Event ID 4690 – An Attempt Was Made To Duplicate A Handle To An Object
|Category||Object Access: Handle Manipulation|
|Description||There was an attempt to duplicate the handle to an object.|
Event 4690 is generated when an attempt is made to duplicate the handle to an object. At this time, Windows checks permissions and allows the duplication of a handle and the subsequent handing over of the handle to another thread or process.
This log data provides the following information:
- Security ID
- Account Name
- Account Domain
- Logon ID
- Source Handle ID
- Source Process ID
- Target Handle ID
- Target Process ID
Why does event ID 4690 need to be monitored?
Event 4690 can typically be used to track all the actions and operations related to a specific object handle.
ADAudit Plus provides real-time pre-configured reports and auditing of the changes along with alerts within a Domain & OU. The advanced Group Policy settings real-time audit reports provide detailed information about object related events.
Event 4690 applies to the following operating systems:
- Windows 2008 R2 and 7
- Windows 2012 R2 and 8.1
- Windows 2016 and 10
Corresponding event in Windows 2003 and before: 594