manipulation subcategory.
This log data provides the following information:
- Security ID
- Account Name
- Account Domain
- Logon ID
- Object Server
- Object Type
- Object Name
- Handle ID
- Process ID
- Process Name
- Transaction ID
- Accesses
- Access Mask
- Privileges Used for Access Check
Why does event ID 4661 need to be monitored?
- To monitor if an operation was performed on an object
- To prevent privilege abuse
- To detect abnormal and potentially malicious activity
- To ensure compliance with regulatory mandates
Pro Tip:
ADAudit Plus provides real-time pre-configured reports and auditing of the changes along with alerts within a Domain & OU. The advanced Group Policy settings real-time audit reports provide detailed information about object related events.
Event 4661 applies to the following operating systems:
- Windows 2008 R2 and 7
- Windows 2012 R2 and 8.1
- Windows 2016 and 10
Corresponding event in Windows 2003 and before: 565
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools