Event ID 561 – Handle Allocated
Event ID | 561 |
Category | Object Access |
Type | Success Audit |
Description | A handle has been allocated. |
Event ID 561 is logged when a handle to an object has been allocated and opened. This event is generated only when the handle that caused the generation of an audit is opened.
This log data provides the following information:
- Handle ID
- Operation ID
- Process ID
Why does event ID 561 need to be monitored?
- To track the allocation of handles to different users
- To prevent privilege abuse
- To detect abnormal and potentially malicious activity
- To ensure compliance with regulatory mandates
Pro Tip:
ADAudit Plus provides real-time pre-configured reports and auditing of the changes along with alerts within a Domain & OU. The advanced Group Policy settings real-time audit reports provide detailed information about object related events.
Event 561 applies to the operating system Windows Server 2000.
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools